Hello I write program that will be create user from powershell gui, and i have problem:
Sometimes not all field have values and they empty, but when i try create user with parameter that have empty value i get error
new-aduser server is unwilling to process the request
I can use many if-else blocks foreach field but i think it's not good solution.Please help have can i pass create user with empty parameters.
New-ADUser -AccountPassword (ConvertTo-SecureString -AsPlainText -Force -String ($Password.Text)) `
-GivenName $UserName.Text `
-Company $company.Text `
-EmployeeID $Tabel.Text `
-HomePhone $homephone.Text `
-MobilePhone $mobilephone.Text `
-Enabled $true `
-SamAccountName $Login.Text `
-StreetAddress $street.Text `
-Surname $Surname.Text `
-Title $JobPost.Text `
-UserPrincipalName ($Login.Text + "#domain.com") `
-OfficePhone $phone.Text `
-Office $office.Text `
-Description $SZnumb.Text `
-City $City.Text `
-Department $Departament.Text `
-Division $Division.Text `
-Name ($Surname.Text + " " + $UserName.Text + " " + $FatherName.Text) `
-DisplayName ($Surname.Text + " " + $UserName.Text + " " + $FatherName.Text) `
-Path $OUpicker.Text `
-PasswordNeverExpires $passneverexpires `
-ChangePasswordAtLogon $changepassatlogon `
-CannotChangePassword $cantchangepassword `
-OtherAttributes #{ 'employeeType' = $LevelRuler.Text; 'extensionAttribute4'=$Sektor.Text}
Update
Problem with parameter -OtherAttributes if that two field empty it's throw error
The suggestion by vonPryz sounds like a good one.
You can have something like a radio button defining what account type you are dealing with and based on that disable or hide some of the input boxes.
Anyway, I think you should really consider switching to using Splatting. This makes better readable and maintanable code (no more nasty backticks) AND you can add or leave out properties depending on certain conditions.
Something like:
# build a Hashtable object for splatting, at first with properties all account types have in common
# for instance:
$userParams = #{
AccountPassword = (ConvertTo-SecureString -AsPlainText -Force -String ($Password.Text))
GivenName = $UserName.Text
Company = $company.Text
EmployeeID = $Tabel.Text
HomePhone = $homephone.Text
MobilePhone = $mobilephone.Text
Enabled = $true
SamAccountName = $Login.Text
StreetAddress = $street.Text
Surname = $Surname.Text
Title = $JobPost.Text
UserPrincipalName = ($Login.Text + "#atbmarket.com")
Description = $SZnumb.Text
City = $City.Text
Department = $Departament.Text
Division = $Division.Text
Name = ($Surname.Text + " " + $UserName.Text + " " + $FatherName.Text)
DisplayName = ($Surname.Text + " " + $UserName.Text + " " + $FatherName.Text)
Path = $OUpicker.Text
PasswordNeverExpires = $passneverexpires
ChangePasswordAtLogon = $changepassatlogon
CannotChangePassword = $cantchangepassword
}
Now, you can add certain extra properties, depending on the account type. For instance:
switch ($LevelRuler.Text) {
'Manager' {
$userParams['OtherAttributes'] = #{'employeeType' = 'Manager'; 'extensionAttribute4'=$Sektor.Text}
}
'FloorWalker' {
$userParams['OtherAttributes'] = #{'employeeType' = 'FloorWalker' }
}
# etc.
}
And add other common properties only if they are not blank:
if (!([string]::IsNullOrWhiteSpace($phone.Text))) {
$userParams['OfficePhone'] = $phone.Text.Trim()
}
if (!([string]::IsNullOrWhiteSpace($office.Text))) {
$userParams['Office'] = $office.Text.Trim()
}
# etc.
Finally, create the new user:
New-ADUser #userParams
P.S.1 is this a typo? $Departament.Text
P.S.2 Instead of doing ($Surname.Text + " " + $UserName.Text + " " + $FatherName.Text) twice, I'd create a variable $name first like $name = ('{0} {1} {2}' -f $Surname.Text, $UserName.Text, $FatherName.Text).Trim() -replace '\s+', ' ' and use that for properties Name and DisplayName
Related
I'm pulling some user info from a .csv to create new users,
I've splatted the New User Params at the suggestion of someone here
but I'm getting this error
New-ADUser : Cannot convert 'System.String' to the type 'System.Management.Automation.SwitchParameter' required by parameter
'Confirm'.
At C:\Users\Administrator\Documents\GitHub\cyclone-internal-user-sync-1\Bamboo Attributes form a csv.ps1:68 char:28
+ New-ADUser #NewUserParms
+ ~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.NewADUser
I have no idea what this is haha, I've tried adding an erroraction stop to the new-aduser but that didn't have any effect
I have added trims and a section to remove spaces from usernames. to deal with multipart names such as Van der.... etc
#Bamboo Attributes from a .csv
#Enter a path to your import CSV file
$ADUsers = Import-csv 'path'
#Bamboo Attributes from a .csv
#Enter a path to your import CSV file
$ADUsers = Import-csv 'C:\Users\Administrator\Documents\GitHub\cyclone-internal-user-sync-1\documentation\SampleUserAttributes.csv'
#$apiRequest = Get-Content -Raw -Path C:\Users\alexh\Documents\GitHub\cyclone-internal-user-sync-1\cyclone-internal-user-sync-1\fake-api-query.json | ConvertFrom-Json
foreach ($User in $ADUsers) {
$firstName = $user.FirstName.Trim()
$surname = $user.Surname.Trim()
$vaildUsernameFormat = "[^a-zA-Z_.]" # identifies anything that's _not_ a-z or underscore or .
$username = "($firstName'.'$surname)" -replace $vaildUsernameFormat, '' #removes anything that isn't a-z
$DefaultPassword = 'Pa$$w0rd'
$NewUserParms = #{
'samAccountName' = $username;
'Name' = "$firstname $surname";
'DisplayName' = "$firstname $surname";
'UserPrincipalName' = "$username#domain.com";
'GivenName' = $firstname;
'Surname' = $surname;
'EmailAddress' = $User.Email;
'AccountPassword' = (ConvertTo-SecureString $DefaultPassword -AsPlainText -Force);
'Enabled' = $true;
'Path' = "OU=Users,DC=domain,DC=com";
'co' = $User.Country;
'company' = $User.CompanyName;
'countryCode' = $user.countryCode;
'department' = $user.OrgDepartmentName;
'Employeeid' = $user.EmployeeId;
'exstentionAttribute1' = $user.ExstentionNumber;
'ipPhone' = $user.ExstentionNumber;
'L' = $user.location;
'mail' = $user.Email;
'mobile' = $user.Mobile;
'Manager' = $user.Manager;
'physicalDeliveryOffice' = $user.Branch;
'postalCode' = $user.PostalCode;
'postOfficeBox' = $user.PostOfficeBox;
'proxyAddresses' = $user.ProxyEmail;
'scriptPath' = $user.scriptPath;
'st' = $user.StreetName;
'Title' = $user.Title
}
write-host "$username this is username value"
#Check if the user account already exists in AD
if (Get-ADUser -F {
sAMAccountName -eq $username
}) {
#If user does exist, output a warning message
Write-Warning "A user account $username has already exist in Active Directory."
}
else {
#If a user does not exist then create a new user account
New-ADUser #NewUserParms
}
}
I've removed some of the user attributes just to make this a bit smaller.
here is the.csv as well in case I've messed something up there
link to .csv file on git
A little known fact about PowerShell is that you don't need to use the whole parameter name. You can use the partial name and as long as it matches only one parameter name, that's what PowerShell assumes you mean.
The one it's choking on is this:
'co' = $User.Country;
If you look at the documentation for New-ADUser, it does not have a parameter called co. So PowerShell assumes it's a partial match to a known parameter, and the closest match is -Confirm. And the value in $User.Country doesn't make any sense for the -Confirm parameter, so it throws the error.
You will have to use the -OtherAttributes parameter to set all the other attributes that New-ADUser doesn't have a dedicated parameter for:
$NewUserParms = #{
...
'OtherAttributes = # {
'co' = $User.Country;
'exstentionAttribute1' = $user.ExstentionNumber;
...
}
...
}
As commented in this and previous questions, you are using New-ADUser $NewUserParms, where it should be New-ADUser #NewUserParms.
Also, to catch errors (you did add -ErrorAction Stop), you need to put that inside a try{..} catch{..} block.
I would also change the syntax you use for the -Filter parameter. Instead of using a scriptblock syntax {something -eq someotherthing}, you should create a string like "something -eq 'someotherthing'"
Try:
# define some 'constants'
$csvFile = 'X:\Folder\NewUsers.csv' # Enter a path to your import CSV file
$invalidCharacters = '[^a-z_.]' # identifies anything that's _not_ a-z or underscore or .
$DefaultPassword = 'Pa$$w0rd'
$securePassword = ConvertTo-SecureString -String $DefaultPassword -AsPlainText -Force
# read the input csv and loop through
Import-Csv -Path $csvFile | ForEach-Object {
$firstName = $_.FirstName.Trim()
$surname = $_.Surname.Trim()
$username = ('{0}.{1}' -f $firstName, $surname) -replace $invalidCharacters
# test if a user with that name already exists
$user = Get-ADUser -Filter "SamAccountName -eq '$username'" -ErrorAction SilentlyContinue
if ($user) {
Write-Warning "A user account $username already exist in Active Directory."
}
else {
Write-Host "Creating user $username"
$NewUserParms = #{
'SamAccountName' = $username
'Name' = "$firstname $surname"
'DisplayName' = "$firstname $surname"
'UserPrincipalName' = "$username#domain.com"
'GivenName' = $firstname
'Surname' = $surname
'EmailAddress' = $_.Email
'AccountPassword' = $securePassword
'Enabled' = $true
'Path' = "OU=Users,DC=domain,DC=com"
# add other properties to set from the CSV here.
# make sure you get the parameter data types correct and always check here:
# https://learn.microsoft.com/en-us/powershell/module/addsadministration/new-aduser?view=win10-ps#parameters
# switch parameters for the cmdlet can also be entered with a value $false or $true
}
try {
# '-ErrorAction Stop' ensures that also non-terminating errors get handled in the catch block
New-ADUser #NewUserParms -ErrorAction Stop
}
catch {
# something bad happened. Change 'Write-Warning' into 'throw' if you want your script to exit here
# inside a catch block, the '$_' automatic variable represents the actual exception object.
Write-Warning "Could not create account $username. $($_.Exception.Message)"
}
}
}
I'm pulling some user info from a .csv to create new users,
I've splatted the New User Params at the suggestion of someone here
but I'm getting this error
New-ADUser : The name provided is not a properly formed account name
At C:\Users\Administrator\Documents\GitHub\cyclone-internal-user-sync-1\Bamboo Attributes form a csv.ps1:67 char:17
+ New-ADUser $NewUserParms -ErrorAction Stop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (CN=System.Colle...=Cyclone,DC=com:String) [New-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1315,Microsoft.ActiveDirectory.Management.Commands.NewADUser
the username variable seems to be correct as far as I know, when it outputs during running of the script its what I assume to be correct format of "firstname.lastname"
I have added trims and a section to remove spaces from usernames. to deal with multipart names such as Van der.... etc
#Bamboo Attributes from a .csv
#Enter a path to your import CSV file
$ADUsers = Import-csv 'path'
foreach ($User in $ADUsers) {
$firstName = $user.FirstName.Trim()
$surname = $user.Surname.Trim()
$vaildUsernameFormat = "[^a-zA-Z_.]" # identifies anything that's _not_ a-z or underscore or .
$username = "($firstName'.'$surname)" -replace $vaildUsernameFormat, '' #removes anything that isn't a-z
$DefaultPassword = 'Pa$$w0rd'
$NewUserParms = #{
'samAccountName' = $username;
'Name' = "$firstname $surname";
'DisplayName' = "$firstname $surname";
'UserPrincipalName' = "$username#domain.com";
'GivenName' = $firstname;
'Surname' = $surname;
'EmailAddress' = $User.Email;
'AccountPassword' = (ConvertTo-SecureString $DefaultPassword -AsPlainText -Force);
'Enabled' = $true;
'Path' = "OU=Users,DC=domain,DC=com";
}
write-host "$username this is username value"
#Check if the user account already exists in AD
if (Get-ADUser -F {
sAMAccountName -eq $username
}) {
#If user does exist, output a warning message
Write-Warning "A user account $username has already exist in Active Directory."
}
else {
#If a user does not exist then create a new user account
New-ADUser $NewUserParms -ErrorAction Stop
}
}
I've removed some of the user attributes just to make this a bit smaller.
here is the.csv as well in case I've messed something up there
link to .csv file on git
I think it's something simple. When you use splatting, you need to use the # symbol when feeding your hash table to the cmdlet rather than the regular $:
New-ADUser #NewUserParms -ErrorAction Stop
Some more reading About Splatting.
I am trying to get my SendGoogleForm script to work. The issue I have at the moment is that the message I am sending with the form is including a powershell script, the problem I have is that the send service is breaking the lines in the code which means I have to manually remove all the extra spaces(see example at bottom).
So I thought that there must be a way to print the powershell code to a file instead and attach it to the email that is sent or fix the spaces issue some other way. It would be good if the answers still are displayed as a regular email like they are today but with the powershell code attached somehow.
/* Send Google Form by Email v2.1 */
/* For customization, contact the developer at amit#labnol.org */
/* Tutorial: http://www.labnol.org/?p=20884 */
function Initialize() {
var triggers = ScriptApp.getProjectTriggers();
for(var i in triggers) {
ScriptApp.deleteTrigger(triggers[i]);
}
ScriptApp.newTrigger("SendGoogleForm")
.forSpreadsheet(SpreadsheetApp.getActiveSpreadsheet())
.onFormSubmit()
.create();
}
function SendGoogleForm(e)
{
try
{
//Här fyller du i mailadresserna för resp avdelning.
var it = "test#test.se";
//Ärende på mailet
var subject = "testt Ny/redigerad anställning";
//Slår ihop alla mailadresser till en.
var email = hr +","+ security +","+ it;
//andra variabler
var bukowskis = "test";
var temporarypass = "Provide a Temporary Password for this user";
var semicolon = ";";
// You may replace this with another email address
//var email = Session.getActiveUser().getEmail();
var s = SpreadsheetApp.getActiveSheet();
var columns = s.getRange(1,1,1,s.getLastColumn()).getValues()[0];
var message = "";
// Only include form fields that are not blank
for ( var keys in columns ) {
var key = columns[keys];
if ( e.namedValues[key] && (e.namedValues[key] != "") ) {
message += key + ' :: '+ e.namedValues[key] + "\n\n";
}
if (key == "Förnamn")
var fornamn = e.namedValues[key];
else if (key == "Efternamn")
var efternamn = e.namedValues[key];
else if (key == "Placering")
var placering = e.namedValues[key];
else if (key == "Titel")
var titel = e.namedValues[key];
else if (key == "Avdelning")
var avdelning = e.namedValues[key];
}
//Lägger till eventuellt namn i ämnesraden.
if(typeof fornamn !== 'undefined'&&typeof efternamn !== 'undefined'){
subject += ", " + fornamn + " " + efternamn ;
message +="New-ADUser -SamAccountName '"+fornamn+"."+efternamn+"' -Name '"+fornamn+" "+efternamn+"' -GivenName '"+fornamn+"' -Surname '"+efternamn+"' -Description '"+test+", "+avdelning+", "+titel+"' -OfficePhone ' ' -EmailAddress '"+fornamn+"."+efternamn+"#test.com' -Path 'OU=Users,OU=test,DC=intern,DC=test,DC=se' -Company 'test' -Department '"+avdelning+"' -Title '"+titel+"' "+semicolon+"$NewPassword = (Read-Host -Prompt '"+temporarypass+"' -AsSecureString) "+semicolon+"Set-ADAccountPassword -Identity '"+fornamn+"."+efternamn+"' -NewPassword $NewPassword -Reset "+semicolon+"Set-ADAccountControl -Identity '"+fornamn+"."+efternamn+"' -Enabled $true";
MailApp.sendEmail(email, subject, message);
}
} catch (e) {
Logger.log(e.toString());
}
}
Example of how the output looks today, not able to just copy to Powershell ISE and run it, sadly.
New-ADUser -SamAccountName 'gadfgdafg.sdfgsdfg' -Name 'gadfgdafg sdfgsdfg'
-GivenName 'gadfgdafg' -Surname 'sdfgsdfg' -Description 'Test, Utlämningen, Alternativ 5' -OfficePhone ' '
-EmailAddress 'gadfgdafg.sdfgsdfg#test.com'
-Path 'OU=Users,OU=test,DC=intern,DC=test,DC=se'
-Company 'test' -Department 'Utlämningen' -Title 'Alternativ 5' ;$NewPassword = (Read-Host -Prompt 'Provide a Temporary Password for this user' -AsSecureString) ;Set-ADAccountPassword -Identity 'gadfgdafg.sdfgsdfg' -NewPassword $NewPassword -Reset ;Set-ADAccountControl -Identity 'gadfgdafg.sdfgsdfg' -Enabled $true
Thanks in advance, I have tried everything I can think of at this point.
When sending e-mails, GMail automatically line-wraps your plain-text messages (at around 78 characters per line). In order to avoid this, you can:
Use another client other than Gmail. Of course, probably not your preferred option, but something to consider.
Get the data through the API. The data you get from it will not be line-wrapped.
Send your message as an HTML message. You can do that with a small modification of your code:
Before
message += key + ' :: '+ e.namedValues[key] + "\n\n";
...
subject += ", " + fornamn + " " + efternamn ;
message +="New-ADUser -SamAccountName '"+fornamn+"."+efternamn+"' -Name '"+fornamn+" "+efternamn+"' -GivenName '"+fornamn+"' -Surname '"+efternamn+"' -Description '"+test+", "+avdelning+", "+titel+"' -OfficePhone ' ' -EmailAddress '"+fornamn+"."+efternamn+"#test.com' -Path 'OU=Users,OU=test,DC=intern,DC=test,DC=se' -Company 'test' -Department '"+avdelning+"' -Title '"+titel+"' "+semicolon+"$NewPassword = (Read-Host -Prompt '"+temporarypass+"' -AsSecureString) "+semicolon+"Set-ADAccountPassword -Identity '"+fornamn+"."+efternamn+"' -NewPassword $NewPassword -Reset "+semicolon+"Set-ADAccountControl -Identity '"+fornamn+"."+efternamn+"' -Enabled $true";
MailApp.sendEmail(email, subject, message);
After
message += key + ' :: '+ e.namedValues[key] + "<br><br>";
...
subject += ", " + fornamn + " " + efternamn ;
message +="New-ADUser -SamAccountName '"+fornamn+"."+efternamn+"' -Name '"+fornamn+" "+efternamn+"' -GivenName '"+fornamn+"' -Surname '"+efternamn+"' -Description '"+test+", "+avdelning+", "+titel+"' -OfficePhone ' ' -EmailAddress '"+fornamn+"."+efternamn+"#test.com' -Path 'OU=Users,OU=test,DC=intern,DC=test,DC=se' -Company 'test' -Department '"+avdelning+"' -Title '"+titel+"' "+semicolon+"$NewPassword = (Read-Host -Prompt '"+temporarypass+"' -AsSecureString) "+semicolon+"Set-ADAccountPassword -Identity '"+fornamn+"."+efternamn+"' -NewPassword $NewPassword -Reset "+semicolon+"Set-ADAccountControl -Identity '"+fornamn+"."+efternamn+"' -Enabled $true";
var htmlBody = "<html><p>" + message + "</p></html>";
MailApp.sendEmail(email, subject, message, {'htmlBody': htmlBody});
The main changes are:
Wrapping your text with HTML code, using a paragraph tag.
Replacing the newlines inside your "message" for <br> tags.
Johan. You're not putting any newline characters into the string, so it's all going to output on a single line. For google-apps-script(js) you can use '/n'. See examples here.
Alternatively, to create the powershell file separately and send it as an attachment, you can add the attachment argument to your MailApp function. You'll have to push the output to a file, which will still require '/n' to break up the lines. You'll also have to store the file somewhere that the form has access to. And you'll need to be sure that the recipient email won't flag the .ps1 fine as potentially malicious. (Which it should be doing. Never run scripts from email attachments!) Attachment example here.
Have fun!
I stopped over at Code Review, asking how I could streamline a script and was advised to use a hashtable as it would clean up the code. I was given a very basic example but it wasn't plug-and-play. I've worked up some basic code but it's not doing what I think it should. Knowing the Code Review folks aren't there for support like this, here i am, looking for help with combining a variable from a CSV and a hashtable. I'll leave sample data from my CSV and the Powershell code below.
Sample CSV:
Student First Name,I,Student Last Name,Other ID,Stu Access Login,Student's School Email,School,Grad Year
Johosofat,L,Smith,999999,smithjoh000,smithjoh000#mydomain.org,30,2017
Tome,M,Smith,999998,smithtom000,smithtom000#mydomain.org,40,2021
Sample Powershell:
# Testing simple hash table
$SchoolCodes = #{
20 = "Exeter Township Senior High"
30 = "Exeter Township Junior High"
40 = "Lorane Elementary School"
50 = "Jacksonwald ES"
70 = "Reiffton School"
90 = "Owatin Creek Elementary School"
}
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating variables for each field.
ForEach ($User in $Users) {
# Creating the basic variables.
$FirstName = $User.'Student First Name'
$MiddleInitial = $User.'I'
$LastName = $User.'Student Last Name'
$ADUserName = $User.'Stu Access Login'
$StudentID = $User.'Other ID'
$GradYear = $User.'Grad Year'
$CapFInitial = $FirstName.substring(0,1).ToUpper()
$MInitial = $MiddleInitial.substring(0,1).ToLower()
$LInitial = $LastName.substring(0,1).ToLower()
$Password = "$CapFInitial$MInitial$LInitial" + "#" + "$StudentID"
$SchoolCode = $SchoolCodes[$User.School]
If (-Not(Get-ADUser -Filter {SamAccountName -eq $ADUserName})) {
Try {
# Create user.
New-ADUser `
-Name "$FirstName $LastName" `
-SamAccountName "$ADUserName" `
-GivenName "$FirstName" `
-Initials "$MiddleInitial" `
-Surname "$LastName" `
-DisplayName "$FirstName $MiddleInitial. $LastName" `
-UserPrincipalName "$ADUserName#mydomain.k12.pa.us" `
-EmailAddress "$ADUserName#mydomain.k12.pa.us" `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $false `
-PasswordNeverExpires $true `
-CannotChangePassword $true `
-Path "OU=$GradYear,OU=Students,OU=$SchoolCode,OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us" `
-WhatIf
}
Catch {
Write-Error "[ERROR] Can't create user [$($ADUserName)] : $_"
}
}
}
My issue:
The script ultimately errors out because of the $SchoolCode variable being set to null, I think. I'm wanting the script to find the number (code) from the school field in the CSV and match that to the name which ends up being an OU in AD - where the User Object will get created. Basically, the code tries to create the User Object in "CN=Tome Smith,OU=2021,OU=Students,OU=,OU=accounts,DC=academic,DC=exeter,DC=k12,DC=pa,DC=us" which shows the $SchoolCode variable is either blank or otherwise not getting set correctly.
As I mentioned in a comment, we're thinking of adding other static data to the hashtable as a (nested?) hashtable. Here's an example of what we're thinking about. As time goes by, the list of AD groups may grow.
Example of the nested hashtable:
$SchoolCodes = #{
20 = #{
Name = "Exeter Township Senior High"
ADGroup1 = "Students"
ADGroup2 = "Secondary Students"
}
30 = #{
Name = "Exeter Township Junior High"
ADGroup1 = "Students"
ADGroup2 = "Secondary Students"
}
40 = #{
Name = "Lorane Elementary School"
ADGroup1 = "Students"
ADGroup2 = "K4 Students"
}
50 = #{
Name = "Jacksonwald ES"
ADGroup1 = "Students"
ADGroup2 = "K4 Students"
}
70 = #{
Name = "Reiffton School"
ADGroup1 = "Students"
ADGroup2 = "Secondary Students"
}
90 = #{
Name = "Owatin Creek Elementary School"
ADGroup1 = "Students"
ADGroup2 = "K4 Students"
}
}
I'm scouring the web and trying to get a better understanding of hashtables. If I can wrap my head around it, nesting them would be my next step.
Unless you're re-using the data, it's not important to turn it into a hashtable. Also, the error is in accessing the $SchoolCodes value. For some reason, the accessor isn't working with a [String], but does work when you cast to an [Int]
Sample dataset:
Student First Name,I,Student Last Name,Other ID,Stu Access Login,Student's School Email,School,Grad Year
Johosofat,L,Smith,999999,smithjoh000,smithjoh000#mydomain.org,30,2017
Tome,M,Smith,999998,smithtom000,smithtom000#mydomain.org,40,2021
Code:
#requires -Version 3
$SchoolCodes = #{
20 = "Exeter Township Senior High"
30 = "Exeter Township Junior High"
40 = "Lorane Elementary School"
50 = "Jacksonwald ES"
70 = "Reiffton School"
90 = "Owatin Creek Elementary School"
}
# CSV file being imported.
$CsvFile = "$env:USERPROFILE\Downloads\SampleData.csv"
# Import the contents of the CSV file.
$Users = Import-Csv -Path "$CsvFile"
# Loop through each line of the CSV, creating variables for each field.
ForEach ($User in $Users)
{
[String]$LoginName = $User.'Stu Access Login'
If (-not (Get-ADUser -Filter {SamAccountName -eq $LoginName}))
{
$FirstName = $User.'Student First Name'
$LastName = $User.'Student Last Name'
$Params = #{
Name = "$FirstName $LastName"
SamAccountName = $LoginName
GivenName = $FirstName
Initials = $User.I
Surname = $LastName
DisplayName = "$FirstName $($User.I) $LastName"
UserPrincipalName = "$LoginName#mydomain.k12.pa.us"
EmailAddress = "$LoginName#mydomain.k12.pa.us"
AccountPassword = ConvertTo-SecureString -String (
'{0}{1}{2}#{3}' -f #(
$FirstName[0].ToString().ToUpper(),
$User.I[0].ToString().ToLower(),
$LastName[0].ToString().ToLower(),
$User.'Other ID')) -AsPlainText -Force
Enabled = $False
PasswordNeverExpires = $True
CannotChangePassword = $True
Path = 'OU={0},OU=Students,OU={1},OU=accounts,DC=academic,DC=mydomain,DC=k12,DC=pa,DC=us' -f #(
$User.'Grad Year',
$SchoolCodes[[Int]$User.School])
WhatIf = $True
}
Try {New-ADUser #Params}
Catch {Write-Error "[ERROR] Can't create user [$LoginName] : $_"}
}
}
Below is my Powershell script -
Import-Module ActiveDirectory
$objOU=[ADSI]“LDAP://OU=Service,OU=Accounts,DC=xyz,DC=com”;
$dataSource=import-csv “add_user2.csv”;
foreach($dataRecord in $datasource)
{
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName
$displayName=$sn + “, ” + $givenName
$userPrincipalName=$sAMAccountName + “#test.com”;
#Additional Attributes
$objUser=$objOU.Create(“user”,”CN=”+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
#Place the additional attributes into the record
$objUser.Put("PasswordNeverExpires", $true)
$objUser.SetInfo()
}
I am trying to set the values of an ActiveDirectory user, using the above script. The problem I am facing is I am not able set the "PasswordNeverExpires" attribute under Account Options in Account tab to True.
My input file "add_user1.csv" looks like -
FirstName LastName
Test Account1
Will appreciate all help.
Regards.
Another thing you could use to get around having to fiddle with the UserAccountControl property is to use the PasswordNeverExpires parameter of Set-ADUser.
$objUser | Set-ADUser -PasswordNeverExpires
In fact, you could replace a lot of that code by using New-ADUser
Import-Module ActiveDirectory
$dataSource=import-csv “add_user2.csv”;
foreach($dataRecord in $datasource)
{
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName
$displayName=$sn + “, ” + $givenName
$userPrincipalName=$sAMAccountName + “#test.com”;
New-ADUser $cn -SamAccountName $sAMAccountName -GivenName $givenName `
-Surname $sn -DisplayName $displayName -UserPrincipalName $userPrincipalName `
-PasswordNeverExpires $true -Path "OU=Service,OU=Accounts,DC=rjfdev,DC=com"
}
There is no PasswordNeverExpires property. If you run Get-Member on $objUser you will see this. These properties are controlled by UserAccountControl. For more information look here.
This blog article details how to set the password never expires attribute to true:
Setting "Password never expire" attribute on user object
This property unlike many other properties of AD object are contained in bitmask
attribute UserAccountControl
(not related in any way with User Account Control feature of Windows).
To set it you need to retrieve current value of this attribute and use binary OR
operation (-bor) to calculate new value.
$User = [ADSI]"LDAP://cn=Gusev,ou=Users,ou=Lab,dc=contoso,dc=com"
$UAC = $User.UserAccountControl[0] -bor 65536
$User.Put("userAccountControl",$UAC)
$User.SetInfo()
Your script needs to be modified as such:
$objUser.SetInfo()
#Place the additional attributes into the record
$UAC = $objUser.UserAccountControl[0] -bor 65536
$objUser.Put("userAccountControl",$UAC)
$objUser.SetInfo()
Without running SetInfo() twice the script will throw an error.