Helping a newbie with script and validation flow

This topic contains 7 replies, has 3 voices, and was last updated by  Olaf Soyk 3 months, 2 weeks ago.

  • Author
    Posts
  • #78496

    K. Laage
    Participant

    I'm a self-taught admin + tech working with one colleague (who's also mostly self taught) at a high school, managing both clients and servers – 99% Windows (7, 10, Server 2012 and Server 2012R2).
    We've been doing most things manually but I'm looking into converting as much work as possible into more of a DevOps setup, with Powershell-scripts for multi step tasks.

    As an example, I have a powershell-script which moves a student from one year to another (basically they have user names with a two-digit prefix based on the year they started and a suffix with two letters from their first names and four from their last names) if they need to repeat a grade.
    It basically renames the account in the AD with the correct year-prefix, changes the samAccountName, renames Home and Profile-directories on disk and changes paths on the profile-tab in AD, moves the user into a new OU and security group etc.
    It works as intended if the user account to be renamed exists and there's no name conflict with the new name. But I'd like for the script to validate that there's no problem with user names, source and target security groups and OUs etc. and eventually split the script up into smaller clearly defined functions for better readability.

    However, I don't want someone to just (re)write the script for me, I'd prefer to be able to discuss script flow and come to my own conclusions and solutions.

    Would this be a good place for this kind of discussions, or does anyone have suggestions for where to look?

    /Laage

  • #78497

    Simon B
    Participant

    Without seeing any of your code it will be hard (before posting code please read the section on posting code)

    Having said that on your name changing part you could use try / catch
    Try
    {
    Your name change code here
    }
    Catch
    {
    do what you need to do for a duplicate name i.e. put an extra letter or number in the name and write to a log file
    }

  • #78499

    K. Laage
    Participant

    I'm happy to post the code.
    I just wasn't certain that the more general query format was appropriate for this forum.

    The basic script is here:

    As you can see I've started a small refactoring by moving out the initial prompts for input into a separate function with some attempt at validation of the initial values.

    What I want to accomplish in the end is to validate that:

    • Original user name exists
    • Target user name does not exist (no naming conflicts)
    • Source profile and home directories exist
    • Target OU exists
    • Original security group exists
    • Target security group exists

    I'd also like the script to accept source and target user names directly from the CLI like this:
    "PS C:\> .\Move-VMADStudent.ps1 -OldName 16student -NewName 17student"

    And if no inputs are provided to ask for source and target names. But that's for later.

    /Kim

  • #78500

    Olaf Soyk
    Participant

    Regardless of your actual question I would like to ask you if it's really necessary to change the names of the account and the samaccountname? IMHO it is a lot of work with no benefit at all. Wouldn't it be enought to change the description and of course the according / necessary group memberships?

  • #78502

    Simon B
    Participant

    Olaf does have a very valid point, I was thing this after I replied. Changing the account name every year surly leads to lots of account lockouts, due to the students forgetting and using their last years login details and locking an account out.

  • #78503

    Simon B
    Participant

    Olaf does have a very valid point, I was thing this after I replied. Changing the account name every year surly leads to lots of account lockouts, due to the students forgetting and using their last years login details and locking an account out.

  • #78538

    K. Laage
    Participant

    I should perhaps have started with the assumptions behind this script.

    Each fall when our students start they are given a user name of the format: two digit year, first two letters of their given name and first four letters of their last/family name (all sanitized from accents, hyphens, whitespaces etc.) So Göran de Valé starting this year would have a user name of 17godeva (this would also be the prefix to the school email account). All things being equal, Göran would keep this user name through the three years a typical high school education runs in Sweden.
    However, we have a number of students who either go off and spend a year abroad, take a sabbatical or simply have to repeat a grade or just needs to supplement with an extra course or two after graduation.
    In order to keep some semblance of order we rename and move these students so their user name matches the grade they're actually in at the moment.

    This script is meant to simplify this rename and move, as there are a number of steps that need to be performed and it is easy to miss one, particularly at the start of the school year when there are loads of other things that need doing as well.

    /Kim

  • #78560

    Olaf Soyk
    Participant

    OK ... one idea: to make sure the user account you want to treat exists you could ask only for the last name, get all accounts with this last name from the AD and present a list with only these accounts to choose from.

You must be logged in to reply to this topic.