The code I have used to create user is:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++)
{
$userID = “{0:0000}” -f ($userIndex + 1)
$userName = “Super.admin$userID”
Write-Host “Creating user” ($userIndex + 1) “of” $total “:” $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString “admin#123” -AsPlainText -Force) `
-City “City” `
-Company “Company” `
-Country “US” `
-Department “Department” `
-Description (“TEST ACCOUNT ” + $userID + “: This user account does not represent a real user and is meant for test purposes only”)`
-DisplayName “Test User ($userID)” `
-Division “Division” `
-EmailAddress “$userName#DESMOSEDICI.local” `
-EmployeeNumber “$userID” `
-EmployeeID “ISED$userID” `
-Enabled $true `
-Fax “703-555-$userID” `
-GivenName “Test” `
-HomePhone “703-556-$userID” `
-Initials “TU$userID” `
-MobilePhone “703-557-$userID” `
-Name “Super.Admin ($userID)” `
-Office “Office: $userID”`
-OfficePhone “703-558-$userID” `
-Organization “Organization” `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox “PO Box $userID”`
-PostalCode $userID `
-SamAccountName $userName `
-State “VA – Virginia” `
-StreetAddress “$userID Any Street” `
-Surname “User ($userID)” `
-Title “Title” `
-UserPrincipalName “$userName#Domain.com“
}
Under my business unit group HR is created. How can I add a user in this group or create the users and assign the HR group to the users using the above script?
I tried to change the -Path
-Path "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com"
But it is not working.
Path is the Organizational Unit (or Container) the account will be created in. It has nothing to do with Group membership.
Use:
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
Edit: This shows the command in the context of your script:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++) {
$userID = "{0:0000}" -f ($userIndex + 1)
$userName = "Super.admin$userID"
Write-Host "Creating user" ($userIndex + 1) "of" $total ":" $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString "admin#123" -AsPlainText -Force) `
-City "City" `
-Company "Company" `
-Country "US" `
-Department "Department" `
-Description ("TEST ACCOUNT " + $userID + ": This user account does not represent a real user and is meant for test purposes only")`
-DisplayName "Test User ($userID)" `
-Division "Division" `
-EmailAddress "$userName#DESMOSEDICI.local" `
-EmployeeNumber "$userID" `
-EmployeeID "ISED$userID" `
-Enabled $true `
-Fax "703-555-$userID" `
-GivenName "Test" `
-HomePhone "703-556-$userID" `
-Initials "TU$userID" `
-MobilePhone "703-557-$userID" `
-Name "Super.Admin ($userID)" `
-Office "Office: $userID"`
-OfficePhone "703-558-$userID" `
-Organization "Organization" `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox "PO Box $userID"`
-PostalCode $userID `
-SamAccountName $userName `
-State "VA – Virginia" `
-StreetAddress "$userID Any Street" `
-Surname "User ($userID)" `
-Title "Title" `
-UserPrincipalName "$userName#Domain.com"
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
}
If you are receiving errors from New-ADUser something is wrong with your existing script, the new command is entirely separate and must fall after New-ADUser has done its job.
Related
I have a pretty lengthy script that takes either user input or data from a .csv file to create AD accounts. Not all the time, but sometimes I receive the following error while running it:
New-ADUser : The server has returned the following error: encoding limit exceeded.
Is there a limit on the amount of variables I can use? Because I do have quite a few.. here's what the sample code looks like where it sometimes get stuck:
If($GuardAccount){
If($Clone){
If($Attribute6){
$newuser = New-ADUser -SamAccountName $Username -Enabled $true -Name $DisplayName -Path $Path -AccountPassword $Password `
-GivenName $FirstName -Surname $LastName -Initials $Initials -DisplayName $DisplayName -City $City `
-Company $Company -Department $Department -Country $Country -State $State `
-StreetAddress $Street -PostalCode $Postal -OfficePhone $Telephone -Fax $Fax -Description $Description `
-Title $Title -Office $Office -Instance $Cloneuser -UserPrincipalName "$Username#business.com" -PassThru `
-OtherAttributes #{
'extensionattribute6'=$Attribute6;
}
...
So what does encoding limit exceeded mean? Is there any way around it?
I've tried googling for answers but there doesn't seem to be much info on this error.
Import-Module activedirectory
$ADUsers = Import-Csv -Path "C:\Script\CreateUser.Mass\20190527.Wave.csv"
foreach ($User in $ADUsers)
{
$GivenName = $User.'GivenName'
$Surname = $User.'Surname'
$Displayname = $User.'DisplayName'
$Title = $User.'Title'
$Department = $User.'Department'
$Office = $User.'Office'
$Company = $User.'Company'
$StreetAddress = $User.'StreetAddress'
$City = $User.'City'
$Country = $User.'Country'
$HomePage = $User.'HomePage'
$Password = $User.'Password'
$SAM = $User.'SamAccountName'
$OU = "OU=Users-Massimport,OU=SITA-HK,DC=swiresita,DC=com"
$UPN = $User.'DisplayName' + "#swiresita.com"
New-ADUser -Name "$Displayname" -GivenName "$GivenName" -Surname "$Surname" -Displayname "$Displayname" -Title "$Title" -Department "$Department" -Office "$Office" -Company "$Company" -StreetAddress "$StreetAddress" -City "$City" -Country "$Country" -HomePage "$HomePage" -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -SamAccountName $SAM -UserPrincipalName $UPN -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Enabled $true -Path "$OU" -ChangePasswordAtLogon $false -PasswordNeverExpires $false
}
As mentioned by Bill_Stewart in the comments, use splatting:
foreach ($User in $ADUsers)
{
$adUserParameters = #{
GivenName = $User.'GivenName'
Surname = $User.'Surname'
Displayname = $User.'DisplayName'
Title = $User.'Title'
Department = $User.'Department'
Office = $User.'Office'
Company = $User.'Company'
StreetAddress = $User.'StreetAddress'
City = $User.'City'
Country = $User.'Country'
HomePage = $User.'HomePage'
Password = $User.'Password'
SAM = $User.'SamAccountName'
OU = "OU=Users-Massimport,OU=SITA-HK,DC=swiresita,DC=com"
UPN = ($User.'DisplayName' + "#swiresita.com")
AccountPassword = (ConvertTo-SecureString $Password -AsPlainText -Force)
Enabled = $true
ChangePasswordAtLogon = $false
PasswordNeverExpires = $false
}
New-ADUser #adUserParameters
}
If you're on an older version of powershell you can use '`' (grave sign) to add a new line while continuing the call to New-AdUser:
New-ADUser `
-Name "$Displayname" `
-GivenName "$GivenName" `
-Surname "$Surname" `
-Displayname "$Displayname" `
-Title "$Title" `
-Department "$Department" `
-Office "$Office" `
-Company "$Company" `
-StreetAddress "$StreetAddress" `
-City "$City" `
-Country "$Country" `
-HomePage "$HomePage" `
-SamAccountName $SAM `
-UserPrincipalName $UPN `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $true `
-Path "$OU" `
-ChangePasswordAtLogon $false `
-PasswordNeverExpires $false
I'm trying to automate AD user creation with PowerShell.
This is the code:
Create AD User
New-ADUser -Name $DisplayName `
-SamAccountName $SamAccountName `
-GivenName $FirstName `
-Surname $LastName `
-DisplayName $DisplayName `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $true `
-PasswordNeverExpires $False `
-ChangePasswordAtLogon $True `
-UserPrincipalName $UserPrincipalName `
-EmailAddress $PrimaryEmailAddress `
-OtherAttributes #{'proxyAddresses' = $proxyAddressesEmailMandatory} `
-OtherAttributes #{'ipPhone' = $UserExtension} `
Attribute "proxyAddress" is necessary so we can have Azure AD Sync between on-premise AD and Azure AD.
But now, we are trying to connect FreePBX with on-premise AD. In order to achieve that, we need to have "ipPhone" attribute.
Before I added last line, script was working fine.
I can see where the problem is, but I don't know how to fix it. Help with an example would be appreciated.
New-ADUser -Name $DisplayName `
-SamAccountName $SamAccountName `
-GivenName $FirstName `
-Surname $LastName `
-DisplayName $DisplayName `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $true `
-PasswordNeverExpires $False `
-ChangePasswordAtLogon $True `
-UserPrincipalName $UserPrincipalName `
-EmailAddress $PrimaryEmailAddress `
-OtherAttributes #{
'proxyAddresses' = $proxyAddressesEmailMandatory
'ipPhone' = $UserExtension
}
I want to create AD user by asking prompts from user input one by one.
I searched the script from google. See below.
$title = "Login"
$message = "Please enter your information to login!"
$name = New-Object System.Management.Automation.Host.FieldDescription "Name"
$name.Label = "&Login Name"
$name.DefaultValue = "Guest"
$pwd = New-Object System.Management.Automation.Host.FieldDescription "Password"
$pwd.Label = "&Password"
$pwd.SetparameterType( [System.Security.SecureString] )
$pwd.HelpMessage = "Please type your Password."
$fields = [System.Management.Automation.Host.FieldDescription[]]($name, $pwd)
$login=$Host.UI.Prompt($title, $message, $fields)
How to pass these parameters in below old statement
New-ADUser -Name “Charlie Russel” `
-AccountPassword "testing" `
-SamAccountName 'Charlie’ `
-DisplayName 'Charlie Russel’ `
-EmailAddress 'Charlie#TreyResearch.net’ `
-Enabled $True `
-GivenName 'Charlie’ `
-PassThru `
-PasswordNeverExpires $True `
-Surname 'Russel’ `
-UserPrincipalName 'Charlie’
You can access it using $login.Name and $login.Password:
New-ADUser -Name 'Charlie Russel' `
-AccountPassword $login.Password `
-SamAccountName $login.Name `
-DisplayName 'Charlie Russel’ `
-EmailAddress 'Charlie#TreyResearch.net’ `
-Enabled $True `
-GivenName 'Charlie’ `
-PassThru `
-PasswordNeverExpires $True `
-Surname 'Russel’ `
-UserPrincipalName 'Charlie'
I am trying to import a list of users from a csv file and I get the following error:
script:
PS C:\Software> import-csv C:\Software\lastDumpPolished.csv | % {
New-ADUser -Name $_.Name -SamAccountName $_.SamAccountName `
-DisplayName $_.Name -Surname $_.Sn -GivenName $_.GivenName `
-AccountPassword (ConvertTo-SecureString password1234 `
-AsPlainText -Force) -Enabled:$true -Title $_.Title `
-Description $_.describtion -Company Myland `
-OfficePhone $_.Telephone -HomeDrive Z: `
-HomeDirectory $homedrive -ChangePasswordAtLogon:$true `
} | Enable-Mailbox -Identity $_.SamAccountName -Alias $_.SamAccountName
Error:
Enable-Mailbox : Cannot bind argument to parameter 'Identity' because it is null.
At line:1 char:443
+ ... lbox -Identity $_.SamAccountName -Alias $_.SamAccountName
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Enable-Mailbox], ParameterBind
ingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,M
icrosoft.Exchange.Management.RecipientTasks.EnableMailbox
Powershell doesn't remember $_.SamAccountName for some reason.
It there an easy 'inline method' of setting it to a variable that can be used after the pipe?
How do I get rid of that error so I can create and enable the mailboxes in bulk?
import-csv C:\Software\lastDumpPolished.csv | % {
New-ADUser -Name $_.Name -SamAccountName $_.SamAccountName `
-DisplayName $_.Name -Surname $_.Sn -GivenName $_.GivenName `
-AccountPassword (ConvertTo-SecureString password1234 `
-AsPlainText -Force) -Enabled:$true -Title $_.Title `
-Description $_.describtion -Company Myland `
-OfficePhone $_.Telephone -HomeDrive Z: `
-HomeDirectory $homedrive -ChangePasswordAtLogon:$true `
} | % { Enable-Mailbox -Identity $_.SamAccountName -Alias $_.SamAccountName }