# User Account Definitions
# Processed after OUs and groups.
# New users get a CSPRNG password saved to ad-objects/.credentials/ (never printed to console).

@(
    # --- Master Admins (ExampleAdmins OU) ---

    @{
        SamAccountName = 't0admin'
        Name           = 'Tier Zero Admin'
        GivenName      = 'Tier'
        Surname        = 'Admin'
        Path           = 'OU=ExampleAdmins,DC=example,DC=internal'
        Enabled        = $true
        MemberOf       = @('MasterAdmins', 'Administrators', 'Group Policy Creator Owners', 'DnsAdmins', 'Remote Desktop Users')
        Description    = 'Tier 0 master admin -- GPO/AD management via RDP to DC01'
        Title          = 'Master Administrator'
        Department     = 'IT'
    }

    # --- Delegated Admins (ExampleUsers OU) ---

    @{
        SamAccountName = 'jsmith'
        Name           = 'John Smith'
        GivenName      = 'John'
        Surname        = 'Smith'
        Path           = 'OU=ExampleUsers,DC=example,DC=internal'
        Enabled        = $true
        MemberOf       = @('DelegatedAdmins')
        Description    = 'Delegated admin -- helpdesk via RSAT on WS01'
        Title          = 'Systems Administrator'
        Department     = 'IT'
    }

    # --- Standard Users (ExampleUsers OU) ---

    @{
        SamAccountName = 'jdoe'
        Name           = 'Jane Doe'
        GivenName      = 'Jane'
        Surname        = 'Doe'
        Path           = 'OU=ExampleUsers,DC=example,DC=internal'
        Enabled        = $true
        MemberOf       = @()
    }
)