AD Personnalisation

$domainInfos = Get-ADDomain

#----- Modifier la stratégie de mots de passe du domaine

$params = @{
        "Identity"=$domainInfos.DNSRoot; 
        "LockoutDuration"="00:00:00";
        "LockoutObservationWindow"="00:00:00";
        "LockoutThreshold"=0;
        "ComplexityEnabled"=$false; 
        "ReversibleEncryptionEnabled"=$False;
        "MaxPasswordAge"="00.00:00:00";
        "MinPasswordAge"="00.00:00:00";
        "PasswordHistoryCount"=0;
        "MinPasswordLength"=0
        }
	
Set-ADDefaultDomainPasswordPolicy @params
Get-ADDefaultDomainPasswordPolicy
Invoke-GPUpdate

Write-Host 'AD Configuration - Default Password Policy OK' -ForegroundColor Green

#----- CreateDialogu --> NOM Prenom

$objADDN = "CN=user-Display,cn=40c,CN=DisplaySpecifiers,CN=Configuration," + $domainInfos.DistinguishedName
Set-ADObject -Identity $objADDN -Replace @{createDialog="%<givenName> %<sn> "}

Write-Host 'AD Configuration - Create Dialogu Box OK' -ForegroundColor Green

#----- Création d"un Administrateur supplémentaire

$Password = ConvertTo-SecureString -AsPlainText "ad" -Force
$upn = "ad@" + $domainInfos.DNSRoot

$params = @{
    "Path"=('cn=Users,' + $domainInfos.DistinguishedName);
    "Name"="AD";
    "AccountPassword"=$Password;
    "Enabled"=$true;
    "UserPrincipalName"=$upn
            }

New-ADUser  @params

$members = Get-ADUser -Identity "Administrator" -Properties memberof
foreach ($group in $members.memberof)
{
    Add-ADGroupMember -Identity $group -Members "AD" -ErrorAction SilentlyContinue
}

Write-Host 'AD Configuration - Admin supplémentaire AD OK' -ForegroundColor Green

Write-Host "Personnalisation TERMINEE" -ForegroundColor Green