Lightemerald/TP_PowerShell_AD_DNS_DHCP_EntrepriseXYZ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TP1

Browse Source
This commit is contained in:
Lightemerald
2025-10-23 13:14:58 +02:00
parent 051c765c76
commit 79d8cc6116
9 changed files with 184 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
scripts/ad_admin.ps1 Normal file
View File

@@ -0,0 +1,56 @@
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Error "Exécutez ce script en tant qu'administrateur."
exit 1
}
function Get-RandomPassword {
Add-Type -AssemblyName System.Web
return ([System.Web.Security.Membership]::GeneratePassword(18, 6))
}
Import-Module ActiveDirectory -ErrorAction Stop
# OU Creation
$ou = @("Direction", "RH", "Informatique")
foreach ($unit in $ou) {
if (-not (Get-ADOrganizationalUnit -Filter "Name -eq '$unit'" -ErrorAction SilentlyContinue)) {
New-ADOrganizationalUnit -Name $unit -Path "DC=entreprisexyz,DC=local" -ProtectedFromAccidentalDeletion $true
}
}
# Group Creation
$groups = @("GRP_Direction", "GRP_RH", "GRP_Informatique")
foreach ($group in $groups) {
if (-not (Get-ADGroup -Filter "Name -eq '$group'" -ErrorAction SilentlyContinue)) {
New-ADGroup -Name $group -Path "OU=$($group.Split('_')[1]),DC=entreprisexyz,DC=local" -GroupScope Global -GroupCategory Security
}
}
# User Creation
New-ADUser -Name "Patrick Laddict" -Description "Dicrection" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
New-ADUser -Name "Karen Ceplein" -Description "Directrice RH" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
New-ADUser -Name "John Informatique" -Description "Administrateur reseau" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
# Adding Users to Groups
Add-ADGroupMember -Identity "GRP_Direction" -Members "Patrick Laddict"
Add-ADGroupMember -Identity "GRP_RH" -Members "Karen Ceplein"
Add-ADGroupMember -Identity "GRP_Informatique" -Members "John Informatique"
# Shares and Permissions
$shares = @(
@{ Name = "Direction"; Group = "GRP_Direction" },
@{ Name = "RH"; Group = "GRP_RH" },
@{ Name = "Informatique"; Group = "GRP_Informatique" }
)
$shareRoot = 'C:\Shares'
foreach ($share in $shares) {
$sharePath = Join-Path -Path $shareRoot -ChildPath $share.Name
New-Item -Path $sharePath -ItemType Directory -Force | Out-Null
New-SmbShare -Name $share.Name -Path $sharePath -FullAccess "$($share.Group)" -ChangeAccess "Administrators" -ErrorAction Stop
$acl = Get-Acl -Path $sharePath
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$($share.Group)", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.SetAccessRule($accessRule)
Set-Acl -Path $sharePath -AclObject $acl
}