Building a Fully Functional Active Directory User Management Tool with PowerShell and XAML

Vicky Kadam
Jul 24
26 min read

Updated: Jul 31

Creating an efficient user management tool for Active Directory (AD) is essential for organizations that need strict control over user permissions and roles. This blog post will guide you through building a fully functional GUI using PowerShell and XAML, specifically designed for Level 1 (L1) engineers. L1 engineers typically require limited access to execute tasks, ensuring they can manage user roles without risking accidental changes to critical components like users, groups, and organizational units (OUs).

In this guide, we will discuss the whole process of developing this tool from the ground up, including practical examples, code snippets, and vital features that boost usability.

Understanding the Basics of PowerShell and XAML

PowerShell is a task automation and configuration management framework that combines a command-line shell with a powerful scripting language. XAML (Extensible Application Markup Language) is an XML-based language used for initializing structured values or objects in .NET applications. When these two tools are combined, they create effective user interfaces that streamline AD management tasks.

PowerShell is known for its flexibility and efficiency, allowing system administrators to automate repetitive tasks and manage systems seamlessly. However, for novice users, the standard command-line interface might seem daunting. This is where XAML steps in, providing a user-friendly graphical interface.

Key Features of the User Management Tool

The Active Directory User Management Tool we are about to create will encompass several critical features for L1 engineers:

User Creation: Quickly add new users to the AD.
User Modification: Change details for existing users without errors.
User Deactivation: Temporarily disable users during leave or termination.
Group Management: Assign and manage user groups effectively.

These features assure that L1 engineers can manage users reliably without the risk of unintentional changes to essential AD components. As a result, organizations can monitor their user base effectively, safeguarding against potential security breaches.

Setting Up the Development Environment

Before creating our GUI, ensure you have the following prerequisites installed on your system:

Operating System: Windows 10 or later.
PowerShell: Version 5.1 or later is necessary for compatibility.
Text Editor: Use Visual Studio Code or Notepad++ for coding.

Do not forget to run PowerShell with administrative privileges, especially when modifying Active Directory data.

Building the GUI with XAML

Let’s start by creating the graphical interface using XAML.

Creating the XAML Layout

Create a new file named `Form.xaml` and open it in your text editor. Below is a basic layout for our AD User Management Tool:

```xml

<Window xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"

xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"

xmlns:d="http://schemas.microsoft.com/expression/blend/2008"

xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"

Title="User Managment Tool" Width="1900" Height="800"

WindowStartupLocation ="CenterScreen"

ResizeMode="CanMinimize">

<DataGrid.ColumnHeaderStyle>

</Style>

</DataGrid.ColumnHeaderStyle>

</DataGrid>

</Grid></TabItem>

</StackPanel>

</StackPanel>

</Grid></TabItem>

</StackPanel>

</GroupBox>

</StackPanel>

</GroupBox>

</StackPanel>

</GroupBox>

</StackPanel>

</GroupBox>

<DataGrid.ColumnHeaderStyle>

</Style>

</DataGrid.ColumnHeaderStyle>

</DataGrid>

</Grid>

</Grid></TabItem></TabControl>

</Grid>

</Window>

```

Explanation of the Layout

The layout includes:

A title label for identification.
A TextBox for L1 engineers to enter usernames.
Buttons for different user management tasks: creation, modification, and deactivation.

These controls provide a straightforward way for users to interact with Active Directory without needing to rely on complex PowerShell commands, significantly lowering the risk of accidental changes.

Integrating PowerShell with the GUI

Now we will integrate PowerShell functionality into our GUI by creating the code-behind file `ADUserManager.xaml.cs`. Below is an example of how to handle button clicks:

```Powershell

#Load Assemblies

Add-Type -AssemblyName PresentationFramework, presentationcore

Add-Type -AssemblyName System.Windows.Forms

Add-Type -AssemblyName System.Drawing

Add-Type -AssemblyName System.Web

# Enable Visual Styles

[System.Windows.Forms.Application]::EnableVisualStyles()

$form = @{}

[xml]$xaml = Get-Content -Path ".\Form.xaml"

$Reader = New-Object System.Xml.XmlNodeReader $xaml

$Window = [Windows.Markup.XamlReader]::Load($Reader)

$namedNodes = $xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]")

$namedNodes | ForEach-Object {$form.Add($_.Name, $Window.FindName($_.Name))}

##################### Your Code goes here #############################

############### Function Code Start ##################

function Get-folder {

$SaveFileDialog = New-Object Windows.Forms.FolderBrowserDialog

$SaveFileDialog.RootFolder = "MyComputer"

if ($SaveFileDialog.ShowDialog() -eq 'OK') {

$SelectedFolderPath = $SaveFileDialog.SelectedPath

# Process the selected folder path as needed

return $SelectedFolderPath }

}

Function ExcelGrid {

If ( ($form.txtUserName.Text -ne "") -and ($form.txtComputerName.Text -eq "") -and ($form.txtOperatingSystem.Text -eq "")) {

$ServerName = Get-PDC

$Name = $form.txtUserName.Text

$UserObj = Get-ADUser -Server $ServerName -Filter * -Properties Name, SamAccountName, Mail,Enabled,LockedOut,PasswordExpired,PasswordLastSet,Modified,AccountExpirationDate | Where-Object { ($_.samAccountName -eq $name) -or ($_.Name -match $name) -or ($_.mail -eq $name) } | select Name, SamAccountName, Mail,Enabled,LockedOut,PasswordExpired,PasswordLastSet,Modified,AccountExpirationDate

$UserNameObj = New-Object System.collections.ArrayList

$UserNameObj.AddRange(@($UserObj))

$Form.dgFindUsers.ItemsSource = $UserNameObj

}elseif( ($form.txtUserName.Text -eq "") -and- ($form.txtComputerName.Text -ne "") -and ($form.txtOperatingSystem.Text -eq "")){

$CompObjName = $form.txtComputerName.Text

$CompObj = Get-ADComputer -Filter * -Properties Name,IPv4Address,Enabled,Created,LastLogonDate,OperatingSystem,DistinguishedName | Where-Object { ($_.Name -match $CompObjName) } | select Name,IPv4Address,Enabled,Created,LastLogonDate,OperatingSystem,DistinguishedName

$Obj = New-Object System.collections.ArrayList

$Obj.AddRange(@($CompObj))

$Form.dgFindUsers.ItemsSource = $Obj

}elseif( ($form.txtUserName.Text -eq "") -and- ($form.txtComputerName.Text -eq "") -and ($form.txtOperatingSystem.Text -ne "")) {

$CompObjName = $form.txtOperatingSystem.Text

$CompObj = Get-ADComputer -Filter * -Properties Name,IPv4Address,Enabled,Created,LastLogonDate,OperatingSystem,DistinguishedName | Where-Object { ($_.OperatingSystem -match $CompObjName) } | select Name,IPv4Address,Enabled,Created,LastLogonDate,OperatingSystem,DistinguishedName

$Obj = New-Object System.collections.ArrayList

$Obj.AddRange(@($CompObj))

$Form.dgFindUsers.ItemsSource = $Obj

}elseif( ($form.txtUserName.Text -eq "") -and ($form.txtComputerName.Text -eq "") -and ($form.txtOperatingSystem.Text -eq "")){

$Name = $form.txtUserName.Text

$UserObj = Get-ADUser -Filter * -Properties Name, SamAccountName, Mail,Enabled,LockedOut,PasswordExpired,PasswordLastSet,Modified,AccountExpirationDate | Where-Object { ($_.samAccountName -eq $name) -or ($_.Name -match $name) -or ($_.mail -eq $name) } | select Name, SamAccountName, Mail,Enabled,LockedOut,PasswordExpired,PasswordLastSet,Modified,AccountExpirationDate

$UserNameObj = New-Object System.collections.ArrayList

$UserNameObj.AddRange(@($UserObj))

$Form.dgFindUsers.ItemsSource = $UserNameObj

}

function Get-PDC {

$PDC = Get-ADDomainController -Filter * | Where {$_.OperationMasterRoles -like 'PDCEmulator'} | Select -ExpandProperty Name

$online = Test-Connection -ComputerName $PDC -Count 1 -Quiet

$Server = If ($online){return $PDC

}else{

Get-ADDomainController |Select Name

#return $DC

}

$Server

}

function Create-User {

$ServerName = Get-PDC

$Name = $form.txtUserName2.Text

$Initials = If($form.txtInitials.Text -eq ""){$form.txtInitials.Text = $null} else{$form.txtInitials.Text}

$AdLogin = (Get-ADUser $form.txtPreLogonName2.Text -Server $ServerName |Select SamAccountName -ErrorAction SilentlyContinue)

If($AdLogin){$form.txtUserCreation.Text = Write-Output samAccountName $form.txtPreLogonName2.Text already exists. Try using another samAccountName}Else{

If (($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate) ){

New-Aduser -Server $ServerName -Name $form.txtFullName.Text -GivenName $form.txtUserName2.Text -Initials $Initials -Surname $form.txtLastName.Text -DisplayName $form.txtFullName.Text -UserPrincipalName ($form.txtUserLogonName.Text + $form.cbUserLogonName.Text) -SamAccountName $form.txtPreLogonName2.Text -Path $form.cbOU.Text -AccountPassword (ConvertTo-secureString $form.txtGeneratePwd.Text -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $false -CannotChangePassword $false -Enabled $true

Set-ADAccountExpiration -Identity $form.txtPreLogonName2.Text -Server $ServerName -DateTime $form.DateSelected.SelectedDate

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate) ){

New-Aduser -Server $ServerName -Name $form.txtFullName.Text -GivenName $form.txtUserName2.Text -Initials $Initials -Surname $form.txtLastName.Text -DisplayName $form.txtFullName.Text -UserPrincipalName ($form.txtUserLogonName.Text + $form.cbUserLogonName.Text) -SamAccountName $form.txtPreLogonName2.Text -Path $form.cbOU.Text -AccountPassword (ConvertTo-secureString $form.txtGeneratePwd.Text -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -CannotChangePassword $false -Enabled $true

Set-ADAccountExpiration -Identity $form.txtPreLogonName2.Text -Server $ServerName -DateTime $form.DateSelected.SelectedDate

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate) ){

Set-ADAccountExpiration -Identity $form.txtPreLogonName2.Text -Server $ServerName -DateTime $form.DateSelected.SelectedDate

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate) ){

$form.txtUserCreation.Text = Write-Output Error: Cannot use both '"User must change Password at next logon"' and '"Password never Expire"'

####################################################################################################

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate)){

Set-ADAccountExpiration -Identity $form.txtPreLogonName2.Text -Server $ServerName -DateTime $form.DateSelected.SelectedDate

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate)){

New-Aduser -Server $ServerName -Name $form.txtFullName.Text -GivenName $form.txtUserName2.Text -Initials $Initials -Surname $form.txtLastName.Text -DisplayName $form.txtFullName.Text -UserPrincipalName ($form.txtUserLogonName.Text + $form.cbUserLogonName.Text) -SamAccountName $form.txtPreLogonName2.Text -Path $form.cbOU.Text -AccountPassword (ConvertTo-secureString $form.txtGeneratePwd.Text -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -CannotChangePassword $false -Enabled $true

Set-ADAccountExpiration -Identity $form.txtPreLogonName2.Text -Server $ServerName -DateTime $form.DateSelected.SelectedDate

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate)){

Set-ADAccountExpiration -Identity $form.txtPreLogonName2.Text -Server $ServerName -DateTime $form.DateSelected.SelectedDate

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) -and ($form.EndOf.IsChecked) -and ($form.DateSelected.SelectedDate) ){

$form.txtUserCreation.Text = Write-Output Error: Cannot use both '"User must change Password at next logon"' and '"Password never Expire"'

####################################################################################################

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked) ){

$form.txtUserCreation.Text = Write-Output Error: Account expire date must be selected

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked) ){

$form.txtUserCreation.Text = Write-Output Error: Account expire date must be selected

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) -and ($form.EndOf.IsChecked) ){

$form.txtUserCreation.Text = Write-Output Error: Account expire date must be selected

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked)){

$form.txtUserCreation.Text = Write-Output Error: Account expire date must be selected

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) -and ($form.EndOf.IsChecked)){

$form.txtUserCreation.Text = Write-Output Error: Account expire date must be selected

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) -and ($form.EndOf.IsChecked)){

$form.txtUserCreation.Text = Write-Output Error: Account expire date must be selected

####################################################################################################

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) ){

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}Elseif(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false) ){

New-Aduser -Server $ServerName -Name $form.txtFullName.Text -GivenName $form.txtUserName2.Text -Initials $Initials -Surname $form.txtLastName.Text -DisplayName $form.txtFullName.Text -UserPrincipalName ($form.txtUserLogonName.Text + $form.cbUserLogonName.Text) -SamAccountName $form.txtPreLogonName2.Text -Path $form.cbOU.Text -AccountPassword (ConvertTo-secureString $form.txtGeneratePwd.Text -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -CannotChangePassword $false -Enabled $true

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}Elseif(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) ){

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}Elseif(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true) ){

$form.txtUserCreation.Text = Write-Output Error: Cannot use both '"User must change Password at next logon"' and '"Password never Expire"'

####################################################################################################

}ElseIf(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false)){

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}Elseif(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $false)){

New-Aduser -Server $ServerName -Name $form.txtFullName.Text -GivenName $form.txtUserName2.Text -Initials $Initials -Surname $form.txtLastName.Text -DisplayName $form.txtFullName.Text -UserPrincipalName ($form.txtUserLogonName.Text + $form.cbUserLogonName.Text) -SamAccountName $form.txtPreLogonName2.Text -Path $form.cbOU.Text -AccountPassword (ConvertTo-secureString $form.txtGeneratePwd.Text -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -CannotChangePassword $false -Enabled $true

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}Elseif(($form.chkboxPwdChangeatLogon.IsChecked -eq $false) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true)){

$form.txtUserCreation.Text = Write-Output Created $form.txtPreLogonName2.Text user in $form.cbOU.Text

}Elseif(($form.chkboxPwdChangeatLogon.IsChecked -eq $true) -and ($form.chkboxPwdNeverExpire.IsChecked -eq $true)){

$form.txtUserCreation.Text = Write-Output Error: Cannot use both '"User must change Password at next logon"' and '"Password never Expire"'

####################################################################################################

}

############### Function Code End ##############

##################################################

###################### TAB 1 Code Below ########################

$form.btFindNow.add_Click({

ExcelGrid

})

$form.btClearAll.add_Click({

If (($form.txtUserName.Text -ne "") -or ($form.txtComputerName.Text -ne "") -or ($form.txtUserName.Text -eq "" -and $form.txtComputerName.Text -eq "")){

$form.txtUserName.Text = ""

$form.txtComputerName.Text = ""

$form.txtOperatingSystem.Text = ""

$Form.dgFindUsers.ItemsSource = $null

}

})

$form.btPwdReset.add_Click({

[XML]$xaml = @"

</Grid></TabItem>

</TabControl>

</Grid>

</Window>

$Reader = (New-Object System.Xml.XmlNodeReader $xaml)

$PwdResetWindow = [Windows.Markup.XamlReader]::Load($Reader)

$PwdResetWindow.FindName

$xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | %{Set-Variable -Name ($_.Name) -Value $PwdResetWindow.FindName($_.Name)}

$btGeneratePwd.add_Click({

$Psswd = [System.Web.Security.Membership]::GeneratePassword(14,4)

$txtGeneratPwd.Text = $Psswd

})

$btSetPwd.add_Click({

$GetPsswd = $txtGeneratPwd.Text

$ServerName = Get-PDC

Get-ADUser $form.txtUserName.Text -Server $ServerName |Set-ADAccountPassword -NewPassword (ConvertTo-SecureString $GetPsswd -AsPlainText -Force) -Reset

$txtGeneratePassword.Text = Write-output New Password Set for $form.txtUserName.Text

$samAccountName = $form.txtUserName.Text

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Password Management

New Password set for user $samAccountName

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 0 -EntryType information

})

$PwdResetWindow.SHowDialog()

$PwdResetWindow.Close()

})

$form.btUserUnlock.add_Click({

[XML]$xaml = @"

</Grid></TabItem>

</TabControl>

</Grid>

</Window>

$Reader = (New-Object System.Xml.XmlNodeReader $xaml)

$UnlockUser = [Windows.Markup.XamlReader]::Load($Reader)

$UnlockUser.FindName

$xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | %{Set-Variable -Name ($_.Name) -Value $UnlockUser.FindName($_.Name)}

$btUnlock.add_Click({

$DCObj = Get-ADDomainController -Filter *

$DCObj.Hostname

If ($txtUserUnlock.Text -eq "") { $txtUnlock.Text = Write-Output User name should not be blank}else{

foreach ($Server in $DCObj.Hostname) {

$online = Test-Connection -ComputerName $Server -Count 1 -Quiet

If ($online){

#$txtUnlock.Text = Write-Output $Server is reachable. Unlocking user $txtUserUnlock.Text

try{

Unlock-ADAccount -identity $txtUserUnlock.Text -Server $Server

$txtUnlock.Text = Write-Output User $txtUserUnlock.Text is Unlocked.

#$txtUnlock.Text = Write-Output $Server is reachable. Unlocking user $txtUserUnlock.Text

$samAccountNameUnlock = $txtUserUnlock.Text

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

User account $samAccountNameUnlock unlocked

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 0 -EntryType information

}catch{

if ($_.Exception.Message -eq "insufficient access rights to perform the operation"){

$txtUnlock.Text = Write-Host "User Unlock failed: insufficient access rights to perform the operation"}

}}

}

})

$UnlockUser.SHowDialog()

$UnlockUser.Close()

})

$form.btUserEnable.add_Click({

[XML]$xaml = @"

</Grid></TabItem>

</TabControl>

</Grid>

</Window>

$Reader = (New-Object System.Xml.XmlNodeReader $xaml)

$UserEnable = [Windows.Markup.XamlReader]::Load($Reader)

$UserEnable.FindName

$xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | %{Set-Variable -Name ($_.Name) -Value $UserEnable.FindName($_.Name)}

$btUnlock.add_Click({

try{

Enable-ADAccount -identity $txtUserEnable.Text

$txtEnable.Text = Write-Output User $txtUserEnable.Text is Enabled.

$samAccountNameEnabled = $txtUserEnable.Text

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

User account $samAccountNameEnabled Enabled

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 0 -EntryType information

}catch{

if ($_.Exception.Message -eq "insufficient access rights to perform the operation"){

$txtEnable.Text = Write-Host "User Unlock failed: insufficient access rights to perform the operation"}}

})

$UserEnable.SHowDialog()

$UserEnable.Close()

})

$form.btUserDisable.add_Click({

[XML]$xaml = @"

</Grid></TabItem>

</TabControl>

</Grid>

</Window>

$Reader = (New-Object System.Xml.XmlNodeReader $xaml)

$UserDisable = [Windows.Markup.XamlReader]::Load($Reader)

$UserDisable.FindName

$xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | %{Set-Variable -Name ($_.Name) -Value $UserDisable.FindName($_.Name)}

$btDisable.add_Click({

try{

Disable-ADAccount -identity $txtUserDisable.Text

$txtDisable.Text = Write-Output User $txtUserDisable.Text is Disabled.

$samAccountNameDisabled = $txtUserDisable.Text

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

User account $samAccountNameDisabled Disabled

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 0 -EntryType information

}catch{

if ($_.Exception.Message -eq "insufficient access rights to perform the operation"){

$txtDisable.Text = Write-Host "User account Disable failed: insufficient access rights to perform the operation"}}

})

$UserDisable.SHowDialog()

$UserDisable.Close()

})

$form.btUpdateUser.add_Click({

[XML]$xaml = @"

</Grid></TabItem>

</Grid></TabItem>

</Grid></TabItem>

</Grid></TabItem>

</Grid></TabItem>

</TabControl>

</Grid>

</Window>

$Reader = (New-Object System.Xml.XmlNodeReader $xaml)

$UpdateUserWindow = [Windows.Markup.XamlReader]::Load($Reader)

$UpdateUserWindow.FindName

$xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | %{Set-Variable -Name ($_.Name) -Value $UpdateUserWindow.FindName($_.Name)}

$txtFirstName.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty GivenName

$txtInitials.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Initials

$txtLastName.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Surname

$txtDisplayName.Text= Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty DisplayName

$txtDescription.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Description

$txtOffice.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Office

$txtTelephones.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty OfficePhone

$Email = $txtEmail.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty EmailAddress

$Web = $txtWebPage.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty HomePage

$txtStreet.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty StreetAddress

$txtPOBox.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty POBox

$txtCity.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty City

$txtState.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty State

$txtZip.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Postalcode

$txtCountry.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Country

$txtHome.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty HomePhone

$txtPager.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Pager

$txtMobile.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Mobilephone

$txtFax.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Fax

$txtIPPhone.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty IPPhone

$txtNotes.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Info

$txtJobTitle.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Title

$txtDepartment.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Department

$txtCompany.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Company

$ManagerName = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Manager

$ManagerName2 = @($ManagerName.Split(",").Replace("CN=" , "" ))

$ManagerName3 = $ManagerName2[0]

$txtManagerName.Text = $ManagerName3

$txtProxyAddress.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty ProxyAddresses

$txtCompany2.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty Company

$txtEmployeeID.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty EmployeeID

$txtEmployeeNumber.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty EmployeeNumber

$txtEmployeeType.Text = Get-ADUser $form.txtUserName.Text -Properties * |select -ExpandProperty EmployeeType

$btGeneral.add_Click({

$name = $txtFirstName.Text

$Initials = $txtInitials.Text

$lastName = $txtLastName.Text

$DisplayName = $txtDisplayName.Text

$Description = $txtDescription.Text

$Office = $txtOffice.Text

$Tel = $txtTelephones.Text

$Email = $txtEmail.Text

$Web = $txtWebPage.Text

$ServerName = Get-PDC

If($name -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -GivenName $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -GivenName $name

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Name: $name

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Initials -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Initials $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Initials $Initials

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Initials: $Initials

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($lastName -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Surname $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Surname $lastName

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Last name: $lastName

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($DisplayName -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -DisplayName $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -DisplayName $DisplayName

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Dispaly Name: $DisplayName

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Description -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Description $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Description $Description

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Description: $Description

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Office -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Office $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Office $Office

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Office Address: $Office

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Tel -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -OfficePhone $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -OfficePhone $Tel

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Office Phone: $Tel

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Email -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -EmailAddress $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -EmailAddress $Email

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Email Address: $Email

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Web -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -HomePage $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -HomePage $Web

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Web Page: $Web

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

})

$btAddress.add_Click({

$Street = $txtStreet.Text

$POBox = $txtPOBox.Text

$City = $txtCity.Text

$State = $txtState.Text

$Zip = $txtZip.Text

$Country = $txtCountry.Text

$ServerName = Get-PDC

If($Street -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -StreetAddress $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -StreetAddress $Street

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Street Info: $Street

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($POBox -eq ""){Set-Aduser $$form.txtUserName.Text -Server $ServerName -POBox $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -POBox $POBox

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated POBox: $POBox

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($City -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -City $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -City $City

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated City: $City

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($State -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -State $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -State $State

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated State: $State

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Zip -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Postalcode $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Postalcode $Zip

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Zip Code: $Zip

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Country -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Country $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Country $Country

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Country: $Country

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

})

$btTelephones.add_Click({

$HomePhone = $txtHome.Text

$Pager = $txtPager.Text

$Mobilephone = $txtMobile.Text

$Fax = $txtFax.Text

$IPPhone= $txtIPPhone.Text

$Notes = $txtNotes.Text

$ServerName = Get-PDC

If($HomePhone -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -HomePhone $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -HomePhone $HomePhone

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Home Phone: $HomePhone

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Pager -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -clear Pager}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Replace @{Pager = $Pager}

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Pager: $Pager

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Mobilephone -eq ""){Set-Aduser $textbox1.Text -Server $ServerName -Mobilephone $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Mobilephone $Mobilephone

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Mobile Number: $Mobilephone

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Fax -eq ""){Set-Aduser $form.txtUserName.Text -Server $Fax -Fax $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Fax $Fax

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Fax: $Fax

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($IPPhone -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -clear IPPhone }Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Replace @{IPPhone =$IPPhone}

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated IP Phone: $IPPhone

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Notes -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -clear Info }Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Replace @{Info = $Notes}

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Notes: $Notes

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

})

$btOrginization.add_Click({

$Job = $txtJobTitle.Text

$Department = $txtDepartment.Text

$Company = $txtCompany.Text

$Manager = $ManagerName3

$ServerName = Get-PDC

If($Job -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Title $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Title $Job

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Job: $Job

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Department -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Department Pager}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Department $Department

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Department: $Department

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Company -eq ""){Set-Aduser $textbox1.Text -Server $ServerName -Company $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Company $Company

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Company: $Company

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($Manager -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -Manager $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Manager $txtManagerName.Text

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Manager: $Manager

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

})

$btAttributes.add_Click({

$Proxy = $txtProxyAddress.Text

$EmployeeID = $txtEmployeeID.Text

$EmployeeNumber = $txtEmployeeNumber.Text

$EmployeeType = $txtEmployeeType.Text

$ServerName = Get-PDC

If($Proxy -eq ""){ Set-Aduser $form.txtUserName.Text -Server $ServerName -Replace @{proxyAddresses=$Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Replace @{proxyAddresses=$Proxy}

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Proxy Address: $Proxy

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($EmployeeID -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -EmployeeID $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -EmployeeID $EmployeeID

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated EmployeeID: $EmployeeID

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($EmployeeNumber -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -EmployeeNumber $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -EmployeeNumber $EmployeeNumber

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated EmployeeNumber: $EmployeeNumber

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}

If($EmployeeType -eq ""){Set-Aduser $form.txtUserName.Text -Server $ServerName -EmployeeType $Null}Else{

Set-Aduser $form.txtUserName.Text -Server $ServerName -Replace @{employeeType = $EmployeeType}

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Updated Employee Type: $EmployeeType

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

}}

})

$UpdateUserWindow.SHowDialog()

$UpdateUserWindow.Close()

})

$form.btExport.add_Click({

$FilePath = Get-folder

$SaveFile = "Export.csv"

$form.dgFindUsers.Items | Export-Csv $FilePath\$SaveFile -NoTypeInformation

})

####################### TAB 2 Code Below ########################

$form.txtUserName2.Add_TextChanged({

$form.txtFullName.Text = $form.txtUserName2.Text

$form.txtUserLogonName.Text = $form.txtUserName2.Text

})

$form.txtLastName.Add_TextChanged({

$form.txtFullName.Text = $form.txtUserName2.Text + " " + $form.txtLastName.Text

$form.txtUserLogonName.Text = $form.txtUserName2.Text + '.'+ $form.txtLastName.Text

})

#$UPN = @((get-adforest).UPNSuffixes)

#$UPN = $UPN | ForEach-Object {"@$_"}

$form.txtPreLogonName.Text = "VT\" # Change User Logonname as per AD domain.

$UPN = @("@vtechie.co.in","@vt.co.in") # Change UPN as per need

$form.cbUserLogonName.ItemsSource = $UPN

$form.btGeneratePwd.Add_Click({

$Psswd = [System.Web.Security.Membership]::GeneratePassword(14,4) # Set Password length(14) as per AD domain policy

$form.txtGeneratePwd.Text = $Psswd

})

# Change OU names as per Organization AD structure

$OuArray2 = @(Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=Users,DC=vtechie,DC=co,DC=in' -SearchScope Subtree -Properties Name |select -ExpandProperty DistinguishedName -Unique |Sort-Object)

$OuArray3 = @(Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=Security Groups,DC=vtechie,DC=co,DC=in' -SearchScope Subtree -Properties Name |select -ExpandProperty DistinguishedName -Unique |Sort-Object)

$OuArray4 = @(Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=Privilege_Users,DC=vtechie,DC=co,DC=in' -SearchScope Subtree -Properties Name |select -ExpandProperty DistinguishedName -Unique |Sort-Object)

$OuArray += $OuArray2

$OuArray += $OuArray3

$OuArray += $OuArray4

$OuArray |Sort-Object

$form.cbOU.ItemsSource = $OuArray

$form.btCreate.Add_Click({

$form.txtUserCreation.Clear()

Create-User

$samAccountNameCreate =$form.txtPreLogonName2.Text

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

New account $samAccountNameCreate created

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

})

######################### TAB 3 Code Below ###############################

$form.btFindGroup.Add_Click({

$server = Get-PDC

$ADGroupObjName =$form.txtFindGroup.Text

$GroupObj = Get-ADGroup -Server $server -Filter * -Properties samAccountName, GroupScope, GroupCategory, DistinguishedName | Where-Object { ($_.samAccountName -eq $ADGroupObjName) -or ($_.Name -match $ADGroupObjName)} |Select samAccountName, GroupScope, GroupCategory, DistinguishedName

$GroupObjName = New-Object System.collections.ArrayList

$GroupObjName.AddRange(@($GroupObj))

$form.dgFindGroupName.Visibility = "Visible"

$form.txtDataOutBox.Visibility = "Hidden"

$form.dgFindGroupName.ItemsSource = $GroupObjName

})

$form.btUpdateGroup.Add_Click({

[XML]$xaml = @"

<Window xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" Width="1200" Height="600"

xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"

xmlns:d="http://schemas.microsoft.com/expression/blend/2008"

xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" >

<DataGrid.ColumnHeaderStyle>

</Style>

</DataGrid.ColumnHeaderStyle>

</DataGrid>

</Grid></TabItem>

<DataGrid.ColumnHeaderStyle>

</Style>

</DataGrid.ColumnHeaderStyle>

</DataGrid>

</Grid></TabItem>

</TabControl>

</Grid>

</Window>

$Reader = (New-Object System.Xml.XmlNodeReader $xaml)

$UpdateGroupMembers = [Windows.Markup.XamlReader]::Load($Reader)

$UpdateGroupMembers.FindName

$xaml.SelectNodes("//*[@*[contains(translate(name(.),'n','N'),'Name')]]") | %{Set-Variable -Name ($_.Name) -Value $UpdateGroupMembers.FindName($_.Name)}

$btShowMembers.Add_Click({

$dgShowGroupMembers.Visibility = "Visible"

$txtDataOutBox2.Visibility = "Hidden"

$GrpName = $txtGroupName.text

try{

$GrpMembers = Get-ADGroupMember $GrpName |select Name,samAccountName,ObjectClass

$dgShowGroupMembers.ItemsSource = @($GrpMembers)

}Catch{

$dgShowGroupMembers.Visibility = "Hidden"

$txtDataOutBox2.Visibility = "Visible"

$txtDataOutBox2.Clear()

$txtDataOutBox2.text= Write-Output Cannot find an object with identity: $txtGroupName.text }

})

$btAddMembers.Add_Click({

$dgShowGroupMembers.Visibility = "Hidden"

$txtDataOutBox2.Visibility = "Visible"

$GrpName2 = $txtGroupName.text

$Members = @($txtAddMembers.Text)

$Member = $Members.Split("`r`n", [StringSplitOptions]::RemoveEmptyEntries)

try{

foreach($grpMember in $Member){

Add-ADGroupMember $GrpName2 -Members $grpMember

$txtDataOutBox2.text = Write-Output $grpMember added to group $GrpName2 `r`n

$samAccountNameAddMember = $grpMember

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

New member $samAccountNameAddMember added to $GrpName2

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 2 -EntryType information

}

}Catch{

$txtDataOutBox2.text= Write-Output Cannot find an object with identity: $txtAddMembers.Text

}

})

$btViewMembers.Add_Click({

$dgShowGroupMembers2.Visibility = "Visible"

$txtDataOutBox3.Visibility = "Hidden"

try{

$GrpName = $txtGroupNameRemove.text

$GrpMembers = Get-ADGroupMember $GrpName |select Name,samAccountName

$dgShowGroupMembers2.ItemsSource = @($GrpMembers)

}Catch{

$dgShowGroupMembers2.Visibility = "Hidden"

$txtDataOutBox3.Visibility = "Visible"

$txtDataOutBox3.Text = Write-Output Cannot find an object with identity: $GrpName

}

})

$btRemoveMembers.Add_Click({

$Array = @($dgShowGroupMembers2.SelectedItems.samAccountName)

try{

foreach($user in $Array){

Remove-ADGroupMember $txtGroupNameRemove.text -Members $user -Confirm:$false}

$GrpName = $txtGroupNameRemove.text

$GrpMembers = Get-ADGroupMember $GrpName |select Name,samAccountName

$dgShowGroupMembers2.ItemsSource = @($GrpMembers)

$samAccountNameRemoveMember = $user

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

Member $samAccountNameRemoveMember removed from group $GrpName

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 3 -EntryType information

}catch{

$dgShowGroupMembers2.Visibility = "Hidden"

$txtDataOutBox3.Visibility = "Visible"

$txtDataOutBox3.Text = Write-Output Members not selected in group $txtGroupNameRemove.text}

})

$UpdateGroupMembers.ShowDialog()

$UpdateGroupMembers.Close()

})

$form.cbOUPath.ItemsSource = $OuArray

$form.btCreateGroup.Add_Click({

$gpName = $form.txtGroupName.Text

$samName = $form.txtGroupNamePre2000.Text

$displayName = $form.txtGroupName.Text

$OU = $form.cbOUPath.Text

$rdbDomainLocal = $form.rdbDomainLocal.IsChecked

$rdbGlobal = $form.rdbGlobal.IsChecked

$rdbUniversal = $form.rdbUniversal.IsChecked

$rdbSecurity = $form.rdbSecurity.IsChecked

$rdbDistribution = $form.rdbDistribution.IsChecked

$form.dgFindGroupName.Visibility = "Hidden"

$form.txtDataOutBox.Visibility = "Visible"

$ServerName = Get-PDC

#New-ADGroup -Name $gpName -SamAccountName $samName -GroupScope DomainLocal -GroupCategory Security -DisplayName $displayName -Path $form.cbOUPath.Text

$AdGroupName = (Get-ADGroup $samName -Server $ServerName |Select SamAccountName -ErrorAction SilentlyContinue)

try{

If ($AdGroupName){$form.txtDataOutBox.Text = Write-Output The Specified Group $samName already exists. Try using another Group Name}Else{

If (($rdbDomainLocal) -and ($rdbSecurity) -and ($OU -eq "")){$form.txtDataOutBox.Text = Write-Output Error: OU path cannot be blank}

If (($rdbDomainLocal) -and ($rdbSecurity) -and ($OU -ne "")){New-ADGroup -Server $ServerName -Name $gpName -SamAccountName $samName -GroupScope DomainLocal -GroupCategory Security -DisplayName $displayName -Path $OU

$form.txtDataOutBox.Text = Write-Output Created Group $samName in OU $OU }

If (($rdbDomainLocal) -and ($rdbDistribution) -and ($OU -eq "")){$form.txtDataOutBox.Text = Write-Output Error: OU path cannot be blank}

If (($rdbDomainLocal) -and ($rdbDistribution) -and ($OU -ne "")){New-ADGroup -Server $ServerName -Name $gpName -SamAccountName $samName -GroupScope DomainLocal -GroupCategory Distribution -DisplayName $displayName -Path $OU

$form.txtDataOutBox.Text = Write-Output Created Group $samName in OU $OU }

If (($rdbGlobal) -and ($rdbSecurity) -and ($OU -eq "")){$form.txtDataOutBox.Text = Write-Output Error: OU path cannot be blank}

If (($rdbGlobal) -and ($rdbSecurity) -and ($OU -ne "")){New-ADGroup -Server $ServerName -Name $gpName -SamAccountName $samName -GroupScope Global -GroupCategory Security -DisplayName $displayName -Path $OU

$form.txtDataOutBox.Text = Write-Output Created Group $samName in OU $OU }

If (($rdbGlobal) -and ($rdbDistribution) -and ($OU -eq "")){$form.txtDataOutBox.Text = Write-Output Error: OU path cannot be blank}

If (($rdbGlobal) -and ($rdbDistribution) -and ($OU -ne "")){New-ADGroup -Server $ServerName -Name $gpName -SamAccountName $samName -GroupScope Global -GroupCategory Distribution -DisplayName $displayName -Path $OU

$form.txtDataOutBox.Text = Write-Output Created Group $samName in OU $OU }

If (($rdbUniversal) -and ($rdbSecurity) -and ($OU -eq "")){$form.txtDataOutBox.Text = Write-Output Error: OU path cannot be blank}

If (($rdbUniversal) -and ($rdbSecurity) -and ($OU -ne "")){New-ADGroup -Server $ServerName -Name $gpName -SamAccountName $samName -GroupScope Universal -GroupCategory Security -DisplayName $displayName -Path $OU

$form.txtDataOutBox.Text = Write-Output Created Group $samName in OU $OU }

If (($rdbUniversal) -and ($rdbDistribution) -and ($OU -eq "")){$form.txtDataOutBox.Text = Write-Output Error: OU path cannot be blank}

If (($rdbUniversal) -and ($rdbDistribution) -and ($OU -ne "")){New-ADGroup -Server $ServerName -Name $gpName -SamAccountName $samName -GroupScope Universal -GroupCategory Distribution -DisplayName $displayName -Path $OU

$form.txtDataOutBox.Text = Write-Output Created Group $samName in OU $OU }}

}Catch{$form.txtDataOutBox.Text = $_.Exception.Message}

$samAccountNameGrpCreate = $form.txtGroupNamePre2000.Text

$Who = whoami

$Message = "

Account Name: $who

Category: User Management

Subcategory: Account Management

New group $samAccountNameGrpCreate is created

Write-EventLog -LogName UserManagment -Source script -Message $Message -EventId 1 -EntryType information

})

##########################################

$EventLog = Get-EventLog -LogName UserManagment

If ($EventLog){ Write-host UserManagment eventlog exists

}Else{

New-EventLog -LogName UserManagment -Source Script }

$Window.ShowDialog()

$Window.Close()

```

Explanation of PowerShell code

Finding users and computers: This tab is used to find existing uses and computers in Activity directory. You can also use this tab to Update user information, Reset user password, Unlock user account, Enable / Disable user account.

Finding using and computer in Active directory
Creating a User: You can use User Creation tab to create new users in Active directory.

Creating new users
Creating a Group and Adding new members to Groups: The Group Modification tab is used to create new Groups in Activity directory and adding / removing members from existing groups.

Group creation and Modification

Additional User Management Features

To enhance functionality, you can add more option like Attribute Editor.

Finally step

Use an third part tool to convert the XAML and PowerShell script into a single executable file which can be provided to L1 engineers.

Testing the Tool

Once you have completed coding your GUI and backend functionality, it's time for testing:

Enter a username in the TextBox.
Click the "Create User" button and check if the user is added to the Active Directory.
Test the modifications and deactivation functions similarly to ensure they work as intended.

Always use real usernames while adhering to your organization’s security policies during this phase.

Considerations for Production Deployment

Before you roll out the tool to your L1 engineers, keep these points in mind:

User Role Restrictions: Make sure the accounts running this application have limited permissions to prevent unauthorized changes.
Testing: Rigorously test different scenarios to guarantee reliability.
Documentation: Prepare clear usage instructions for L1 engineers, covering common troubleshooting tips.

Wrapping Up

Creating a fully functional Active Directory user management tool using PowerShell and XAML provides a practical solution for organizations that want to empower L1 engineers without overwhelming them with the complexities of AD management. By combining a graphical user interface with PowerShell's capabilities, organizations can minimize accidental changes, ensuring user roles are managed securely.

This guide offers a detailed view of building the tool from scratch, enabling you to create custom features tailored to your needs. Thorough testing and user training remain critical before introducing any new tool.

By following this process, you're not just building a tool; you are enhancing operational efficiency and securing your Active Directory management practices.

Building a Fully Functional Active Directory User Management Tool with PowerShell and XAML

Understanding the Basics of PowerShell and XAML

Key Features of the User Management Tool

Setting Up the Development Environment

Building the GUI with XAML

Creating the XAML Layout

Explanation of the Layout

Integrating PowerShell with the GUI

Explanation of PowerShell code

Additional User Management Features

Finally step

Testing the Tool

Considerations for Production Deployment

Wrapping Up

Recent Posts

Comments

Vicky Kadam

Connecting IT Enthusiasts Worldwide