Powershell Swith with two parameters

spiceuser-oqf36 · 2021-04-06T08:12:04.000Z

1661 / 5000

Résultats de traduction

Hello everybody, I need to create a list of choices in powershell to create a new user in my domain. So I use a switch with the $ Department and $ Division parameters. switch ($ department, $ division) { 1 {New-ADUser -Name $ user -FirstName $ firstname -GivenName $ lastname -SamAccountName $ login -UserPrincipalName $login@acme.fr -Title $ function -Department “Direction” -emailAddress $ email -OfficePhone $ TelephoneBureau -MobilePhone $ telephonePortable -AccountPassword (Read-Host -AsSecureString “Enter password”) -PasswordNeverExpires $ true -CannotChangePassword $ true -Enabled $ true} 11 {New-ADUser -Name $ user -FirstName $ firstname -GivenName $ lastname -SamAccountName $ login -UserPrincipalName $login@acme.fr -Title $ function -Division “Home” -emailAddress $ email -OfficePhone $ TelephoneBureau -MobilePhone $ telephonePortable -AccountPassword (Read-Host -AsSecureString “Enter password”) -PasswordNeverExpires $ true -CannotChangePassword $ true -Enabled $ true} 12 {New-ADUser -Name $ user -FirstName $ firstname -GivenName $ lastname -SamAccountName $ login -UserPrincipalName $login@acme.fr -Title $ function -Division “Direction” -emailAddress $ email -OfficePhone $ TelephoneBureau -MobilePhone $ telephonePortable -AccountPassword (Read-Host -AsSecureString “Enter password”) -PasswordNeverExpires $ true -CannotChangePassword $ true -Enabled $ true}, etc … My main problem is that I am not recovering the data directly. This creates me folders with the number and not the name of my variable. Also I am not sure of my code. Could you give me some food for thought. Thank you.

DoctorDNS · 2021-04-06T09:05:43.000Z

Hi and thanks for the query. I see that the curse of SW’s editor had befallen your code. That makes it pretty hard to review and give you an answer.

Can I ask you to either edit or remove/add the post to use the </> tool in the editor tool bar. If folks can ready the script easily, you tend to get a better answer.

spiceuser-oqf36 · 2021-04-06T10:05:32.000Z

Hello everybody,

I need to create a list of choices in powershell to create a new user in my domain.

So I use a switch with the $ Department and $ Division parameters. Here is the beginning of my switch :

switch ($ department, $ division)

{

1 {New-ADUser -Name $ user -FirstName $ firstname -GivenName $ lastname -SamAccountName $ login -UserPrincipalName $login@acme.fr -Title $ function -Department “Direction” -emailAddress $ email -OfficePhone $ TelephoneBureau -MobilePhone $ telephonePortable -AccountPassword (Read-Host -AsSecureString “Enter password”) -PasswordNeverExpires $ true -CannotChangePassword $ true -Enabled $ true}

11 {New-ADUser -Name $ user -FirstName $ firstname -GivenName $ lastname -SamAccountName $ login -UserPrincipalName $login@acme.fr -Title $ function -Division “Home” -emailAddress $ email -OfficePhone $ TelephoneBureau -MobilePhone $ telephonePortable -AccountPassword (Read-Host -AsSecureString “Enter password”) -PasswordNeverExpires $ true -CannotChangePassword $ true -Enabled $ true}

12 {New-ADUser -Name $ user -FirstName $ firstname -GivenName $ lastname -SamAccountName $ login -UserPrincipalName $login@acme.fr -Title $ function -Division “Direction” -emailAddress $ email -OfficePhone $ TelephoneBureau -MobilePhone $ telephonePortable -AccountPassword (Read-Host -AsSecureString “Enter password”) -PasswordNeverExpires $ true -CannotChangePassword $ true -Enabled $ true}, etc …

}

My main problem is that I am not recovering the result of this switch directly. This creates me folders with the number and not the name of my variable.

Also I am not sure of my code. Could you give me some food for thought. Thank you.

gary-m-g · 2021-04-06T11:13:10.000Z

For some reason, almost all the variables pasted as “$ Variable” whereas they need to be “$Variable” without the space.

See this link for options on handling multiple options with a Switch:

https://stackoverflow.com/questions/20625267/is-there-a-way-to-target-multiple-conditions-with-a-single-switch-match-in-power

Random thoughts:
Password Never Expires and User Can’t change password are terrible options. Why would you force those nightmares?

spiceuser-oqf36 · 2021-04-06T12:50:35.000Z

I’ll change this options.
It’s just a Lab.

I will check as soon than I can. Thanks for your answer.

mike9019 · 2021-04-06T12:58:38.000Z

My main problem is that I am not recovering the result of this switch directly. This creates me folders with the number and not the name of my variable.

I’m not exactly sure what you mean by ‘This creates me folders…’ - there is no code shown that would create a directory (i.e. New-Item)

Looking at your switch() statement you have a $department and $division variable and your test cases are numbers (1, 11, 12) which tells me $department and/or $division is expected to be a numerical value - either an int or a string.

So if you’re using $department or $division as variables for a folder creation code block then it would make sense that these folder names are numbers.

Example;

$department = '1'
$division = 12
switch ($department, $division) {

    1 {
        Write-Output "division or department is 1" 
    }

    11 { 
        Write-Output "division or department is 11"
    }

    12 {
        Write-Output "division or department is 12"
    }

}

Write-Output "Creating folder C:\temp\$division and C:\temp\$department"

Result…

division or department is 1
division or department is 12
Creating folder C:\temp\12 and C:\temp\1

In case you’re also not aware, the way in which your switch statement is written, both variables will be evaluated separately. As shown in my example above you see that I set $department and $division to two different values. The switch statement first evaluated $department and ran the code block that matched ‘1’. It then evaluated $division and ran the code block that matched ‘12’.

jimlong3 · 2021-04-07T11:08:39.000Z

Gary M G:

Random thoughts:

Password Never Expires and User Can’t change password are terrible options. Why would you force those nightmares?

So you can force (assumably good) passwords and changes on your Users. Plus prevent them from using poor passwords.

Terrible options, yes. But the alternative can be devastating.

jimlong3 · 2021-04-07T11:41:59.000Z

I didn’t know PowerShell allowed 2 tests at once.

This may be useful to you:

ATA Learning – 25 Mar 20

PowerShell Switch Statement: A Comprehensive Guide

Master the versatile PowerShell switch statement and its various use cases. Enhance your scripting skills and optimize your IT workflow.

or this:

learn.microsoft.com

Everything you ever wanted to know about the switch statement - PowerShell

The switch statement in PowerShell offers features that aren't found in other languages.

I would break out the sections for each into separate Switches, but I don’t know the rest of your script logic & how to fit that in.

I’m not sure how helpful this could be, but I take in the Department variable (in my onboarding script) thus:

## - Department
If ($Department){$Department = "*$Department*"}Else{$Department="*"}
Do {$Department = (Get-ADUser -Filter {(Enabled -ne $False) -and (Department -like $Department)} -Properties Department | Where-Object {$_.Name -NotMatch $Exclusions}).Department |
 Sort -Unique | Out-GridView -PassThru -Title "$ScriptName`: Choose Appropriate Department..."}
Until ($Department)

$Department is an optional command-line parameter, and $ScriptName is just the name of the .PS1 script thus:

$ScriptName = $(([io.fileinfo]$MyInvocation.MyCommand.Definition).BaseName)

…and $Exclusions is a RegEx with the names of the accounts I don’t want to see.

As to that Out-Gridview above, I hate it. It’s ugly and awkward and probably wouldn’t have been accepted in Windows 3, nevermind the latest hot set-up. So with kind, gracious help from some awesome people here on SpiceWorks, I made up a routine to avoid Out-Gridview:

##						Check to make sure an existing User Name was entered
Do{
	If (!($User)){
		Do{
			$User = (Read-Host "$ScriptName`: Enter EXISTING User Name to change password")
		} Until ($User)
	}  # End If NULL User parameter
	Try{
		[Array]$User = Get-ADUser -Filter {(Name -Like $User) -or (SAMAccountName -like $User) -or (GivenName -like $User) -or (Surname -like $User)}
	}
	Catch{}
	}  # End, if no $User given
##						If there are multiple matches, let the script user pick
	If ($User.Count -gt 1){
		$User | Sort Name |
		 FT @{Label="`#";Expression={$User.IndexOf($_)+1}}, @{Label="Name";Expression={$_.Name}}
##  Get the User's choice
		Do{[Int]$Choice = Read-Host "$ScriptName`: Choose which User to change password"} Until ($Choice -gt 0 -And $Choice -le $User.Count)
##  Do something with it
		$User = $User[$Choice-1]
	}  # End if there were multiple results.  If single, $User already holds it.
} Until ($User.Name)

HTH…

gary-m-g · 2021-04-07T12:18:07.000Z

Jim6795:

Gary M G:

Random thoughts:

Password Never Expires and User Can’t change password are terrible options. Why would you force those nightmares?

So you can force (assumably good) passwords and changes on your Users. Plus prevent them from using poor passwords.

Terrible options, yes. But the alternative can be devastating.

I disagree. If you assign my password, you know my password.
Now, you have no accountability or non-repudiation for anything I do on the network.
You can’t hold me responsible because I’m not the only one with the password for this user.

The cure, in this case, is worse than the illness.
The proper solution is to enforce strong passwords using complexity requirements in the domain GPO.

In the environments I help manage, I coordinate with our Splunk admin; we have an algorithm which can determine who typed their password into the username field.
We consider it a compromised password.
When this occurs, the Splunk team drops a file containing the SamAccountNames into a folder.
I have a scheduled task which runs every 15 minutes 24/7. When it sees a file in this location, it ingests the data, and flips the bit for “User must change password at next login”, then emails them to notify them of the fact their password was found in plain text in the event logs.

No one should know another user’s password.

spiceuser-oqf36 · 2021-04-07T19:20:28.000Z

Hello,

I thank you all for your advices. I found a solution for the switches for the creation of the AdUser. I put the result in variables and use them with New-Aduser parameters. It works very fine.

Beside, the user’s shared file is no longer shared with the user and I don’t know how to ensure its security in Powershell. Here is my code. Can I have a guidance ?

New-Item -Path E:\PARTAGE$departement$description -Name $user -ItemType Directory

New-SmbShare –Name $user –Path E:\PARTAGE$departement$description$user -FullAccess “$login”, “acme\administrateurs”