I'm making PS script which is going to make users from arrays. Everything works fine with this on:
New-ADUser `
-Name $naam `
-SamAccountName $naam -UserPrincipalName $usprinc `
-AccountPassword $password `
-HomeDrive X: `
-HomeDirectory $eigenmap `
-Path "$lastou, OU=USERS_ABC, OU= BEDRIJF ABC, DC= kurzynowski, DC= local" `
-PassThru | Enable-ADAccount
When I'm making users this way, their home dirs aren't created. I've checked AD users and computers for each user properties. Each user has correct path and drive letter in their home dir. But i get no dirs for those users in my share. Anybody has idea y?
Related
I am getting the below error while trying to add a computer object in AD by using Powershell.
New-ADComputer -Name <Computer Name> -Path 'OU=Devices,DC=enterprise,DC=com' -Enabled $True
Error: New-ADComputer : A required attribute is missing
See example 1 at New-ADComputer. I guess the parameter -SamAccountName is missing.
New-ADComputer -Name "USER02-SRV2" -SamAccountName "USER02-SRV2" -Path "OU=ApplicationServers,OU=ComputerAccounts,OU=Managed,DC=USER02,DC=COM"
I have a script that allows people to create a new user from scratch or copying another user but for some reason it is not copying AD group memberships. Any help would be greatly appreciated.
I am getting the user information with this command which is working fine.
$userToCopy = Get-ADUser -identity $copyUsername -Properties Department, title, Company, MemberOf
Then I am asking questions to get updated info for the new user then creating the new use with this command and everything works but the group memberships do not copy over which I was expecting that using the $userToCopy as the -Instance would do.
New-ADUser -SamAccountName "$username" -Name "$fname $lname" -DisplayName "$fname $lname" -Surname "$lname" -GivenName "$fname" -userprincipalname "$fname.$lname#$domain" `
-AccountPassword $secPassword -ChangePasswordAtLogon $True -Office "$empID" -MobilePhone "$mobilePhone" -OfficePhone "$officePhone" -Title "$jobTitle" -department "$department" `
-ProfilePath "" -Path "$OUDN" -Instance $userToCopy -Credential $UserCredential -Server "BOM.chris.domain" -Enabled $True -Company "Chris"
This issue makes sense and then again it doesn't. Since ADUC supports copying groups from another account, it would seem like the same feature would be available with New-ADUser -Instance. However, New-ADUser does not seem to support updating group membership with any of its parameters. I can only guess, but I imagine this is because MemberOf is a calculated property rather than a direct attribute defined by the schema. You could do the following though with one line of code after creating the user.
Add-ADPrincipalGroupMembership -Identity $username -MemberOf $UserToCopy.MemberOf -Server "BOM.chris.domain"
The code above without -Identity $username could be piped into after the New-ADUser command provided you add the -Passthru switch to New-ADUser.
I am using the following powershell code for creating new mailboxes in my organization.
$users = Import-CSV C:\mailboxes.csv
$users| foreach {
$Password = convertto-securestring $_.password -asplaintext -force
new-mailbox -name $_.name -alias $_.alias -FirstName $_.Firstname -LastName $_.Lastname -userPrincipalName $_.userPrincipalName -PrimarySmtpAddress $_.PrimarySmtpAddress -Database $_.database -RetentionPolicy "b3a83dc4-e471-4d05-b357-25535aa027af" -OrganizationalUnit $_.OrganizationalUnit -Password $Password –ResetPasswordOnNextLogon:$false
}
Is there a way to insert a static text/value to this "zip code" and "po box" boxes, on the new active directory user, created along with this mailboxes?
for example , zip code should contain: "0101010101" and P.O Box should contain "000"
Your assistance is most appreciated
One option is to use Set-ADUser from the ActiveDirectory module. At the beginning of your script (before any loops), you can run the following if you have the module available to your current session.
Import-Module ActiveDirectory
After your New-Mailbox command, you can add the Set-ADUser command:
Set-ADUser -Filter "UserPrincipalName -eq '$($_.userprincipalname)'" -PostalCode "01010101" -POBox "000"
Sometimes AD replication can cause inconsistencies with multiple commands against AD objects. To get around that, you would typically use the -Server parameter to consistently target a domain controller that will see all of your read and write operations. The alternative (a slower one) is to run the AD user modifications after all of the mailboxes have been created and data has replicated to the AD Site you would be targeting.
AdminOfThings - Thanks for your reply.
So tell me,
Considering your last comment about the AD User modification conflict that i might occur,
i`m thinking some sort of "time delay" code might resolve such issues.
would it be logical to add something like "Start-Sleep" command to add a delay between
the "new-mailbox" and "Set-ADUser" commands as you suggested?
if so can you...write down how my script should like exactly, adding all things together please?
Thanks.
I am trying to create a small script that creates a folder on our file server, creates the share, sets the ACLs on the share, then maps the share to their U: drive via Home Folder in Active Directory.
The server is running 2012 R2, the Active Directory PowerShell Module is installed.
This is what I have thus far:
$session = new-pssession -ComputerName fileserver
Enter-PSSession $session
$user = read-host 'Input username'
import-module activedirectory
new-item -name $user -itemtype Directory -path "\\fileserver\G$" | out-null
new-smbshare -name "$user$" -path "G:\$user" -ContinuouslyAvailable $true -FullAccess "domain\domain admins" -changeaccess "domain\$user"
Set-ADuser $user -homedirectory "\\fileserver\$user$" -homedrive U:
I read using the Enter-PSSession command doesn't allow remote commands to pass through, and that instead you needed to use Invoke-Command -ScriptBatch.
It is telling me the share is already created, even though it is not. Any ideas?
You don't need a remote session for any of your commands, provided the RSAT are installed on your client (so that Set-ADUser is available locally). New-SmbShare can be run against a remote host using the -CimSession parameter.
However, I would strongly recommend against sharing each userhome individually. Instead share just the folder containing the userhomes (e.g. \\fileserver\userhomes$) and set the home directory to the user folder below that share:
$user = Read-Host 'Input username'
$userhome = New-Item -Name $user -Type Directory -Path "\\fileserver\userhomes$"
$acl = Get-Acl -Path $userhome.FullName
$acl.SetAccessRuleProtection($true, $true)
$perm = $user,'FullControl','ContainerInherit','ObjectInherit','None','Allow'
$ace = New-Object Security.AccessControl.FileSystemAccessRule $perm
$acl.SetAccessRule($ace)
$acl | Set-Acl -Path $userhome.FullName
Import-Module ActiveDirectory
Set-ADuser $user -HomeDirectory $userhome.FullName -HomeDrive 'U:'
Enable access-based enumeration on the share to present users with only those folders they can actually access.
Hi every one i am using the following code to add user to active directory but i am getting the error
Directory object not found
$NewUser = Read-Host "New Username"
$firstname = Read-Host "First Name"
$Lastname = Read-Host "Last Name"
$NewName = "$firstname $lastname"
New-ADUser -SamAccountName $NewUser -Name $NewName -GivenName $firstname -Surname
$lastname -Path "ou=Users,DC=mydomain,DC=local" -AccountPassword (Read-Host "New Password"
-AsSecureString)
I feel that you didn't really look at the Get-Help New-ADUser -Full since it specifies (please note the second bullet point):
-Path <string>
Specifies the X.500 path of the Organizational Unit (OU) or container where the new object
is created.
In many cases, a default value will be used for the Path parameter if no value is
specified. The rules for determining the default value are given below. Note that rules
listed first are evaluated first and once a default value can be determined, no further
rules will be evaluated.
In AD DS environments, a default value for Path will be set in the following cases:
- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter
is set to the current path of the provider drive.
- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the
Path parameter would default to the Users container.
- If none of the previous cases apply, the default value of Path will be set to the
default partition or naming context of the target domain.
So it should default to your Users OU and you don't really need to specify that. Also, I think you want -DisplayName and not -Name in the context that you are using it, and probably -Name and not -SamAccountName for that context. Try this:
New-ADUser -Name $NewUser -DisplayName $NewName -GivenName $firstname -Surname $lastname -AccountPassword (Read-Host "New Password" -AsSecureString)
Keep in mind that this account will be created as disabled by default. Add -Enabled $true to your command to have it create an enabled account. This does require a valid password be supplied. The account will still be created if the password is not valid, but it won't have a password, and will not be enabled.