I am working on a powershell script that will create a user account based on the users inputs. Based on one of the inputs "Cost Center", I want the user to be added to specific active directory groups. The Cost Center entry gets placed in the description field of the users active directory account. For example, let's say the cost center entry was "606", which is the HR department, the number 606 would be entered into the description field and based on that number, the user would be added to the following groups:
HRDataOU, HRNetwork Printers, HR Mail Distribution List
The script that I came up with works, but because of the Get-QADUser cmdlet, it displays a list of every enabled user account in active directory. It really slows down the execution of the script. I realize that Get-QADUser is a cmdlet from Quest. I would actually prefer not to have to use the Quest cmdlets so I am willing to entertain any suggestions on how to get my objective accomplished. Here is the script I came up with.
#Add User to Active Directory Groups Based on Description Field
$description2 = "611IS - FTE"
$description3 = "611HR - FTE
$user = Get-QADUser -Department $description2 -NotMemberOf -Enabled
If (!($user)) {Write-output "$description2,No-Matching-Users-Found" >> $LogFile
} Else {
'InformationSystemsNetworkAccess','InformationSystemsOUDataGroup','InformationSystemsPrintGroup','Mail users' | Add-QADGroupMember -Member $user
Write-Output "$description2,$user,DeptMatch-Was-Added-To-Group" >> $LogFile
}
$user = Get-QADUser -Description $description3 -Enabled
If (!($user)) {Write-output "$description3,No-Matching-Users-Found" >> $LogFile
} Else {
'Cognos ETASE Dev-Test-Prod','PMO ALL','PMO FTE','Mail users','HRNetworkAccess','HROUDataGroup','HRPrintGroup' | Add-QADGroupMember -Member $user
Write-Output "$description2,$user,DeptMatch-Was-Added-To-Group" >> $LogFile
}