BAT is a PowerShell module used for streamlining helpdesk operations for an Army network. This tool helps automate the process of checking user's compliance in ATCTS alongside account creation/modification in Active Directory.
- Check ATCTS compliance
- Check if user has an AD account (including visitors accounts)
- Enable users in AD
- Create users
- Log output for later reference
This codebase for the BAT module itself is unclassified. It is written in a way that deliberately contains no Personally Identifiable Information (PII) or Controlled Unclassified Information (CUI). As it exists in this repository, BAT is unusable (as it is dependent on the configuration of the OrganizationalUnits.csv file and the presence of an ATCTS report).
Once installed and configured, the classification would raise to CUI -- thus requiring compliance with all CUI data protection measures.
- PowerShell version 5.1 or higher
- Active Directory (RSAT)
- An ATCTS report in CSV format with the following headers:
- EDIPI
- Personnel Type
- HQ Alignment Subunit
- Name
- Rank/Grade
- Profile Verified
- Date SAAR/DD2875 Signed
- Date Awareness Training Completed
- Date Most Recent Army IT UA Doc Signed
- Enterprise Email Address
- Must be run with administrative privileges to create/enable users
- Click the 'code' dropdown menu and download the .zip file.
- Extract the contents and find the BAT folder.
- The BAT folder should have the following contents/structure:
- Copy the BAT folder and all of its contents to
C:\Program Files\WindowsPowerShell\Modules
- Open a PowerShell window and run:
Import-Module BAT
- For usage instructions run:
Get-Help BAT
BAT/
|_ BAT-Library/
| |_ BAT-Library.psm1
| |_ OrganizationalUnits.csv
| |_ Set-OrganizationalUnits.ps1
|_ BAT.psd1
|_ BAT.psm1
Before using the -Create
feature, you must configure your OrganizationalUnits.csv file. This file can be found in the BAT-Library subfolder. This file simply contains the Distinguished Names (DNs) of the Organizational Unit (OU) containers that house your users. Leave the Name field as default for 'Visitor' and 'HHC BDE', however you must change the Name field for each of your subunits.
How do I find my DNs?
You can find your OU DNs by opening Active Directory Users and Computers (ADUC), right clicking on the OU where your users are, and selecting properties. Then click on Attribute Editor and find the Distinguished Name field.
Alternatively, you can run the interactive configuration script Set-OrganizationalUnits.ps1 also located in the BAT-Library subfolder. This script will need to be run with administrative privileges, as it must make changes in the C:\Program Files
directory.
- Basic syntax:
- Options:
- CheckATCTS: This will check the user(s) ATCTS report and provide feedback on delinquent items.
- CheckAD: This will report whether or not the user is found in Active Directory. It will also identify if the user has a DoD visitor account on Ft. Campbell.
- Create: This will create the user, formatting all fields based on information from the ATCTS report and placing in the correct OU based on the OrganizationalUnits.csv file. User will only be created if ATCTS report is clean. User will be created in a disabled state -- it is suggested to follow up with the
-Enable
option. (requires admin credentials) - Enable: This will enable the user, only if their ATCTS report is clean. (requires admin credentials)
- Log: This will log the output to a .txt file in the working directory.
- Path: This will specify the path to your ATCTS report (.csv file) -- default value is .\report_export if not specified
- Simple Examples:
- Dynamic Examples:
bat [EDIPIs] [Options]
bat 1234567890 -CheckATCTS
-- This will check a single user's ATCTS report
bat 1234567890 -CheckAD
-- This will check if the user exists in Active Directory
bat 1234567890 -Enable
-- This will enable the user, but only if their ATCTS report is clean
bat 1234567890 -Create
-- This will create the user in the appropriate OU, but only if their ATCTS report is clean
bat 1234567890,3216549870,4560123987 -CheckATCTS
-- Check multiple user's ATCTS
bat 1234567890,3216549870,4560123987 -CheckATCTS -CheckAD
-- Check multiple user's ATCTS reports and check for accounts in Active Directory
bat 1234567890,3216549870,4567893210 -Create -Enable
-- Create multiple users and enable them after creating.
bat 1234567890,3216549870,4560123987 -CheckATCTS -Log
-- Check multiple user's ATCTS and log the output