Monday, November 16, 2009

Create Users in ADAM using Windows PowerShell

In the previous post, I defined the Windows PowerShell .Now, I will show you how it is useful in real time.
In my scenario, I have an requirement to create an UI (User interface) for adding the User in ADAM. We can do it using c#, Vb.Net also. but if we use C# we need to install visual studio which will take of about 3GB from you hard disk.So, I prefer to use Powershell scripting language instead of using c# because it occupies less space than VS from the hard disk.

I searched in Google, I found a wonderful web part(iLoveSharePoint) to run the Power Shell script in SharePoint. Click here to download. I also found the CmdLets to add users in ADAM called Quest AD Management Shell.

AD Management Shell:

It is a PowerShell snap-In that allows you to add the users, groups in the ADAM (Active directory Application Mode) and AD in very handy. The cmdlets are from Quest Software.

How to use Quest Software:
  1. Download the file according to your system configuration.
  2. Download the provided Guide which gives you a brief description.
  3. Install the downloaded file.
After completing the installation, you will find "Active Roles Management Shell for Active Directory" command prompt (start-->All programs -->Quest Software -->Active Roles Management Shell for Active Directory) looks like

iLoveSharePoint:
  1. Download the iLoveSharePoint web part from the codeplex.
  2. Please follow the instruction provided in the downloaded file.
  3. copy the script provided below to add the user in ADAM.
Script to Create users in ADAM:

########## Initialize ############

## declare global variables and functions
$tbUserName = New-Object System.Web.UI.WebControls.TextBox
$button = New-Object System.Web.UI.WebControls.Button
$lbUserName = New-Object System.Web.UI.WebControls.Label
$lbuserPrincipalName = New-Object System.Web.UI.WebControls.Label
$tbuserPrincipalName = New-Object System.Web.UI.WebControls.TextBox
$lbMessage = New-Object System.Web.UI.WebControls.Label
$ErrorMessage = New-Object System.Net.WebException

############# Load ##############

## first time the OnLoad fires before CreateChildControls
function OnLoad
{

$lbUserName.Text = 'UserName'
$lbuserPrincipalName.Text = 'Email'
$lbMessage.Text = ''

# Check if GET Request (first request).
if($isPostBack -eq $false)
{
#$label.Text = 'GET request.'
}
}

####### 3. Create Controls ########

# create child controls
function CreateChildControls($controls)
{
$controls.Add($tbUserName)
$button.Text = 'Add User'
Subscribe-Event $button 'Click' 'OnButtonClicked'
$controls.Add($button)
$controls.Add($lbUserName)
$controls.Add($lbuserPrincipalName)
$controls.Add($tbuserPrincipalName)
$controls.Add($lbMessage)

}
function connect-ADAM{

# This allows the use of a windows account for ADAM athentication without granting the application pool account rights to ADAM
$passwd = convertto-securestring "provide your admin password here" -asplaintext -force
$adamcred = new-object -typename System.Management.Automation.PSCredential -argumentlist "provide your admin user",$passwd

#ADAM connection, please provide the server followed by port number of your ADAM

connect-QADService -Service localhost:65000 -Credential $adamcred


}
function New-User
{
param([String]$newlogonid,[String]$userPrincipalName)

# provide the password here for the new user
$newpassword = "password123$"

$adamconnection = connect-ADAM
New-QADUser -Name $newlogonid -UserPassword $newpassword -ParentContainer $usercontainer -userPrincipalName $userPrincipalName -Connection $adamconnection
}
####### Events ########

# handle control events
# subscribe to an event with "Subscribe-Event($control, 'eventName','callback function name')"
function OnButtonClicked($sender, $args)
{
$SnapInName = "Quest.ActiveRoles.ADManagement"
$testsnapin = $null
$testsnapin = get-pssnapin | where { $_.Name -eq $SnapInName}
if(-not $testsnapin){add-pssnapin -Name $SnapInName}

$usercontainer = 'CN=Users,CN=ADAMPartition,DC=rajkamal,DC=COM'
$userPrincipalName = $tbuserPrincipalName.Text
$newUserName = $tbUserName.Text

$connection = connect-ADAM

if(($newUserName -eq '') -or ($userPrincipal -eq ''))
{
$lbMessage.Text = 'Please provide the details'
}
else
{
$results = get-QADUser -SearchRoot $usercontainer -name $newUserName -connection $connection
$principalName= get-QADUser -SearchRoot $usercontainer -ObjectAttributes @{userPrincipalName = $userPrincipalName} -connection $connection

if(!$results)
{
if(!$principalName)
{
New-User -newlogonid $newUserName -userPrincipalName $userPrincipalName

$lbMessage.Text = 'User successfully added'
}
else
{
$lbMessage.Text = 'UserPrincipalName already exists'
}
}
else
{
$lbMessage.Text = 'User already exists'
}
}

$tbUserName.text = [string]::Empty
$tbuserPrincipalName.text = [string]::Empty

}

## render html
function Render($writer)
{
$writer.Write("<table><tr><td colspan='2'><b>Add Users in ADAM</b></td></tr><tr><td>")

$lbUserName.RenderControl($writer)

$writer.Write(":</td><td>")

$tbUserName.RenderControl($writer)

$writer.Write("</td></tr><tr><td>")

$lbuserPrincipalName.RenderControl($writer)

$writer.Write(":</td><td>")

$tbuserPrincipalName.RenderControl($writer)

$writer.Write("</td></tr><tr><td colspan='2' align='center'>")

   $button.RenderControl($writer)

$writer.Write("</td><tr><td colspan='2' style='color:red;font-weight:bold;text-align:center'>")

$lbMessage.RenderControl($Writer)

$writer.Write("</td></tr></table>")


}
Posted by at

1 comment:

digital certificates said...

A special thanks for this informative post. I definitely learned a few new things here.

April 2, 2014 at 6:53 AM

Post a Comment

Subscribe to: Post Comments (Atom)