My active directory accounts are not being created properly - powershell

Once I create the users using my script , It will create fine but I cant login using them and I will get errors like
Account Restrictions Are Preventing This User from Signing in.
The issue is I cant sign in with my users
Import-Module ActiveDirectory
$ADUsers = Import-Csv C:\users.csv
foreach ($User in $ADUsers) {
$Name = $User.Name
$username = $User.username
$password = $User.passcode
$Title=$User.Title
New-ADUser -Name $Name -SamAccountName $username -AccountPassword (ConvertTo-secureString $password -AsPlainText -Force) -Title $Title
Enable-AdAccount -Identity $username
}
Here is my script I would love to know if i am missing a parameter or something.
I have tried enabling the user accounts in my script yet that did not work. I was hoping to use these accounts to login.

Related

How can I add a user and add in Active Directory with Powershell?

I created a Active Directory with domain local called ITTFDOM.local and I created one Organisation Unit with the name ITSTTF where I created two groups Marketing and Sales.
My assignment is: Create a user with a password, and add this user in Active Directory and put it in this OU.All this is must be done with POWERSHELL How can I do?
If (!(Get-Module).Name.Contains("ActiveDirectory")) { Import-Module "ActiveDirectory" }
$OU = "OU=ITSTTF,DC=ITTFDOM,DC=local"
$GivenName = "John"
$Surname = "Doe"
$Name = "Jonh Doe"
$Username = "j.doe"
$Password = "p#ssw0rd"
$SecureString = ConvertTo-SecureString $Password -AsPlainText -Force
New-ADUser -Name $Name -GivenName $GivenName -SamAccountName $Username -Path "OU=Managers,DC=enterprise,DC=com" -AccountPassword $SecureString -Enabled $true
Please refer to https://learn.microsoft.com/en-us/powershell/module/addsadministration/new-aduser?view=winserver2012r2-ps for more details.

Adding new users to Active Directory and allowing for a cell with multiple values to be split to add individual groups to users

I have a script that creates a new user in the Active Directory. I want to be able to include a groups value into my csv template and have these split into individual values to be added with the user.
I currently run a second script to assign groups to users by outlining the group name.
# Import active directory module for running AD cmdlets
Import-Module activedirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv C:\upload\batman.csv
#Loop through each row containing user details in the CSV file
foreach ($User in $ADUsers)
{
#Read user data from each field in each row and assign the data to a variable as below
$Username = $User.username
$Password = $User.password
$Firstname = $User.firstname
$Lastname = $User.lastname
$OU = $User.ou #This field refers to the OU the user account is to be created in
$email = $User.email
$Password = $User.Password
$groups = $User.groups
#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user does exist, give a warning
Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
#User does not exist then proceed to create the new user account
#Account will be created in the OU provided by the $OU variable read from the CSV file
New-ADUser `
-SamAccountName $username `
-UserPrincipalName "$username#lon.deloitterisk.cloud" `
-Name "$Firstname $Lastname" `
-GivenName $Firstname `
-Surname $Lastname `
-Enabled $True `
-DisplayName "$Lastname, $Firstname" `
-Path $OU `
-AccountPassword (convertto-securestring $Password -AsPlainText -
Force) -ChangePasswordAtLogon $False -PasswordNeverExpires:$True `
-group
{
foreach($groups in $ADUsers)
{
$Username = $User.username
$groups = $User.groups -split ","
foreach ($group in $groups)
}
}
}
}
This is the code that I currently have (I have added in the groups clause I am trying to add in however this section is producing errors. The column name in my template is "groups")
Disclaimer: This is untested
I would utilize what you already have and add in the Add-ADPrincipalGroupMembership command. I changed some of the formatting to use splatting with the New-ADUser command for readability purposes only.
# Import active directory module for running AD cmdlets
Import-Module activedirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv C:\upload\batman.csv
#Loop through each row containing user details in the CSV file
foreach ($User in $ADUsers)
{
#Read user data from each field in each row and assign the data to a variable as below
$NewUser = #{
'SamAccountName' = $User.username
'UserPrincipalName' = "{0}#domain.com" -f $User.username
'Name' = "{0} {1}" -f $user.firstname,$user.lastname
'Enabled' = $true
'DisplayName' = "{1}, {0}" -f $user.firstname,$user.lastname
'AccountPassword' = ConvertTo-SecureString $User.password -AsPlainText -Force
'ChangePasswordAtLogon' = $false
'PasswordNeverExpires' = $true
'GivenName' = $User.firstname
'Surname' = $User.lastname
'Path' = $User.ou #This field refers to the OU the user account is to be created in
'Password' = $User.Password
}
$groups = $User.groups -split ","
$email = $User.email
#Check to see if the user already exists in AD
if (Get-ADUser -Filter "SamAccountName -eq '$($NewUser.SamAccountName)'")
{
#If user does exist, give a warning
Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
#User does not exist then proceed to create the new user account
#Account will be created in the OU provided by the $OU variable read from the CSV file
New-ADUser #NewUser
Add-ADPrincipalGroupMembership -Identity $NewUser.SamAccountName -MemberOf $groups
}
}

Active directory migration with powershell

I need to migrate from AD Windows2003Forest to AD 2016. I have below script to create users in bulk. My requirement is to map the same SID of older AD to new AD. For example in older AD SID='xyz' then it should be the same in newAD too as SID='xyz'
I am having all the users data along with SID in CSV format & am using below PowerShell script which is somehow not working. As of advice or suggestions.
powershell code snippent:
#Enter a path to your import CSV file
$ADUsers = Import-csv C:\scripts\newusers.csv
foreach ($User in $ADUsers)
{
$Username = $User.username
$Password = $User.password
$Firstname = $User.firstname
$Lastname = $User.lastname
$Department = $User.department
$OU = $User.ou
$sid = $User.sid
$UserPrincipalName = $User.UserPrincipalName
$DistinguishedName = $User.DistinguishedName
#Check if the user account already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user does exist, output a warning message
Write-Warning "A user account $Username has already exist in Active Directory."
}
else
{
#If a user does not exist then create a new user account
#Account will be created in the OU listed in the $OU variable in the CSV file; don’t forget to change the domain name in the"-UserPrincipalName" variable
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName $UserPrincipalName `
-Name "$Firstname $Lastname" `
-GivenName $Firstname `
-Surname $Lastname `
-Enabled $True `
-ChangePasswordAtLogon $True `
-DisplayName "$Lastname, $Firstname" `
-Department $Department `
-DistinguishedName $DistinguishedName `
-SID $sid `
-Path $OU `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force)
}
}
You won't be able to assign a SID as that's generated by the domain controller based on a RID. If trying to migrate to a new forest then you'll need to perform a proper AD migration. The old SIDs will be copied onto the migrated users' SID history attributes to allow permissions based on the old SID to still work.
If you simply want to upgrade to a newer version of AD then you're better off joining a newer domain controller to your existing Active Directory forest / domain. The forest functional level mush be 2003 or higher.
As a side note, I'd recommend then getting rid of the 2003 servers as soon as possible as these are no longer supported by Microsoft.

How to add/update user data to LDAP Active Directory located on another server using PowerShell script?

I want to add/update data of Active Directory located on another server. I have server details but I don't know how to do it. However, I know how to add/update data if I run PowerShell Script from same server.
Here is my code which work if I add/update data by PowerShell Script located to same server. Can anybody please suggest me how can I add/update data to Active Directory located on another server?
Code
# Import active directory module for running AD cmdlets
Import-Module activedirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv C:\it\powershell_create_bulk_users\bulk_users1_quote.csv
foreach ($User in $ADUsers)
{
$Username = $User.username
$Password = $User.password
$Firstname = $User.firstname
$Lastname = $User.lastname
$OU = $User.ou #This field refers to the OU the user account is to be created in
$Password = $User.Password
if (Get-ADUser -F {SamAccountName -eq $Username})
{
Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName "$Username" `
-Name "$Firstname $Lastname" `
-Path $OU `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True
}
}
You need to include the -Server <string> parameter for connecting to another server before creating / validating the user.
Also, I think you meant -Filter as the parameter with Get-ADUser cmdlet, and not -F.
-Server
Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a
corresponding domain name or directory server. The service may be any
of the following: Active Directory Lightweight Domain Services, Active
Directory Domain Services or Active Directory Snapshot instance. ...
Get-ADUser -Filter {SamAccountName -eq $Username} -Server a.b.c.d ...
# reference from https://learn.microsoft.com/en-us/powershell/module/addsadministration/get-aduser?view=win10-ps
New-ADUser ... -Server a.b.c.d ...
# reference from https://technet.microsoft.com/fr-fr/library/hh852238(v=wps.630).aspx

Creating Bulk Users in AD With CSV

I am working on a Power Shell script that will create bulk users in Active Directory. As stated in a previous post, I'm fairly new to Power Shell and want to be safe before I go live with anything. Below is the script, some of it borrowed. It will be reading data from the .csv noted in the Import-CSV cmdlet. Ideally, this would create the user and define the user's full name, first name, last name, username, SAM name, e-mail, title, description and manager. It would also set a password.
I would love any feedback on how the below script looks. Please let me know if you have any questions or need any additional information.
Import-Module activedirectory
$ADUsers = Import-CSV C:\scripts\hourlyimport.csv
foreach ($User in $ADUsers)
{
#read user data from each field in each row and assign the data to a variable as below
$Username = $User.username
$Firstname = $User.firstname
$Lastname = $User.lastname
$Password = $User.password
$OU = $User.ou
$Title = $User.title
$Manager = $User.manager
#check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#if user does exist, give a warning
Write-Warning "A user account with username $Username already exist in Active Directory. Say wha?!?"
}
else
{
#if user does not exist then proceed to create the new user account
#account will be created in the OU provided by the $OU variable read from the CSV file
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName "$Username#thredup.com" `
-Email "$Username#thredup.com" `
-Name "$Firstname $Lastname" `
-GivenName $Firstname `
-Surname $Lastname `
-Enabled $True `
-DisplayName "$Lastname, $Firstname" `
-Path $OU `
-Description "$Title" `
-Title "$Title" `
-Manager "$Manager" `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force)
}
}
Looks pretty good to me. You are somewhat inconsistent with the use of ", for example you don't need to write -Title "$Title", you can leave away the " in this case.
You could probably do some fancy optimization with splatting here, reducing the assignments, but since it is a quite unknown feature among many readers I wouldn't go for it here.
One thing I'm missing is error handling. With the default settings, your script will print out errors when something goes wrong, but continue the loop. Is this intended? It is often good practice to state your intention explicitly by setting $ErrorActionPreference at the start of your script.