I have gone through many versions of this user creation script as time has gone by, and so far this particular one is really hitting the mark.  It doesn’t do everything, but it takes care of 98% of everything so that I don’t need to rely on my help desk always setting things up appropriately (yay for scripting making everything consistent!!).  Anywho, this version of the script will do the following with PowerShell: Create the AD account with all the properties I need and a random password, set the account to require password change, populate proxy address attribute on the account, create the user accounts “home” folder (doc redirect), share and set both ntfs and share permissions on the folder, create a DFS link for the “home” folder,  and add the account to necessary groups.

Phew that’s a mouthful.  Before I drop the code, there is one disclaimer.  The script will prompt for credentials at the beginning.  These credentials MUST be able to create/edit AD accounts, have administrator access to file server, and be delegated in DFS.  Also, PS-Remoting must be available on the File Server/Server that hosts ADFS as I invoke commands remotely, and these two servers need to be in your local machines WinRM Trusted Hosts list.

You can add more to the multi-array and reference it as needed (for example group names), this is just a more basic example of how to get things done.

Enjoy!