PowerShell Splatting
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Saving Progress...
PowerShell splatting is a method of passing a series of parameters to a command in a “single unit”. Splatting can make your code more human-readable and more accessible. In this lesson, we are going to look at how we can use splatting to simplify the code we use to create new Active Directory users - but keep in mind splatting can be used in any circumstance where you pass multiple parameters.
We are going to use the “Windows Server 2016 AD” lab from the IT Playground (link here). Launch the lab, log in to the Domain Controller and open the PowerShell ISE.
Once you’ve logged in, let’s take a look at what creating a new AD user account on a single line looks like:
New-ADUser -Name "Joe Friday" -GivenName “Joe” -Surname “Friday” -UserPrincipalName “joe.friday@serveracademy.com” -SamAccountName “joe.friday” -EmailAddress “joe@serveracademy.com” -Description “This is the users description” -OfficePhone “123-123-1234” -Path "OU=Domain Users,OU=ServerAcademy,DC=ServerAcademy,DC=local" -ChangePasswordAtLogon $true -AccountPassword $(ConvertTo-SecureString "Password!@#" -AsPlainText -Force) -Enabled $true
....Not very easy to read and definitely NOT easy to work with or modify at a later date. We could employ the use of backticks (`) to add each parameter on a new line. In PowerShell when you add the backtick, it allows you to continue the same command on a new line. You need to add a backtick for each new line that you want to add. It is much easier to read than a long one single line of code:
New-ADUser -Name "Joe Friday" `
-GivenName “Joe” `
-Surname “Friday” `
-UserPrincipalName “joe.friday@serveracademy.com” `
-SamAccountName “joe.friday” `
-EmailAddress “joe@serveracademy.com” `
-Description “This is the users description” `
-OfficePhone “123-123-1234” `
-Path "OU=Domain Users,OU=ServerAcademy,DC=ServerAcademy,DC=local" `
-ChangePasswordAtLogon $true `
-AccountPassword $(ConvertTo-SecureString "Password!@#" -AsPlainText -Force) `
-Enabled $true
Now let’s take a look at splatting and why that could be beneficial. First, we need to create a variable in the following format:
$parameters = @{}
Inside of the braces, we will put the name of our parameter, followed by the equals (=) character and finally the value. So something like this:
$parameters = @{
Name = “Joe Friday”
}
We can repeat this for all the parameters like so:
$parameters = @{
Name= "Joe Friday"
GivenName = “Joe”
Surname = “Friday”
UserPrincipalName = “joe.friday@serveracademy.com”
SamAccountName = “joe.friday”
EmailAddress = “joe@serveracademy.com”
Description = “This is the users description”
OfficePhone = “123-123-1234”
Path = "OU=Domain Users,OU=ServerAcademy,DC=ServerAcademy,DC=local"
ChangePasswordAtLogon = $true
AccountPassword = $(ConvertTo-SecureString "Password!@#" -AsPlainText -Force)
Enabled = $true
}
Now if we echo the $parameters variable, we get something like this:
What is cool is we can later access each individual parameter, such as the email address:
That could come in helpful later on depending on what type of scripting you want to do. But to use this variable to create a new AD user, we simply run the command with the splatting variable like so:
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
Wouldn’t it be better to call the input of the password into a variable via read-host -AsSecureString? That way the password is not stored in a txt file in input in clear.
$FirstName = Read-Host “Enter first name”
$LastName = Read-host “Enter last name”
$password = Read-Host “Enter Password” -AsSecureString
$sam = $FirstName + “.” + $LastName
$ou = “OU=DomainUsers,OU=JC-01A,DC=main,DC=local”
$domain = “@main.local”
$Starter = @{
Name = $FirstName + ” ” + $LastName
DisplayName = $FirstName + ” ” + $LastName
GivenName = $FirstName
Surname = $LastName
SamAccountName = $sam
UserPrincipalName = $sam + $domain
Path = $ou
EmailAddress = $sam + $domain
Enabled = $false
}
New-ADUser @Starter
Hi
Jason Campbell
That’s right. We should avoid using plain text strings in the script or from the command line. The plain text can show up in event logs and command history logs. It is just for simplicity when doing the lesson.
Ricardo