Service Desk

Attributes, groups, and mailbox permissions in excel sheet from Employee Engagement representative, which should come attached to the ticket, are all correct and accounted for, i.e.:

• First Name

• Initials

• Last Name

• Display Name

• Email aligned with displayname and email address policy

• Sam Account Name aligned with display name and Sam Account Name policy

• Default temporary password

• Department

• Title

• Campus

• Supervisor

• Group Membership

• Shared Mailbox Permissions

• MindTouch display name

• MindTouch email

• MindTouch username

• MindTouch temporary passowrd

The outputs are the resulting objects in Active Directory, Microsoft 365, Exchange Online, and MindTouch.

1. The subject line of the incoming ticket will contain the new employee’s name. You can find the onboarding details in sharepoint here: EE Operations - New Hires

2. Via ScreenConnect, remote into 3020-mini-1

   

3. Sign in as sdhs_ctac, the domain admin account for SDHS. The password is in 1Password.

4. Start Windows PowerShell

5. Store the default temporary password in a variable. We will pass this to the PowerShell cmdlet later:

   1. Type the following into the shell and press Enter

      $Password = Read-Host -AsSecureString

   2. Type Puppy123456! and press Enter

6. Type the following into the shell (hint: tab complete should work after “New-U”:

   New-UserAccountProvision

7. Add a space after the above

8. Fill in all parameters:

   1. Type - (en dash) then press Tab. You should see a parameter name, e.g., FirstName, appear directly right of -, e.g.:

      NewUserAccountProvision -FirstName

   2. Enter the parameter value right of the parameter name, with one space in between name and value, e.g.:

      NewUserAccountProvision -FirstName Jane

   3. Add a space after the parameter value

   4. Start again at step 1 of this loop and repeat until you see the -Verbose switch. You can delete this switch when it appears. Some special cases are worth mentioning:

• If there is whitespace within the value, most often this happens in Title, quote the string, i.e.:

      `New-UserAccountProvision -FirstName Jane -Title` ***`'Animal Care Associate'`***

• For the -Password parameter, use the $Password variable that was stored eariler, i.e.:

      `New-UserAccountProvision -FirstName Ryan -Title "Dedicated Support Analyst II"` ***`-Password $Password`***

• The Campus and Department parameters will only take input that matches the names of the respective OUs in Active Directory. For this reason, tab completion support was added. For example, if you type

      `New-UserAccountProvision -FirstName Jane -Initials B -LastName Doe -DisplayName 'Jane Doe'` ***`-Campus Gaines`***
  
    and press `Tab` you will see `Gaines` change to `Gaines 5433`. If you continue to press tab, it will cycle through all possible parameters that start with a *G*. This works similarly for `Department`

• Below is a full example usage of the cmdlet:

      `New-UserAccountProvision -FirstName Jane -Initials B -LastName Doe -DisplayName 'Jane Doe' -Campus 'Gaines 5500' -Department 'Animal Care' -Password $Password -Title 'Animal Care Associate'`

1. When all parameters are entered accurately, press Enter.

• If an error is thrown referring to a remote session with Exchange, closing the shell and reopening it should resolve the error

1. The script will output the SamAccountName and UserPrincipalName of the new hire. Put these in the matching fields in the excel sheet at this location: New-Hires-Current

   Sample output:

   New user Jane Doe's SamAccountName:
   JaneD
   
   New user Jane Doe's UserPrincipalName:
   JBDoe@sdhumane.org
   
   All set!

  ![Description](/images/kb/aaae821803ff8c3865394adc45415454.webp)

1. Open *Active Directory Users and Computers*

  ![Description](/images/kb/3bee35fe3bb9daff0c706609bcfaabbd.webp)

1. Browse to the new hire that was just created
1. Ensure that attributes were added correctly, and manually add the user's manager in the *Organization* tab
1. Add all on-prem distribution and security groups in *Member Of* tab
1. Type `sync` into the PowerShell window and press `Enter`. This will manually sync the new hire to the Microsoft tenant via AD Connect
1. Sign into the SDHS M365 tenant
1. Select the user that was just created
  ![Description](/images/kb/be7ae85efca2aaf9befd62423f620ca2.webp)

1. Click *Manage groups*

![Description](/images/kb/709fccebfede897fdefb8a9cbfd06112.webp)

1. Add all cloud group membership

- Keep in mind that Microsoft licensing is applied by group. In most instances one of three groups will cover the licensing: *E1-F3-Licensees, E3 Licensees, and Business Premium Licensees*.

    This group membership should be included in the Excel document for the new hire

1. Navigate to [resources.sdhumane.org](resources.sdhumane.org)
1. Click *Sign in* and login as sdhs\_ctac (same credential as domain admin above)
1. Navigate to *Site tools -> Control panel -> Users -> Add New User*
1. Using what was generated by the PowerShell cmdlet above, input as below:

- Username = UserPrincipalName

- Display Name = DisplayName in AD

- Email = UserPrincipalName

- Password = Puppy123456!

1. Keep *Community Member* checked and add to group *Staff_Viewer*
1. Click *Add User*

---
### Process References:

1. Create a relationship back to related process.
Note: Please add KB relationships to core process, process, SOPs or other WIs on the right.