Workflow Rename-DC
{
dcpromo /unattend:C:\Payload\AnswerFile.xml
Checkpoint-Workflow
New-ADOrganizationalUnit -Name "Admin" -Path "DC=ProjectX,DC=com"
Add-KdsRootKey EffectiveImmediately
New-ADServiceAccount -Name "Test Account" -DNSHostName "DC1.ProjectX.com" -Enabled $true
New-ADUser -Name "HelpDesk" -GivenName "Helpdesk" -Surname "" -SamAccountName helpdesk -UserprincipalName helpdesk#ProjectX.com -Path "OU=Admin,DC=ProjectX,DC=com"
Unregister-ScheduledJob -Name RenameDCResume
}
$Admin = "Administartor"
$Password = ConvertTo-SecureString -String "Passw0rd" -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PsCredential($Admin, $Password)
$AtStartup = New-JobTrigger -AtStartup
Register-ScheduledJob -Name RenameDCResume `
-Credential $Cred `
-Trigger $AtStartup `
-ScriptBlock {Import-Module PSWorkflow; `
Get-Job -Name RenameDomainController -State Suspended `
| Resume-Job}
Rename-DC -JobName RenameDomainController
Looking for some help with my workflow in PowerShell. the plan is to get the script to continue after the computer reboots for installation of the DC at line 3. However, the script doesn't seem to be continuing as planned at start up. Any ideas what I can do to correct this? Also, is the checkpoint after the dcpromo correct? Will it still take a checkpoint or will it ignore this as the reboot has already begun? would a PSPersist work better? Thanks in anticipation.
I have a CSV with 1500+ users there are 30 users per class OU, and then 6 class OU's per Intake OU. What I'm trying to achieve is, foreach (user in CSV), check if OU exists, then check if parent OU exists, create the parent OU only if it doesn't exist, then create the OU, then create the user, or just create the user if the OU exists.
Here is the code I'm using:
$ErrorActionPreference = "Stop"
Import-Module ActiveDirectory
$CSV = Import-Csv "C:\Scripts\AddPupils.csv"
foreach ($user in $CSV) {
# Variables
$GivenName = $user.GivenName
$SurName = $user.SurName
$UserName = $user.UserName
$Class = $user.YearClass
$Intake = $user.Intake
$DisplayName = $GivenName+" "+$SurName
# Create User
$UserOUParent = "OU=Year "+$iIntake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=com"
$UserOU = "OU=Class "+$Class.Substring(1,1)+",OU=Year "+$iIntake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=com"
$NewUserOUParentCheck = [ADSI]::Exists("LDAP://$UserOUParent")
$NewUserOUCheck = [ADSI]::Exists("LDAP://$UserOU")
if ($NewUserOUCheck -eq $false){
if ($NewUserOUParentCheck -eq $false){
"Create Parent Ou"
New-ADOrganizationalUnit `
-Name ("Year "+$Intake+" Intake") `
-Path "OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com" `
-ProtectedFromAccidentalDeletion $False
}
"Create OU"
New-ADOrganizationalUnit `
-Name ("Class "+$Class.Substring(1,1)) `
-Path ("OU=Year "+$Intake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com") `
-ProtectedFromAccidentalDeletion $False
}
"Create User"
New-ADUser `
-Name $DisplayName `
-SurName $SurName `
-GivenName $GivenName `
-DisplayName $DisplayName `
-SamAccountName $UserName `
-UserPrincipalName ($UserName+"#Zulbag.com") `
-AccountPassword (ConvertTo-SecureString "Testing123" -AsPlainText -force) `
-CannotChangePassword $true `
-ChangePasswordAtLogon $false `
-PasswordNeverExpires $true `
-EmailAddress ($UserName+"#Zulbag.com") `
-Country "GB" `
-Path ("OU=Class "+$Class.Substring(1,1)+",OU=Year "+$Intake+" Intake,OU=Students,OU=Users,OU=Roding,DC=Zulbag,DC=Com") `
-ProfilePath ("D:\Shares\User Accounts\Students\Intake Year "+$Intake+"\Class "+$Class.Substring(1,1)+"\Profiles\"+$DisplayName) `
-Enabled $true
Start-Sleep -Seconds 5
# Add To Group
$Group = "CN=Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)+",OU=Intake "+$Intake+",OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com"
$GroupOU = "OU=Intake "+$Intake+",OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com"
$NewGroupCheck = [ADSI]::Exists("LDAP://$Group")
$NewGroupOUCheck = [ADSI]::Exists("LDAP://$GroupOU")
if ($NewGroupCheck -eq $false) {
if ($NewGroupOUCheck -eq $false) {
"Create OU"
New-ADOrganizationalUnit `
-Name ("Intake "+$Intake) `
-Path "OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com" `
-ProtectedFromAccidentalDeletion $False
}
"create Group"
New-ADGroup `
-Name ("Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)) `
-GroupScope "Global" `
-Path ("OU=Intake "+$Intake+",OU=Folder Redirection Groups,OU=Security Groups,OU=Roding,DC=Zulbag,DC=Com")
}
"Add Member"
Add-ADGroupMember ("Redirection "+$Intake.Substring(2,2)+$Class.Substring(1,1)) $UserName
}
pause
Sample CSV:
GivenName,SurName,Class,UserName,Intake
Ali,Grisdale,1B,AGris,2016
Ayomiposi,Olayera,1B,AOlay,2016
In tests with Write-Output, the [ADSI] validates correctly but it appears to be validating it incorrectly here, the error message I keep getting is:
New-ADOrganizationalUnit : An attempt was made to add an object to the
directory with a name that is already in use
At C:\Scripts\AddPupils-Afzal.ps1:24 char:13
+ New-ADOrganizationalUnit
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (OU=Year 2016 In...C=Zulbag,DC=Com:String) [New-ADOrganizationalUnit], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8305,Microsoft.ActiveDirectory.Management.Commands.NewADOrganizationalUnitdirectory
It successfully creates the parent OU, class OU and user, but fails to create the second user, instead validates the OU incorrectly again.
Any Ideas?
Check the script for path errors!
I have a PowerShell script I am writing to create new users in our domain, as well as email address. The script works when I run it directly on Exchange. However, if I try to do it from my local PC either with Enter-PSSession or Invoke-Command I get the error:
The term 'Get-ADUser' is not recognized as the name of a cmdlet...
Running that same command from the local machine does work. And running that command on the remote machine works, just not if I run the script remotely.
Here is my script:
$cred = Get-Credential
$first_name = Read-Host -Prompt "What is the new user's first name?"
$last_name = Read-Host -Prompt "What is the new user's last name?"
$copy_from = Read-Host -Prompt "Copy from other user (leave blank if not)?"
$password = Read-Host -Prompt "New user's password?"
$ss_password = ConvertTo-SecureString -String $password -AsPlainText -Force
$new_user_name = $last_name.Substring(0,3) + $first_name.Substring(0,2)
$new_user_name = $new_user_name.ToLower()
Write-Host "Creating user $new_user_name..." -ForegroundColor Green
if ([string]::IsNullOrEmpty($copy_from))
{
Write-Host "Setting up new user (not copying...)" -ForegroundColor Yellow
New-ADUser -Name "$first_name $last_name" -AccountPassword $ss_password -SamAccountName $new_user_name -PassThru | Enable-ADAccount
}
else
{
$copy_from_user = Get-ADUser -Identity $copy_from
Write-Host "Copying user from: " $copy_from_user.Name -ForegroundColor Yellow
$ou = $copy_from_user.DistinguishedName -replace '^cn=.+?(?<!\\),'
New-ADUser -Name "$first_name $last_name" -AccountPassword $ss_password -Path $ou -SamAccountName $new_user_name -PassThru | Enable-ADAccount
$new_user = Get-ADUser -Identity $new_user_name
#Time to copy their group memberships
Get-ADUser -Identity $copy_from -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members $new_user_name
}
$pn = $new_user_name + "#INDY"
Set-ADUser -Identity $new_user_name -GivenName $first_name -Surname $last_name -UserPrincipalName $pn
#Now create email
$email_select = Read-Host -Prompt "Select email domain (1. Woodmizer; 2. Lastec; 3. Brightstone)"
if ($email_select -eq 2)
{
$domain = "#lastec.com"
}
elseif ($email_select -eq 3)
{
$domain = "#brightstoneabrasives.com"
}
else
{
$domain = "#woodmizer.com"
}
$email_address1 = $first_name.Substring(0,1) + $last_name + $domain
Write-Host "Creating mailbox $email_address1..." -ForegroundColor Green
Enable-Mailbox -Identity $new_user_name -Database "Mailbox Database 1188513962"
Start-Sleep -s 10
Get-Mailbox -Identity $new_user_name | Set-Mailbox -EmailAddresses #{add="$email_address1"} -EMailAddressPolicyEnabled $false
Get-Mailbox -Identity $new_user_name | Set-Mailbox -PrimarySmtpAddress $email_address1 -EmailAddressPolicyEnabled $false
Write-Host "Finished." -ForegroundColor Green
If you want this script to run on machines that don't have the Active Directory module, you can simply add this to the top of your script to import the cmdlets via session..
$cred = Get-Credential "DOMAIN\adminuser"
$ADsession = New-PSSession -ComputerName DOMAINCONTROLLERNAME -Credential $cred
Import-Module -PSSession $ADsession ActiveDirectory
I also notice you're trying to run Exchange cmdlets..
$exchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://EXCHANGESERVER/PowerShell/" -Authentication Kerberos
Import-PSSession $exchSession
It looks like the ActiveDirectory module is not installed on that machine, you can install the MSFT RSAT tools to get it.
Try the following, It works!! {I tried after giving the Authentication type}
$pass = ConvertTo-SecureString -AsPlainText 'PASSWORD' -Force
$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'USERNAME',$pass
$s=New-PSSession SERVERNAME -Credential $MySecureCreds -Authentication Credssp
Invoke-Command -Session $s -scriptblock {
Get-CsUser User
}
The code I have used to create user is:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++)
{
$userID = “{0:0000}” -f ($userIndex + 1)
$userName = “Super.admin$userID”
Write-Host “Creating user” ($userIndex + 1) “of” $total “:” $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString “admin#123” -AsPlainText -Force) `
-City “City” `
-Company “Company” `
-Country “US” `
-Department “Department” `
-Description (“TEST ACCOUNT ” + $userID + “: This user account does not represent a real user and is meant for test purposes only”)`
-DisplayName “Test User ($userID)” `
-Division “Division” `
-EmailAddress “$userName#DESMOSEDICI.local” `
-EmployeeNumber “$userID” `
-EmployeeID “ISED$userID” `
-Enabled $true `
-Fax “703-555-$userID” `
-GivenName “Test” `
-HomePhone “703-556-$userID” `
-Initials “TU$userID” `
-MobilePhone “703-557-$userID” `
-Name “Super.Admin ($userID)” `
-Office “Office: $userID”`
-OfficePhone “703-558-$userID” `
-Organization “Organization” `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox “PO Box $userID”`
-PostalCode $userID `
-SamAccountName $userName `
-State “VA – Virginia” `
-StreetAddress “$userID Any Street” `
-Surname “User ($userID)” `
-Title “Title” `
-UserPrincipalName “$userName#Domain.com“
}
Under my business unit group HR is created. How can I add a user in this group or create the users and assign the HR group to the users using the above script?
I tried to change the -Path
-Path "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com"
But it is not working.
Path is the Organizational Unit (or Container) the account will be created in. It has nothing to do with Group membership.
Use:
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
Edit: This shows the command in the context of your script:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++) {
$userID = "{0:0000}" -f ($userIndex + 1)
$userName = "Super.admin$userID"
Write-Host "Creating user" ($userIndex + 1) "of" $total ":" $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString "admin#123" -AsPlainText -Force) `
-City "City" `
-Company "Company" `
-Country "US" `
-Department "Department" `
-Description ("TEST ACCOUNT " + $userID + ": This user account does not represent a real user and is meant for test purposes only")`
-DisplayName "Test User ($userID)" `
-Division "Division" `
-EmailAddress "$userName#DESMOSEDICI.local" `
-EmployeeNumber "$userID" `
-EmployeeID "ISED$userID" `
-Enabled $true `
-Fax "703-555-$userID" `
-GivenName "Test" `
-HomePhone "703-556-$userID" `
-Initials "TU$userID" `
-MobilePhone "703-557-$userID" `
-Name "Super.Admin ($userID)" `
-Office "Office: $userID"`
-OfficePhone "703-558-$userID" `
-Organization "Organization" `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox "PO Box $userID"`
-PostalCode $userID `
-SamAccountName $userName `
-State "VA – Virginia" `
-StreetAddress "$userID Any Street" `
-Surname "User ($userID)" `
-Title "Title" `
-UserPrincipalName "$userName#Domain.com"
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
}
If you are receiving errors from New-ADUser something is wrong with your existing script, the new command is entirely separate and must fall after New-ADUser has done its job.
I want to create AD user by asking prompts from user input one by one.
I searched the script from google. See below.
$title = "Login"
$message = "Please enter your information to login!"
$name = New-Object System.Management.Automation.Host.FieldDescription "Name"
$name.Label = "&Login Name"
$name.DefaultValue = "Guest"
$pwd = New-Object System.Management.Automation.Host.FieldDescription "Password"
$pwd.Label = "&Password"
$pwd.SetparameterType( [System.Security.SecureString] )
$pwd.HelpMessage = "Please type your Password."
$fields = [System.Management.Automation.Host.FieldDescription[]]($name, $pwd)
$login=$Host.UI.Prompt($title, $message, $fields)
How to pass these parameters in below old statement
New-ADUser -Name “Charlie Russel” `
-AccountPassword "testing" `
-SamAccountName 'Charlie’ `
-DisplayName 'Charlie Russel’ `
-EmailAddress 'Charlie#TreyResearch.net’ `
-Enabled $True `
-GivenName 'Charlie’ `
-PassThru `
-PasswordNeverExpires $True `
-Surname 'Russel’ `
-UserPrincipalName 'Charlie’
You can access it using $login.Name and $login.Password:
New-ADUser -Name 'Charlie Russel' `
-AccountPassword $login.Password `
-SamAccountName $login.Name `
-DisplayName 'Charlie Russel’ `
-EmailAddress 'Charlie#TreyResearch.net’ `
-Enabled $True `
-GivenName 'Charlie’ `
-PassThru `
-PasswordNeverExpires $True `
-Surname 'Russel’ `
-UserPrincipalName 'Charlie'