claudetools/clients/cascades-tucson/scripts/create-alma-montt-2026-05-18.ps1

# Cascades of Tucson -- Create Alma Montt AD account
# Date: 2026-05-18  Ticket: #109316879
# Run on: CS-SERVER as a domain admin
#
# Alma Montt -- Administrative staff (role TBD on ticket)
# SamAccountName follows non-caregiver convention: FirstName.LastName
# Force password change at next logon -- admin staff set their own passwords.
#
# After account is created and Entra Connect syncs (~30 min), assign a
# Business Standard license in M365 Admin to activate the mailbox.
# Credential delivery to Meredith/Alma is a manual step.

$OU           = "OU=Administrative,OU=Departments,DC=cascades,DC=local"
$Domain       = "cascadestucson.com"
$TempPassword = ConvertTo-SecureString "Cascades2026!" -AsPlainText -Force

$Sam         = "Alma.Montt"
$First       = "Alma"
$Last        = "Montt"
$DisplayName = "Alma Montt"
$UPN         = "$Sam@$Domain"

if (Get-ADUser -Filter "SamAccountName -eq '$Sam'" -ErrorAction SilentlyContinue) {
    Write-Host "[SKIP] $DisplayName already exists ($Sam)"
    exit 0
}

try {
    New-ADUser `
        -Name                  $DisplayName `
        -GivenName             $First `
        -Surname               $Last `
        -SamAccountName        $Sam `
        -UserPrincipalName     $UPN `
        -Path                  $OU `
        -AccountPassword       $TempPassword `
        -Enabled               $true `
        -ChangePasswordAtLogon $true `
        -PasswordNeverExpires  $false

    Write-Host "[OK] $DisplayName created"
    Write-Host "     SamAccountName : $Sam"
    Write-Host "     UPN            : $UPN"
    Write-Host "     OU             : $OU"
    Write-Host "     Temp password  : Cascades2026!"
}
catch {
    Write-Host "[ERROR] $_"
    exit 1
}

Write-Host ""
Write-Host "Next steps:"
Write-Host "  1. Force Entra Connect delta sync: Start-ADSyncSyncCycle -PolicyType Delta"
Write-Host "  2. Confirm account appears in M365 admin (~30 min after sync)"
Write-Host "  3. Assign Business Standard license in M365 admin"
Write-Host "  4. Deliver credentials to Alma / Meredith"
Write-Host "  5. Close ticket #109316879"