blackicedbear/dms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

error fix

Browse Source
This commit is contained in:
Nicolas
2026-04-28 14:46:32 +02:00
parent 6ecbed72a8
commit 6db62b4ea9
1 changed files with 130 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Setup-ByteTrail-AD.ps1
+130 -59
View File
@@ -17,7 +17,7 @@ Write-Host "`n=== ByteTrail AD Setup gestartet ===" -ForegroundColor Cyan
# ============================================================
# 1. OU-STRUKTUR
# ============================================================
Write-Host "`n[1/3] Erstelle OU-Struktur..." -ForegroundColor Yellow
Write-Host "`n[1/4] Erstelle OU-Struktur..." -ForegroundColor Yellow
$OUs = @(
"OU=Geschaeftsfuehrung,$DomainDN",
@@ -30,18 +30,31 @@ $OUs = @(
foreach ($OU in $OUs) {
$OUName = ($OU -split ",")[0] -replace "OU=", ""
if (-not (Get-ADOrganizationalUnit -Filter "DistinguishedName -eq '$OU'" -ErrorAction SilentlyContinue)) {
New-ADOrganizationalUnit -Name $OUName -Path $DomainDN -ProtectedFromAccidentalDeletion $true
Write-Host " [+] OU erstellt: $OUName" -ForegroundColor Green
} else {
try {
$existing = Get-ADOrganizationalUnit -Identity $OU -Server $Domain -ErrorAction Stop
Write-Host " [~] OU existiert bereits: $OUName" -ForegroundColor Gray
} catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
try {
New-ADOrganizationalUnit -Name $OUName -Path $DomainDN -ProtectedFromAccidentalDeletion $true -Server $Domain -ErrorAction Stop
Write-Host " [+] OU erstellt: $OUName" -ForegroundColor Green
} catch {
Write-Host " [!] FEHLER beim Erstellen von OU '$OUName': $_" -ForegroundColor Red
}
} catch {
# Anderer Fehler beim Pruefen - versuche trotzdem zu erstellen
try {
New-ADOrganizationalUnit -Name $OUName -Path $DomainDN -ProtectedFromAccidentalDeletion $true -Server $Domain -ErrorAction Stop
Write-Host " [+] OU erstellt: $OUName" -ForegroundColor Green
} catch {
Write-Host " [!] FEHLER beim Erstellen von OU '$OUName': $_" -ForegroundColor Red
}
}
}
# ============================================================
# 2. AD-GRUPPEN
# ============================================================
Write-Host "`n[2/3] Erstelle AD-Gruppen..." -ForegroundColor Yellow
Write-Host "`n[2/4] Erstelle AD-Gruppen..." -ForegroundColor Yellow
$Groups = @(
@{ Name = 'GRP-GF-VOLLZUGRIFF'; Description = 'Geschaeftsfuehrung - Vollzugriff' }
@@ -58,24 +71,46 @@ $Groups = @(
)
foreach ($Group in $Groups) {
if (-not (Get-ADGroup -Filter "Name -eq '$($Group.Name)'" -ErrorAction SilentlyContinue)) {
New-ADGroup `
-Name $Group.Name `
-SamAccountName $Group.Name `
-GroupScope Global `
-GroupCategory Security `
-Description $Group.Description `
-Path "OU=Gruppen,$DomainDN"
Write-Host " [+] Gruppe erstellt: $($Group.Name)" -ForegroundColor Green
} else {
try {
$existing = Get-ADGroup -Identity $Group.Name -Server $Domain -ErrorAction Stop
Write-Host " [~] Gruppe existiert bereits: $($Group.Name)" -ForegroundColor Gray
} catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
try {
New-ADGroup `
-Name $Group.Name `
-SamAccountName $Group.Name `
-GroupScope Global `
-GroupCategory Security `
-Description $Group.Description `
-Path "OU=Gruppen,$DomainDN" `
-Server $Domain `
-ErrorAction Stop
Write-Host " [+] Gruppe erstellt: $($Group.Name)" -ForegroundColor Green
} catch {
Write-Host " [!] FEHLER beim Erstellen von Gruppe '$($Group.Name)': $_" -ForegroundColor Red
}
} catch {
try {
New-ADGroup `
-Name $Group.Name `
-SamAccountName $Group.Name `
-GroupScope Global `
-GroupCategory Security `
-Description $Group.Description `
-Path "OU=Gruppen,$DomainDN" `
-Server $Domain `
-ErrorAction Stop
Write-Host " [+] Gruppe erstellt: $($Group.Name)" -ForegroundColor Green
} catch {
Write-Host " [!] FEHLER beim Erstellen von Gruppe '$($Group.Name)': $_" -ForegroundColor Red
}
}
}
# ============================================================
# 3. BENUTZER
# ============================================================
Write-Host "`n[3/3] Erstelle Benutzer..." -ForegroundColor Yellow
Write-Host "`n[3/4] Erstelle Benutzer..." -ForegroundColor Yellow
# Schema: Vorname, Nachname, Abteilung, OU, Gruppen[]
$Users = @(
@@ -156,6 +191,10 @@ $Users = @(
@{ Vorname="Yannick"; Nachname="Frank"; Abt="Service"; OU="OU=Service,$DomainDN"; Gruppen=@("GRP-SVC-FILES","GRP-ALL-EMAIL"); Title="Servicemitarbeiter" }
)
$UserCreatedCount = 0
$UserExistsCount = 0
$UserErrorCount = 0
foreach ($User in $Users) {
# Benutzername: vorname.nachname (Umlaute ersetzen)
$Sam = ($User.Vorname + "." + $User.Nachname).ToLower()
@@ -164,34 +203,57 @@ foreach ($User in $Users) {
$UPN = "$Sam@$Domain"
$EmailAddr = "$Sam@$MailDomain"
if (-not (Get-ADUser -Filter "SamAccountName -eq '$Sam'" -ErrorAction SilentlyContinue)) {
New-ADUser `
-SamAccountName $Sam `
-UserPrincipalName $UPN `
-GivenName $User.Vorname `
-Surname $User.Nachname `
-Name "$($User.Vorname) $($User.Nachname)" `
-DisplayName "$($User.Vorname) $($User.Nachname)" `
-Department $User.Abt `
-Title $User.Title `
-EmailAddress $EmailAddr `
-Path $User.OU `
-AccountPassword $DefaultPW `
-PasswordNeverExpires $false `
-ChangePasswordAtLogon $true `
-Enabled $true
$UserCreated = $false
Write-Host " [+] User erstellt: $Sam ($($User.Abt))" -ForegroundColor Green
} else {
try {
$existing = Get-ADUser -Identity $Sam -Server $Domain -ErrorAction Stop
Write-Host " [~] User existiert bereits: $Sam" -ForegroundColor Gray
$UserExistsCount++
$UserCreated = $true # User existiert, Gruppen trotzdem zuweisen
} catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
try {
New-ADUser `
-SamAccountName $Sam `
-UserPrincipalName $UPN `
-GivenName $User.Vorname `
-Surname $User.Nachname `
-Name "$($User.Vorname) $($User.Nachname)" `
-DisplayName "$($User.Vorname) $($User.Nachname)" `
-Department $User.Abt `
-Title $User.Title `
-EmailAddress $EmailAddr `
-Path $User.OU `
-AccountPassword $DefaultPW `
-PasswordNeverExpires $false `
-ChangePasswordAtLogon $true `
-Enabled $true `
-Server $Domain `
-ErrorAction Stop
Write-Host " [+] User erstellt: $Sam ($($User.Abt))" -ForegroundColor Green
$UserCreatedCount++
$UserCreated = $true
} catch {
Write-Host " [!] FEHLER beim Erstellen von User '$Sam': $_" -ForegroundColor Red
$UserErrorCount++
}
} catch {
Write-Host " [!] FEHLER beim Pruefen von User '$Sam': $_" -ForegroundColor Red
$UserErrorCount++
}
# Gruppen zuweisen
foreach ($Gruppe in $User.Gruppen) {
try {
Add-ADGroupMember -Identity $Gruppe -Members $Sam -ErrorAction Stop
} catch {
Write-Warning " Gruppe '$Gruppe' konnte nicht zugewiesen werden: $_"
# Gruppen zuweisen - nur wenn User existiert oder gerade erstellt wurde
if ($UserCreated) {
foreach ($Gruppe in $User.Gruppen) {
try {
Add-ADGroupMember -Identity $Gruppe -Members $Sam -Server $Domain -ErrorAction Stop
} catch {
if ($_.Exception.Message -like "*already a member*" -or $_.Exception.Message -like "*ist bereits Mitglied*") {
# Stille Warnung - User ist schon in der Gruppe
} else {
Write-Warning " Gruppe '$Gruppe' konnte nicht zugewiesen werden: $_"
}
}
}
}
}
@@ -205,31 +267,40 @@ $SvcSam = "svc-mailserver"
$SvcUPN = "$SvcSam@$Domain"
$SvcPW = ConvertTo-SecureString 'Mail$3rv!ceAcc2026' -AsPlainText -Force
if (-not (Get-ADUser -Filter "SamAccountName -eq '$SvcSam'" -ErrorAction SilentlyContinue)) {
New-ADUser `
-SamAccountName $SvcSam `
-UserPrincipalName $SvcUPN `
-Name "Mailserver Service Account" `
-DisplayName "Mailserver Service Account" `
-Description "Service-Account fuer Docker-Mailserver LDAP-Bind" `
-Path "OU=Server,$DomainDN" `
-AccountPassword $SvcPW `
-PasswordNeverExpires $true `
-ChangePasswordAtLogon $false `
-CannotChangePassword $true `
-Enabled $true
Write-Host " [+] Service-Account erstellt: $SvcSam" -ForegroundColor Green
} else {
try {
$existing = Get-ADUser -Identity $SvcSam -Server $Domain -ErrorAction Stop
Write-Host " [~] Service-Account existiert bereits: $SvcSam" -ForegroundColor Gray
} catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
try {
New-ADUser `
-SamAccountName $SvcSam `
-UserPrincipalName $SvcUPN `
-Name "Mailserver Service Account" `
-DisplayName "Mailserver Service Account" `
-Description "Service-Account fuer Docker-Mailserver LDAP-Bind" `
-Path "OU=Server,$DomainDN" `
-AccountPassword $SvcPW `
-PasswordNeverExpires $true `
-ChangePasswordAtLogon $false `
-CannotChangePassword $true `
-Enabled $true `
-Server $Domain `
-ErrorAction Stop
Write-Host " [+] Service-Account erstellt: $SvcSam" -ForegroundColor Green
} catch {
Write-Host " [!] FEHLER beim Erstellen von Service-Account '$SvcSam': $_" -ForegroundColor Red
}
} catch {
Write-Host " [!] FEHLER beim Pruefen von Service-Account '$SvcSam': $_" -ForegroundColor Red
}
# ============================================================
# ZUSAMMENFASSUNG
# ============================================================
Write-Host "`n=== Setup abgeschlossen ===" -ForegroundColor Cyan
Write-Host "OUs: $($OUs.Count) erstellt" -ForegroundColor White
Write-Host "Gruppen: $($Groups.Count) erstellt" -ForegroundColor White
Write-Host "User: $($Users.Count) erstellt (+ 1 Service-Account)" -ForegroundColor White
Write-Host "OUs: $($OUs.Count) konfiguriert" -ForegroundColor White
Write-Host "Gruppen: $($Groups.Count) konfiguriert" -ForegroundColor White
Write-Host "User: $UserCreatedCount neu erstellt, $UserExistsCount bereits vorhanden, $UserErrorCount Fehler (+ 1 Service-Account)" -ForegroundColor White
Write-Host "`nStandard-Passwort User: ByteTrail2026! (Benutzer muessen es beim ersten Login aendern)" -ForegroundColor Yellow
Write-Host "Service-Account Mailserver: $SvcSam / Mail`$3rv!ceAcc2026" -ForegroundColor Yellow
Write-Host "Mail-Domain: $MailDomain" -ForegroundColor White