{"id":18387660,"url":"https://github.com/thenetworg/skolnilogin-powershell","last_synced_at":"2025-04-12T02:47:21.964Z","repository":{"id":48974515,"uuid":"150575229","full_name":"TheNetworg/SkolniLogin-PowerShell","owner":"TheNetworg","description":"PowerShell modules for managing students and teachers at schools.","archived":false,"fork":false,"pushed_at":"2021-07-02T18:45:21.000Z","size":43,"stargazers_count":1,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-16T00:28:52.283Z","etag":null,"topics":["active-directory","edulogin","powershell","school","skolnilogin"],"latest_commit_sha":null,"homepage":"https://www.powershellgallery.com/packages/SkolniLogin","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TheNetworg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-27T11:19:56.000Z","updated_at":"2021-07-02T18:45:25.000Z","dependencies_parsed_at":"2022-08-27T20:02:13.671Z","dependency_job_id":null,"html_url":"https://github.com/TheNetworg/SkolniLogin-PowerShell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheNetworg%2FSkolniLogin-PowerShell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheNetworg%2FSkolniLogin-PowerShell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheNetworg%2FSkolniLogin-PowerShell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheNetworg%2FSkolniLogin-PowerShell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TheNetworg","download_url":"https://codeload.github.com/TheNetworg/SkolniLogin-PowerShell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248508654,"owners_count":21115845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","edulogin","powershell","school","skolnilogin"],"created_at":"2024-11-06T01:27:15.004Z","updated_at":"2025-04-12T02:47:21.947Z","avatar_url":"https://github.com/TheNetworg.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SkolniLogin.cz - PowerShell Provisioning\nThe purpose of this module is to automate provisioning of new accounts into Active Directory and its related systems.\n\nYou can refer here for further information about this problematics: [Best practices for managing students in Active Directory](https://blog.thenetw.org/2018/09/03/best-practices-for-managing-students-in-active-directory/)\n\n## Installing\n### PowerShell Gallery\nYou should use this option to install the latest stable version of this module.\n```powershell\nInstall-Module -Name SkolniLogin\n```\nYou can also update the module:\n```powershell\nUpdate-Module -Name SkolniLogin\n```\n### Manual installation (DEV)\n1. Download this repository\n1. Import the PowerShell module\n```powershell\nImport-Module .\\SkolniLogin.psm1\n```\n\n## Teachers / Employees / Other users\nSupport will be added in future\n\n## Students\nCreating students is the very basic task. All students will be put in the same OU specified as the param. Users will not be moved when being updated.\n```powershell\nImport-SkolniLoginStudents -FilePath \"C:\\Users\\Administrator\\Desktop\\students\\students.csv\" `\n    -CurrentYear 2018 `\n    -Domain \"student.skola.cz\" `\n    -UserGroup \"All Students\" `\n    -ImportType 1 `\n    -UserOU \"OU=Students,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\" `\n    -ClassOU \"OU=Classes,OU=Groups,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\" `\n    -UsernamePattern 1 `\n    -CleanGroupMembership $false `\n    -CleanGroupMembershipOnlyFromClassOU $true `\n    -IgnoreGroups \"Domain Users\",\"Wi-Fi Users\" `\n    -ExtensionAttributeName \"msDS-cloudExtensionAttribute1\" `\n    -GroupDomain \"skola.cz\" `\n    -DisplayNamePattern 1\n```\n### Classes\nThe script is also going to create respective classes - mail-enabled security groups. If an existing class (with same ID) is found - it updates its display name to reflect the current year and also the e-mail address if it is not set and doesn't exist with other group in AD.\n#### Supported class formats\n- `1. A` \u003e `2018-A`\n- `2.B` \u003e `2017-B`\n- `B2A` \u003e `2017-BXA`\n- `1A` \u003e `2018-A`\n### Parameters\n#### -CurrentYear\nThe current school year, for example 2018/2019 means the year will be 2018. This is used when creating class identifiers.\n#### -Domain\nThe UPN suffix which you want to use for the students.\n#### -UserGroup\nThe group which all created users will be member of. The user will be automatically member of *Domain Users*. The aditional group can be used for group-based licensing in Azure AD and so on.\n#### -ImportType\nThere are currently two imports - Full and New.\n##### Full\nValue: 1\n\nThis is the easiest way - whenever you need to make changes, you use the Full import. Thanks to it, all users will be removed from all groups (except Domain Users), added to their respective groups again. Groups will be renamed to match their current name in the school information system etc. When the student in AD is not found in the export, you will be prompted to delete the user in the end.\n##### New\nValue: 2\n\nThis allows you to create new students from partial export. None will be removed from their groups, and only new ones will be added.\n#### -UserOU, -ClassOU\nThe organizational units under which the users and groups should be created.\n#### -UsernamePattern\nSee Username Patterns section below.\n#### -DisplayNamePattern\nSee Display Name Patterns section below.\n#### Optional: -CleanGroupMembership\nSpecifies whether the user should be removed from their existing group memberships. Defaults to false, and should be used if you want to clean memberships.\n#### Optional: -CleanGroupMembershipOnlyFromClassOU\nUser will be removed only from groups in specified OU. This is good if you want to keep the user in other security groups - for Wi-Fi users etc.\n#### Optional: -IgnoreGroups\nAccepts an array of *SamAccountNames* of groups which the user should never be removed from when using initial import. This is handy if you have some Wi-Fi access groups in Active Directory or something and want the user to stay in those groups.\n#### Optional: -ExtensionAttributeName\nAttribute in Active Directory to be used for storing the SLHash. Defaults to `msDS-cloudExtensionAttribute1` for Windows Server 2012+ schema, but for lower schemas, you should use `extensionAttribute1`.\n#### Optional: -GroupDomain\nThe domain under which the class mail addresses should be created under. If not specified the value of `-Domain` parameter is used.\n\n## Username Patterns\nCurrently only a single pattern is available, demonstrated on example: *Jméno Příjmení*\n\nIn case the user's name is *First First2 Surname Surname2* online *First* and *Surname2* are used - first part of *GivenName* and last part of *Surname* separated by space.\n### Value: 1\n1. PrijmeniJme0\n1. PrijmeniJme1\n1. ...\n### Value: 2\n1. Jmeno.Prijmeni\n1. Jmeno.Prijmeni.1\n1. ...\n### Value: 3\n1. Prijmeni.Jmeno\n1. Prijmeni.Jmeno.1\n1. ...\n### Value: 4\n1. JmenoPrijmeni\n1. JmenoPrijmeni2\n1. ...\n### Value: 4\n1. PrijmeniJ\n1. PrijmeniJ1\n1. ...\n\n## DisplayName Patterns\n### Value: 1\n* Jméno Příjmení\n### Value: 2\n* Příjmení Jméno\n### Value: 3\n* Příjmení, Jméno\n\n## User Matching\nUser's are matched based on their hash which is built followingly:\n\n**IDIssuer**,**IDType**,**SHA1(ID)**\n\nThe hash is then stored into *msDS-cloudExtensionAttribute1* in the Active Directory and used for further matching and making changes. This is the reason why it is very crucial to keep the IDIssuer, IDType and ID the same for user in each export.\n\n## Input CSV file\nFile is basically validated with each import, simply for fields existing and being filled out. The file is CSV and has to have following fields:\n### GivenName\n### Surname\n### Class\n### IDIssuer\nThis is usually the country which issued the ID, either *CZ* or *INT* for ID coming from internal system.\n### IDType\nUser's unique identifier, in the Czech Republic, the birthnumber is used. Values should be *BN*, *SSN* etc.\n#### Birth Number\nIf birth number is specified, it is going  to be \"sanitized\" to format YYYYMMDDXXXX so the `/` will be removed for consistency.\n### ID\nThe ID value itself. Should be ideally only a number, for example *123456000* which is the Czech birth number format.\n### Optional: Alias\nIf the user has some weird name or something, an initial alias can be specified - it will be used during the creation process.\n\n## Output\nThis script outputs the same values like in the input, however adds the following:\n### Password\n### UserPrincipalName\nUsername for logging into Office 365, computers, etc.\n### Alias\nThe alias can be used for logging into computers as well, in case the user's alias is longer than 19 characters (which is the maximum value accepted by Active Directory), their alias will be *user_hash* so they should be using their UPN for logging in instead.\n\n## Home Drives\nSets and creates user's Home Drive assigned to a letter. This is mostly for legacy cases, OneDrive for Business should be used instead.\n```powershell\nGet-ADUser -Filter * | New-SkolniLoginHomeDrive `\n    -Path \"\\\\ad.skola.cz\\storage\\drives\\{username}\" `\n    -Letter \"O:\" `\n    -Force $false\n```\nThe path supports placeholders *username* = *sAMAccountName*, *strippedUpn* which is the username part of the UPN. If user has an existing homedrive, you can override it by using the `Force` parameter. Do not forget to add `:` behind the letter!\n\nThe folder is going to automatically inherit permissions so that the user is owner and has full access + the permissions from top folders apply as well. The path sub-tree will be created if the folders don't exist.\n\nIf you want to create homedrives per class, you may want to do something like this:\n```powershell\n$groups = Get-ADGroup -SearchBase \"OU=Groups,OU=Uzivatele,DC=ad,DC=skola,DC=cz\" -Filter *\nforeach($group in $groups) {\n    $users = Get-ADGroupMember -Identity $group.Name\n    $users | New-SkolniLoginHomeDrive -Path \"\\\\ad.skola.cz\\storage\\drives\\studenti\\$($group.Name)\\{strippedUpn}\" -Letter \"O\"\n}\n```\n\n## Append Current Class to Display Name\nUseful for adding class information for each user:\n```powershell\n$students = Get-ADUser -Filter * -SearchBase \"OU=Students,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\"\nforeach($student in $students) {\n    $student | Set-SkolniLoginClassToDisplayName `\n        -ClassOU \"OU=Classes,OU=Groups,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\" `\n        -IgnoreGroups \"All Students\"\n}\n```\nOnly class with the lowest year for each student is displayed, example: if a user John Doe is member of 2017-A and 2018-A, only class 2017-A will be displayed as `John Doe (2.A)`. This command should be run every year to reflect current class changes. If the user has existing display name which contains ` (` the first part will be used as display name and the second will be replaced with the current class.\n\n## Add UPN into Mail attribute\nIf you are using Group-based licensing, you might have noticed that the primary mail is not provisioned [according to the documentation](https://support.microsoft.com/en-us/help/3190357/how-the-proxyaddresses-attribute-is-populated-in-azure-ad). In order to fix this, you need to populate the `mail` attribute for each user. In order to simply accomplish this, you can run following:\n```powershell\n$students = Get-ADUser -Filter * -SearchBase \"OU=Students,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\"\nforeach($student in $students) {\n    $student | Set-SkolniLoginUpn2Mail\n}\n```\nPlease note that any existing value in `mail` attribute will be overwritten. In order to use multiple addresses (for example when changing user's surname in case of marriage and keeping the legacy as well, use `proxyAddresses` attribute).\n\n## Sort users into class organizational units\nThis function will go through all selected students and move them to the respective organizational units per their class. If the OU doesn't exist, it will get automatically created with the class ID (eg. YEAR-TAG)\n```powershell\n$students = Get-ADUser -Filter * -SearchBase \"OU=Students,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\"\nforeach($student in $students) {\n    $student | Set-SkolniLoginOrganizationalUnitByClass `\n        -ClassOU \"OU=Classes,OU=Groups,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\" `\n        -IgnoreGroups \"All Students\" `\n        -TargetOU \"OU=Students,OU=Users,OU=School,DC=ad,DC=skola,DC=cz\"\n}\n```\n\n## Debugging\nIn order to see the output of the script, you have to enable debug output first. Errors will be written to stderr like usual.\n```powershell\n$DebugPreference = \"Continue\"\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthenetworg%2Fskolnilogin-powershell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthenetworg%2Fskolnilogin-powershell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthenetworg%2Fskolnilogin-powershell/lists"}