Active Directory New User Workflow

To help a little with the email from Powershell. I've used System.Net.Mail.SmtpClient to send from powershell.

$Mail = New-Object System.Net.Mail.MailMessage($Sender,$Recipient)
$Mail.IsBodyHTML = $True

## Setup SMTP Mail Server info
$MailClient = New-Object System.Net.Mail.SmtpClient
$MailClient.Host = $Mailserver


$Mail.Subject = "Subject"
$Mail.Body = "blah blah blah"

# Send the message
$MailClient.Send($Mail)
}

You would need to specify the $Sender, $recipient, and $mailserver.

So this is more of a process issue than a technological issue. It seems to me that you don't have some sort of ticketing system. I would highly suggest putting one in place as it will help other areas too. Decent systems will let you setup a workflow that lets you "push" the ticket to the next person in line once your piece is done.

As a worse case, you would be able to manually create the flow by pushing the ticket around and having an "owner" who it gets pushed back to to be moved to the next person.

To answer your direct question, yep you can create a Powershell script that will create an AD user, then you can send mail - haven't had to do this in Powershell v2 yet, but in V1 you had to dive into the .Net objects to send the mail, but it isn't that hard (get-object is your friend)

Based on the dicussion that has occured so far and your comments on them, I would suggest a scheduled task that runs once an hour to catch any new users, which sends an email containing any new users in that last hour.

If you format the email nicely, including all the steps in your workflow then the first person who gets it can comment on their task (or strikethrough the text) and then forward the email on.

While not effective in immediately communicating new hires, it is:

1. Simple
2. Effective in communicating for your small business size
3. Very low on resources

Here is the PowerShell you can use to find the names of users created in the last hour:

$date = [datetime]::UtcNow.addhours(-1)
$lasthour = "{0:0000}{1:00}{2:00}{3:00}{4:00}{5:00}.0Z" -f $date.year,$date.month,$date.day,$date.hour,$date.minute,$date.second

$strFilter = "(&(objectCategory=User)(whenCreated>=$lasthour))"


$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter

$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
    {$objItem = $objResult.Properties; $objItem.name}

Alternatively, you could write something up in powershell to facilitate the creation of a user based on staff input, and then continue on with an email at the end of that process.

Overall if you have a ticket system in place already, I'd suggest that as the best option, because it is something that can be used to track in a detailed manner. What I have typed above is really just an informal ticket with a lot of room for error.

What you are really asking for is a new AD admin. While technically possible to create a script to poll for AD changes, look for new user objects and send you a list, the effort involved in even verifying the new user needs the next step in your workflow done that you have a new email about (what about accounts that get re-created due to a mistake?) would be more than simply getting the admin to follow the process you've outlined. It’s the admin that should be asking for a way to automate his email, rather than you looking for a way to see that he's done it. You need to resolve your process issues before you can think about automating them