56 lines
2.7 KiB
PowerShell
56 lines
2.7 KiB
PowerShell
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
|
Write-Error "Exécutez ce script en tant qu'administrateur."
|
|
exit 1
|
|
}
|
|
|
|
function Get-RandomPassword {
|
|
Add-Type -AssemblyName System.Web
|
|
return ([System.Web.Security.Membership]::GeneratePassword(18, 6))
|
|
}
|
|
|
|
Import-Module ActiveDirectory -ErrorAction Stop
|
|
|
|
# OU Creation
|
|
$ou = @("Direction", "RH", "Informatique")
|
|
foreach ($unit in $ou) {
|
|
if (-not (Get-ADOrganizationalUnit -Filter "Name -eq '$unit'" -ErrorAction SilentlyContinue)) {
|
|
New-ADOrganizationalUnit -Name $unit -Path "DC=entreprisexyz,DC=local" -ProtectedFromAccidentalDeletion $true
|
|
}
|
|
}
|
|
|
|
# Group Creation
|
|
$groups = @("GRP_Direction", "GRP_RH", "GRP_Informatique")
|
|
foreach ($group in $groups) {
|
|
if (-not (Get-ADGroup -Filter "Name -eq '$group'" -ErrorAction SilentlyContinue)) {
|
|
New-ADGroup -Name $group -Path "OU=$($group.Split('_')[1]),DC=entreprisexyz,DC=local" -GroupScope Global -GroupCategory Security
|
|
}
|
|
}
|
|
|
|
# User Creation
|
|
New-ADUser -Name "Patrick Laddict" -Description "Dicrection" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
|
New-ADUser -Name "Karen Ceplein" -Description "Directrice RH" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
|
New-ADUser -Name "John Informatique" -Description "Administrateur reseau" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
|
|
|
# Adding Users to Groups
|
|
Add-ADGroupMember -Identity "GRP_Direction" -Members "Patrick Laddict"
|
|
Add-ADGroupMember -Identity "GRP_RH" -Members "Karen Ceplein"
|
|
Add-ADGroupMember -Identity "GRP_Informatique" -Members "John Informatique"
|
|
|
|
# Shares and Permissions
|
|
$shares = @(
|
|
@{ Name = "Direction"; Group = "GRP_Direction" },
|
|
@{ Name = "RH"; Group = "GRP_RH" },
|
|
@{ Name = "Informatique"; Group = "GRP_Informatique" }
|
|
)
|
|
$shareRoot = 'C:\Shares'
|
|
|
|
foreach ($share in $shares) {
|
|
$sharePath = Join-Path -Path $shareRoot -ChildPath $share.Name
|
|
New-Item -Path $sharePath -ItemType Directory -Force | Out-Null
|
|
New-SmbShare -Name $share.Name -Path $sharePath -FullAccess "$($share.Group)" -ChangeAccess "Administrators" -ErrorAction Stop
|
|
|
|
$acl = Get-Acl -Path $sharePath
|
|
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$($share.Group)", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
|
|
$acl.SetAccessRule($accessRule)
|
|
Set-Acl -Path $sharePath -AclObject $acl
|
|
} |