import-module activedirectory

write-host "Exports all domain users from a domain. Imports a unique Filespace user and password. Writes a report containing tab/comma-separated credentials."
write-host
write-host "Note: you must be connected to your Filespace as Root user"
write-host
$securerootpwd = Read-Host "Enter your root Password" -AsSecureString # securely capture Filespace root password

$aduser = Get-ADUser -Filter 'userPrincipalName -like "*"' | Select-Object userPrincipalName # query current connected domain 
$aduser = $aduser -replace("@{userPrincipalName=",""); $aduser = $aduser -replace("}","") # a little rough cleanup

$date = Get-Date -Format MM-dd-yyyy
$time = get-date -Format HH.mm.ss
$datetime = $date + "_" + $time

foreach ($user in $aduser) {
    
    $fsusr = $user # separate each AD user into Filespace user
    $fspwd = ("!@#$%^&*0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz".tochararray() | sort {Get-Random})[0..10] -join '' # generate unique Filespace user password

    write-output "$fsusr`t,`t$fspwd" | out-file -filepath .\lucid_acl_report_$datetime.txt -append # output Filespace users, default passwords into tab/comma-separated report
    
    $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securerootpwd)
    $rootpwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) #convert root password secure string

    start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "user --create $fsusr --user-password $fspwd --password $rootpwd" -Wait # create individual Filespace users with unique password
}