# Cascades of Tucson -- Create Alma Montt AD account # Date: 2026-05-18 Ticket: #109316879 # Run on: CS-SERVER as a domain admin # # Alma Montt -- Administrative staff (role TBD on ticket) # SamAccountName follows non-caregiver convention: FirstName.LastName # Force password change at next logon -- admin staff set their own passwords. # # After account is created and Entra Connect syncs (~30 min), assign a # Business Standard license in M365 Admin to activate the mailbox. # Credential delivery to Meredith/Alma is a manual step. $OU = "OU=Administrative,OU=Departments,DC=cascades,DC=local" $Domain = "cascadestucson.com" $TempPassword = ConvertTo-SecureString "Cascades2026!" -AsPlainText -Force $Sam = "Alma.Montt" $First = "Alma" $Last = "Montt" $DisplayName = "Alma Montt" $UPN = "$Sam@$Domain" if (Get-ADUser -Filter "SamAccountName -eq '$Sam'" -ErrorAction SilentlyContinue) { Write-Host "[SKIP] $DisplayName already exists ($Sam)" exit 0 } try { New-ADUser ` -Name $DisplayName ` -GivenName $First ` -Surname $Last ` -SamAccountName $Sam ` -UserPrincipalName $UPN ` -Path $OU ` -AccountPassword $TempPassword ` -Enabled $true ` -ChangePasswordAtLogon $true ` -PasswordNeverExpires $false Write-Host "[OK] $DisplayName created" Write-Host " SamAccountName : $Sam" Write-Host " UPN : $UPN" Write-Host " OU : $OU" Write-Host " Temp password : Cascades2026!" } catch { Write-Host "[ERROR] $_" exit 1 } Write-Host "" Write-Host "Next steps:" Write-Host " 1. Force Entra Connect delta sync: Start-ADSyncSyncCycle -PolicyType Delta" Write-Host " 2. Confirm account appears in M365 admin (~30 min after sync)" Write-Host " 3. Assign Business Standard license in M365 admin" Write-Host " 4. Deliver credentials to Alma / Meredith" Write-Host " 5. Close ticket #109316879"