SharePoint结合PowerShell建立入离职自动化（二）

接上一篇，有了SharePoint的列表作为数据输入，那么我们就可以愉快的通过PowerShell脚本创建账号了

首先定义一个具有AD、Ex、Lync管理权限的账户，这里不需要开通SharePoint是因为SharePoint的开通是自动的，其他的功能开通可以根据需要增加

#定义管理凭据
$pwd = "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000035bf6730bcdda4eb12ed62660d5faed0000000002000000000003660000c00000001000000028a14cc2c4a1826645f8316995dd04640000000004800000a00000001000000001d6528ebc1b49550a6d0f6c6706165b1800000020f1a80859c6b78f45f3ee3dec23b0435442ecbac0d4cf6214000000e45f1f2cbbc7226ed77293a720f4ceb2e1246745"
$Password = ConvertTo-SecureString -String $pwd
$Credential = New-Object System.Management.Automation.PSCredential("domain\User",$Password)
#导入AD\SharePoint的管理单元和模块
Import-Module ActiveDirectory
Add-PSSnapin Microsoft.SharePoint.PowerShell
#建立Ex\Lync隐式会话
$ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://e2k13-fe01.domain.cn/PowerShell/ -Credential $Credential -Authentication Kerberos
Import-PSSession $ExSession
$LyncSession = New-PSSession -ConnectionUri https://Lync13-fe.domain.cn/OcsPowerShell -Credential $Credential
Import-PSSession $LyncSession
#定义报表头
$ReportPath = "C:\Scripts\AutoCreate\";
$ReportName = "AutoCreate_$(Get-Date -Format MMddhhmm).html";
$ServiceReport = $ReportPath + $ReportName
$RedColor = "#FF0000"
$WhiteColor = "#FFFFFF"
下文的'\'是为了防止51CTO页面显示异常才加的，各位在使用时请删除掉
$Header = "
\<html>
\<head>
\<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>
\<title>Service Report</title>
\<STYLE TYPE='text/css'>
\<!--
td {
font-family: Tahoma;
font-size: 11px;
border-top: 1px solid #999999;
border-right: 1px solid #999999;
border-bottom: 1px solid #999999;
border-left: 1px solid #999999;
padding-top: 0px;
padding-right: 0px;
padding-bottom: 0px;
padding-left: 0px;
}
body {
margin-left: 5px;
margin-top: 5px;
margin-right: 0px;
margin-bottom: 10px;
table {
border: thin solid #000000;
}
-->
\</style>
\</head>
\<body>
\<table width='100%'>
\<tr bgcolor='#CCCCCC'>
\<td colspan='7' height='25' align='center'>
\<font face='tahoma' color='#003399' size='4'>\<strong>入职开通状态\</strong>\</font>
\</td>
\</tr>
\</table>
"
Add-Content $ServiceReport $Header
$TableHeader = "
\<table width='100%'>\<tbody>
\<tr bgcolor=#CCCCCC>
\<td width='15%' align='center'>账户\</td>
\<td width='25%' align='center'>应用\</td>
\<td width='25%' align='center'>状态\</td>
\</tr>
"
Add-Content $ServiceReport $tableHeader
#查询SharePoint入职开通应用中的Item信息
$SPWeb = Get-SPWeb -Identity http://sp.domain.cn
$SPList = $SPWeb.GetList("/Lists/List4")
#定义Company信息
$APath = "OU=Users,OU=A,DC=Domain,DC=cn"
$BPath = "OU=Users,OU=B,DC=Domain,DC=cn"
$ADomain = "A.cn"
$BDomain = "B.cn"
#定义密码
$Password = "P@ssw0rd" | ConvertTo-SecureString -AsPlainText -Force
#定义邮件通知函数
Function Send-Message
{
$SmtpClient = New-Object System.Net.Mail.SmtpClient
$MailMessage = New-Object System.Net.Mail.MailMessage
$SmtpClient.Host = "172.16.0.1"
$MailMessage.From = "Liuzw@Domain.cn"

$MailMessage.To.Add("Liuzw@Domain.cn")
$MailMessage.Subject = "入职开通报告"
$MailMessage.IsBodyHtml = $True
$MailMessage.Body = Get-Content $ServiceReport
$SmtpClient.Send($MailMessage)
}
#定义空数组用于存储开通状态
$UserReport = @()
#遍历SharePoint入职开通页面上的所有Item
Foreach($UserInfo in $SPList.Items)
{
#定义账户开通信息
$UserInfo.GetFormattedValue("上级经理") -match "ID=[\w]`">(?<Manager>[\w\W])</a>"
$User = @()
$User +=[PSCustomObject]@{
Surname = $UserInfo.GetFormattedValue("姓")
GivenName = $UserInfo.GetFormattedValue("名")
Account = $UserInfo.GetFormattedValue("账号")
DisplayName = $UserInfo.GetFormattedValue("显示名称")
Department = $UserInfo.GetFormattedValue("部门")
Company = $UserInfo.GetFormattedValue("公司")
Manager = $Matches.Manager
Mobile = $UserInfo.GetFormattedValue("移动电话")
Enabled = $UserInfo.GetFormattedValue("已开通")
Approve = $UserInfo.Workflows.StatusText
}
#如果已批准并且未开通则执行
If($User.Approve -eq "已批准" -and $User.Enabled -eq "否")
{
#尝试创建AD账号
Try
{

#根据公司名称定义开通路径
Switch($User.Company)
{
恒元华建{
$Path = $APath
$Domain = $ADomain
}
云坤{
$Path = $BPath
$Domain = $BDomain
}
}
#执行开通
$Manager = $User.Manager
$Department = $User.Department
$UPN = "$($User.Account)@$($Domain)"
New-ADUser -GivenName $User.GivenName -Surname $User.Surname -DisplayName $User.DisplayName -Department $User.Department -MobilePhone $User.Mobile -SamAccountName $User.Account -Name $User.Account -Enabled $True -AccountPassword $Password -Manager (Get-ADUser -Filter {DisplayName -eq $Manager }) -Path $Path -UserPrincipalName $UPN -ErrorAction Stop -ErrorVariable $ADError

$UserReport += [PSCustomObject]@{
账户= $User.Account
应用 = "AD账号"
状态 = "已开通"
}

#添加部门组
Get-ADGroup -Filter {Description -eq $Department} | Add-ADGroupMember -Members $User.Account
#尝试开通邮箱
Try{
Enable-Mailbox -Identity $User.Account -ErrorAction Stop
$UserReport += [PSCustomObject]@{
账户= $User.Account
应用 = "Exchange账号"
状态 = "已开通"
}
}
Catch{
$UserReport += [PSCustomObject]@{
账户= $User.Account
应用 = "Exchange账号"
状态 = "开通失败"
}
#Send-Message -Subject "$($User.Displayname)邮箱创建失败"
}
#尝试启用Lync
Try{
Enable-CsUser -Identity $UPN -RegistrarPool sip.domain.cn -SipAddressType UserPrincipalName -ErrorAction Stop
$UserReport += [PSCustomObject]@{
账户= $User.Account
应用 = "Lync账号"
状态 = "已开通"
}
}
Catch{
$UserReport += [PSCustomObject]@{
账户= $User.Account
应用 = "Lync账号"
状态 = "开通失败"
}
#Send-Message -Subject "$($User.Displayname)Lync开通失败"
}
#更新开通信息
$UserInfo["已开通"] = $True
$UserInfo.Update()

}
Catch
{
$UserReport += [PSCustomObject]@{
账户= $User.Account
应用 = "AD账号"
状态 = "开通失败"
}
#Send-Message -Subject "AD账号$($User.Account)创建失败" -Body $ADError
}
}
}
#添加开通状态到报表内容
$UserReport | ForEach-Object {
if($.状态 -ne "已开通")
{
$color = $redColor
}
else
{
$color = $whiteColor
}
$DataRow = "
<tr>
\<td width='15%'>$($.账户)\</td>
\<td width='25%' >$($.应用)\</td>
\<td width='25%' bgcolor='$color' align='center'>$($.状态)\</td>
\</tr>
"
Add-Content $ServiceReport $DataRow;
}
Add-Content $ServiceReport "\</body>\</html>"
#发送报表
Send-Message
#移除会话和文件
Remove-PSSession $ExSession
Remove-PSSession $LyncSession
Remove-Item $ServiceReport

好啦，基本的入职开通自动化就完成了，HR只需要填写基本信息，就会自动完成各个应用的开通，完成以后你会收到类似于这样的邮件

转载于:https://blog.51cto.com/2902744/2055443