P
AI for IT Support Technician / Help Desk Analyst

Automated New Employee IT Onboarding with ChatGPT + PowerShell

Tools:ChatGPT + PowerShell
Time to build:1-2 hours
Difficulty:Intermediate
Prerequisites:Comfortable using ChatGPT for PowerShell scripts — see Level 3 guide: "Using ChatGPT for PowerShell Script Generation"

What This Builds

A semi-automated IT onboarding workflow that uses AI to generate consistent onboarding checklists per role/department AND uses AI-generated PowerShell scripts to automate the repetitive account creation steps. Instead of a 2-3 hour manual process prone to missed steps, onboarding becomes a 45-60 minute guided process with automation handling the repetitive parts.

Prerequisites

  • ChatGPT free account (for this workflow, free tier is sufficient)
  • PowerShell access with Active Directory module
  • M365 admin access (for license assignment)
  • A CSV template for new hire information (you'll create this)
  • 60-90 minutes to build the initial workflow

The Concept

New employee onboarding has two parts: the repetitive, automatable parts (create AD account, assign license, add to groups) and the human-judgment parts (decide which distribution groups, set up equipment in person, walk through day-1 orientation). This workflow automates the first part and standardizes the second with AI-generated role-specific checklists.

Think of it as: the automation does the "factory floor" work, you do the "skilled labor" work.

Build It Step by Step

Part 1: Create Your Onboarding Input Template

Create a CSV file called new-hire-template.csv with these columns:

Copy and paste this
FirstName,LastName,Department,JobTitle,Manager,StartDate,Office,ADGroup1,ADGroup2,ADGroup3,M365License,NeedsVPN,NeedsSalesforce,NeedsOtherApp

Fill in one sample row for your most common role (e.g., a new office employee). This becomes your input file.

Part 2: Generate the AD Account Creation Script

Open ChatGPT and paste this prompt:

Copy and paste this
Write a PowerShell script for new employee AD account creation that:
1. Reads a CSV file from C:\Onboarding\new-hire.csv with columns: FirstName, LastName, Department, JobTitle, Manager, ADGroup1, ADGroup2, ADGroup3
2. Creates an AD user account with:
   - SamAccountName: first initial + last name (jsmith format), check for duplicates and add number if exists
   - UPN: [firstname.lastname]@[your domain]
   - Initial password: [Company name + current year + !] (or prompt for password)
   - Account disabled until manually enabled (new hires shouldn't log in until Day 1)
   - Set OU based on Department (map: Sales→OU=Sales, Marketing→OU=Marketing, etc.)
   - Add to groups specified in ADGroup1, ADGroup2, ADGroup3 columns
3. Output a log file to C:\Onboarding\log-[date].txt showing each action taken
4. Include -WhatIf mode by default
5. Error handling: log failures without stopping the script

Customize the prompt with your actual OU structure and domain. Review the generated script. Test with -WhatIf on a test account first.

Part 3: Generate the M365 License Assignment Script

In a new ChatGPT session, paste:

Copy and paste this
Write a PowerShell script using the Microsoft Graph module (not the deprecated AzureAD module) that:
1. Reads the same new-hire.csv file
2. Assigns an M365 license (SKU: [your license SKU — e.g., SPE_E3]) to the user based on their email address from the CSV
3. Waits for the account to be provisioned in Azure AD before assigning (with retry logic, max 3 attempts, 30 second delay)
4. Outputs to the same log file
5. Handles users not yet in Azure AD gracefully (log and skip, not error)

Part 4: Create the Role-Specific Checklist Generator

This is where AI generates a tailored checklist for each new hire's role. Open ChatGPT and use:

Copy and paste this
You are an IT onboarding checklist generator. When I give you a job title and department, generate a complete IT onboarding checklist that includes:
1. Standard items (always required for everyone)
2. Role-specific applications and access
3. Hardware setup considerations
4. Day-1 items to complete in person vs. can do remotely before start

Company IT environment: [paste your key environment details]
Standard applications everyone gets: [list]
Department-specific applications:
- Sales: Salesforce, LinkedIn Sales Navigator
- Marketing: HubSpot, Canva Pro
- Engineering: GitHub, AWS console
[continue for your departments]

First role: [Job Title], [Department]

Save the generated checklist as a template. Run this for your 5-10 most common roles and save each one in a folder.

Part 5: Build the Workflow Process

Put it all together as a documented workflow:

Step 1 (Day -3): HR/manager submits new hire info → you fill in new-hire.csv Step 2 (Day -2): Run AD creation script with -WhatIf → review log → remove -WhatIf → run for real → send HR the generated username Step 3 (Day -1): Run M365 license script → verify in admin portal → set up device with Intune enrollment Step 4 (Day 1 morning): Enable AD account → print role-specific checklist → complete remaining manual steps with new hire

Part 6: Test End-to-End

Create a test account (first name "Test", last name your last name) and run the full workflow. Verify:

  • AD account created with correct OU, groups, and attributes
  • M365 license assigned
  • Account starts disabled
  • Log file captures all actions
  • Checklist covers everything that role needs

Real Example: Onboarding a New Sales Rep

You receive: New hire request for Alex Johnson, Sales Representative, starting Monday.

Day -3: Fill in new-hire.csv: Alex,Johnson,Sales,Sales Representative,manager@company.com,2026-03-23,NYC,Sales-All,CRM-Users,VPN-Users,SPE_E3,Yes,Yes,No

Day -2: Run AD script in -WhatIf mode → see preview of account creation → confirm OU is correct → remove -WhatIf → account created as ajohnson, disabled, added to correct groups. Log shows success. Email HR: "Alex Johnson's username will be ajohnson."

Day -2 continued: Run M365 script → E3 license assigned → Teams/SharePoint provisioned automatically.

Day -1: Set up laptop with Intune enrollment → standard apps deploy automatically via Intune. Print Sales Rep onboarding checklist.

Day 1: Enable AD account (one command). Complete the 6 remaining manual steps on the checklist. Total time spent: 35 minutes vs. 2-3 hours manual.

Time saved per hire: 90-120 minutes of repetitive work.

What to Do When It Breaks

  • AD account creation fails → Check the error log; most common issues are OU doesn't exist, duplicate SamAccountName, or AD module not imported. ChatGPT can debug from the error message.
  • M365 license assignment fails → Account may not be synced to Azure AD yet; the retry logic should handle this, but if it doesn't, run the script again after 5 minutes
  • Script runs without errors but account is wrong → Review the CSV template — the script does exactly what the CSV says; wrong OU or group is usually a typo in the CSV
  • Need to add a new application → Add it to your role-specific checklist template (AI-generated, human-maintained)

Variations

  • Simpler version: Skip the scripts entirely — use ChatGPT to generate a role-specific onboarding checklist only, and complete all steps manually with the checklist as your guide. Still saves time through consistency.
  • Extended version: Add a Zapier webhook that triggers when a specific form is submitted (e.g., HR's new hire form) and automatically fills in the CSV — fully automated input to onboarding trigger

What to Do Next

  • This week: Set up the role-specific checklist generator; run it for your 5 most common roles; store templates
  • This month: Build and test the PowerShell scripts in a dev/test AD environment; deploy to production once confident
  • Advanced: Integrate with your ticketing system — when a new hire ticket is created, a PowerShell script automatically creates the AD account and assigns licenses, and the ticket updates with the new username

Advanced guide for IT support technician / help desk analyst professionals. These techniques use more sophisticated AI features that may require paid subscriptions.