I want to create AD user by asking prompts from user input one by one.
I searched the script from google. See below.
$title = "Login"
$message = "Please enter your information to login!"
$name = New-Object System.Management.Automation.Host.FieldDescription "Name"
$name.Label = "&Login Name"
$name.DefaultValue = "Guest"
$pwd = New-Object System.Management.Automation.Host.FieldDescription "Password"
$pwd.Label = "&Password"
$pwd.SetparameterType( [System.Security.SecureString] )
$pwd.HelpMessage = "Please type your Password."
$fields = [System.Management.Automation.Host.FieldDescription[]]($name, $pwd)
$login=$Host.UI.Prompt($title, $message, $fields)
How to pass these parameters in below old statement
New-ADUser -Name “Charlie Russel” `
-AccountPassword "testing" `
-SamAccountName 'Charlie’ `
-DisplayName 'Charlie Russel’ `
-EmailAddress 'Charlie#TreyResearch.net’ `
-Enabled $True `
-GivenName 'Charlie’ `
-PassThru `
-PasswordNeverExpires $True `
-Surname 'Russel’ `
-UserPrincipalName 'Charlie’
You can access it using $login.Name and $login.Password:
New-ADUser -Name 'Charlie Russel' `
-AccountPassword $login.Password `
-SamAccountName $login.Name `
-DisplayName 'Charlie Russel’ `
-EmailAddress 'Charlie#TreyResearch.net’ `
-Enabled $True `
-GivenName 'Charlie’ `
-PassThru `
-PasswordNeverExpires $True `
-Surname 'Russel’ `
-UserPrincipalName 'Charlie'
Related
Import-Module activedirectory
$ADUsers = Import-Csv -Path "C:\Script\CreateUser.Mass\20190527.Wave.csv"
foreach ($User in $ADUsers)
{
$GivenName = $User.'GivenName'
$Surname = $User.'Surname'
$Displayname = $User.'DisplayName'
$Title = $User.'Title'
$Department = $User.'Department'
$Office = $User.'Office'
$Company = $User.'Company'
$StreetAddress = $User.'StreetAddress'
$City = $User.'City'
$Country = $User.'Country'
$HomePage = $User.'HomePage'
$Password = $User.'Password'
$SAM = $User.'SamAccountName'
$OU = "OU=Users-Massimport,OU=SITA-HK,DC=swiresita,DC=com"
$UPN = $User.'DisplayName' + "#swiresita.com"
New-ADUser -Name "$Displayname" -GivenName "$GivenName" -Surname "$Surname" -Displayname "$Displayname" -Title "$Title" -Department "$Department" -Office "$Office" -Company "$Company" -StreetAddress "$StreetAddress" -City "$City" -Country "$Country" -HomePage "$HomePage" -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -SamAccountName $SAM -UserPrincipalName $UPN -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Enabled $true -Path "$OU" -ChangePasswordAtLogon $false -PasswordNeverExpires $false
}
As mentioned by Bill_Stewart in the comments, use splatting:
foreach ($User in $ADUsers)
{
$adUserParameters = #{
GivenName = $User.'GivenName'
Surname = $User.'Surname'
Displayname = $User.'DisplayName'
Title = $User.'Title'
Department = $User.'Department'
Office = $User.'Office'
Company = $User.'Company'
StreetAddress = $User.'StreetAddress'
City = $User.'City'
Country = $User.'Country'
HomePage = $User.'HomePage'
Password = $User.'Password'
SAM = $User.'SamAccountName'
OU = "OU=Users-Massimport,OU=SITA-HK,DC=swiresita,DC=com"
UPN = ($User.'DisplayName' + "#swiresita.com")
AccountPassword = (ConvertTo-SecureString $Password -AsPlainText -Force)
Enabled = $true
ChangePasswordAtLogon = $false
PasswordNeverExpires = $false
}
New-ADUser #adUserParameters
}
If you're on an older version of powershell you can use '`' (grave sign) to add a new line while continuing the call to New-AdUser:
New-ADUser `
-Name "$Displayname" `
-GivenName "$GivenName" `
-Surname "$Surname" `
-Displayname "$Displayname" `
-Title "$Title" `
-Department "$Department" `
-Office "$Office" `
-Company "$Company" `
-StreetAddress "$StreetAddress" `
-City "$City" `
-Country "$Country" `
-HomePage "$HomePage" `
-SamAccountName $SAM `
-UserPrincipalName $UPN `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $true `
-Path "$OU" `
-ChangePasswordAtLogon $false `
-PasswordNeverExpires $false
I'm trying to automate AD user creation with PowerShell.
This is the code:
Create AD User
New-ADUser -Name $DisplayName `
-SamAccountName $SamAccountName `
-GivenName $FirstName `
-Surname $LastName `
-DisplayName $DisplayName `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $true `
-PasswordNeverExpires $False `
-ChangePasswordAtLogon $True `
-UserPrincipalName $UserPrincipalName `
-EmailAddress $PrimaryEmailAddress `
-OtherAttributes #{'proxyAddresses' = $proxyAddressesEmailMandatory} `
-OtherAttributes #{'ipPhone' = $UserExtension} `
Attribute "proxyAddress" is necessary so we can have Azure AD Sync between on-premise AD and Azure AD.
But now, we are trying to connect FreePBX with on-premise AD. In order to achieve that, we need to have "ipPhone" attribute.
Before I added last line, script was working fine.
I can see where the problem is, but I don't know how to fix it. Help with an example would be appreciated.
New-ADUser -Name $DisplayName `
-SamAccountName $SamAccountName `
-GivenName $FirstName `
-Surname $LastName `
-DisplayName $DisplayName `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $true `
-PasswordNeverExpires $False `
-ChangePasswordAtLogon $True `
-UserPrincipalName $UserPrincipalName `
-EmailAddress $PrimaryEmailAddress `
-OtherAttributes #{
'proxyAddresses' = $proxyAddressesEmailMandatory
'ipPhone' = $UserExtension
}
I'm trying to create Azure AD user but I keep getting same error.
Cannot bind parameter 'PasswordProfile'.
I've tried many solutions but none has solved it.
$DN = $User.DisplayName
$FN = $User.GivenName
$LN = $User.SurName
$UPN = $User.UserPrincipalName
$UL = $User.UsageLocation
$MNN = $User.MailNickName
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = $User.PasswordP
[boolean]$AE = [System.Convert]::ToBoolean($User.AccountEnabled)
New-AzureADUser `
-DisplayName = $DN `
-GivenName = $FN `
-SurName = $LN `
-UserPrincipalName = $UPN `
-UsageLocation = $UL `
-MailNickName = $MNN `
-PasswordProfile = $PasswordProfile `
-AccountEnabled = $AE
Powershell Output
In your cmdlet to create User, you could not use =. Modify your cmdlet like below:
New-AzureADUser `
-DisplayName $DN `
-GivenName $FN `
-SurName $LN `
-UserPrincipalName $UPN `
-UsageLocation $UL `
-MailNickName $MNN `
-PasswordProfile $PasswordProfile `
-AccountEnabled $AE
Please refer to this link about how to use :New-AzureADUser.
The code I have used to create user is:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++)
{
$userID = “{0:0000}” -f ($userIndex + 1)
$userName = “Super.admin$userID”
Write-Host “Creating user” ($userIndex + 1) “of” $total “:” $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString “admin#123” -AsPlainText -Force) `
-City “City” `
-Company “Company” `
-Country “US” `
-Department “Department” `
-Description (“TEST ACCOUNT ” + $userID + “: This user account does not represent a real user and is meant for test purposes only”)`
-DisplayName “Test User ($userID)” `
-Division “Division” `
-EmailAddress “$userName#DESMOSEDICI.local” `
-EmployeeNumber “$userID” `
-EmployeeID “ISED$userID” `
-Enabled $true `
-Fax “703-555-$userID” `
-GivenName “Test” `
-HomePhone “703-556-$userID” `
-Initials “TU$userID” `
-MobilePhone “703-557-$userID” `
-Name “Super.Admin ($userID)” `
-Office “Office: $userID”`
-OfficePhone “703-558-$userID” `
-Organization “Organization” `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox “PO Box $userID”`
-PostalCode $userID `
-SamAccountName $userName `
-State “VA – Virginia” `
-StreetAddress “$userID Any Street” `
-Surname “User ($userID)” `
-Title “Title” `
-UserPrincipalName “$userName#Domain.com“
}
Under my business unit group HR is created. How can I add a user in this group or create the users and assign the HR group to the users using the above script?
I tried to change the -Path
-Path "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com"
But it is not working.
Path is the Organizational Unit (or Container) the account will be created in. It has nothing to do with Group membership.
Use:
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
Edit: This shows the command in the context of your script:
Import-Module ActiveDirectory
$total = 2
for ($userIndex=0; $userIndex -lt $total; $userIndex++) {
$userID = "{0:0000}" -f ($userIndex + 1)
$userName = "Super.admin$userID"
Write-Host "Creating user" ($userIndex + 1) "of" $total ":" $userName
New-ADUser `
-AccountPassword (ConvertTo-SecureString "admin#123" -AsPlainText -Force) `
-City "City" `
-Company "Company" `
-Country "US" `
-Department "Department" `
-Description ("TEST ACCOUNT " + $userID + ": This user account does not represent a real user and is meant for test purposes only")`
-DisplayName "Test User ($userID)" `
-Division "Division" `
-EmailAddress "$userName#DESMOSEDICI.local" `
-EmployeeNumber "$userID" `
-EmployeeID "ISED$userID" `
-Enabled $true `
-Fax "703-555-$userID" `
-GivenName "Test" `
-HomePhone "703-556-$userID" `
-Initials "TU$userID" `
-MobilePhone "703-557-$userID" `
-Name "Super.Admin ($userID)" `
-Office "Office: $userID"`
-OfficePhone "703-558-$userID" `
-Organization "Organization" `
-Path "OU=BusinessUnit,DC=Domain,DC=com" `
-POBox "PO Box $userID"`
-PostalCode $userID `
-SamAccountName $userName `
-State "VA – Virginia" `
-StreetAddress "$userID Any Street" `
-Surname "User ($userID)" `
-Title "Title" `
-UserPrincipalName "$userName#Domain.com"
Add-ADGroupMember "CN=HR,OU=Utility,DC=DESMOSEDICI,DC=com" -Member "$userName#Domain.com"
}
If you are receiving errors from New-ADUser something is wrong with your existing script, the new command is entirely separate and must fall after New-ADUser has done its job.
The error I'm getting is "Missing expression after unary operator '-'" At line 63, char 14. So it's where the Path/OU is set, but I can't find anything wrong with it. Any help is appreciated. Thanks.
# Import active directory module for running AD cmdlets
Import-Module ActiveDirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv C:\ADMaint\NewUsers\NewUsers.csv
$Password = "Welcome01"
$OU = "ou=NewUsers,ou=Users,ou=Logins,dc=company,dc=com"
#Loop through each row containing user details in the CSV file
foreach ($User in $ADUsers)
{
#Read user data from each field in each row and assign the data to a variable as below
$Firstname = $User.firstname
$Middle = $User.middle
$Lastname = $User.lastname
$Department = $User.department
$Title = $User.title
$Office = $User.office
$Address = $User.address
$Company = $User.company
$employeeNumber = $User.employeeNumber
$employeeID = $User.employeeID
$Telephone = $User.telephone
$Pager = $User.pager
$Mobile = $User.mobile
$Fax = $User.fax
$Custom1 = $User.custom1
$Custom2 = $User.custom2
$Custom3 = $User.custom3
$Custom4 = $User.custom4
$DisplayName = "$Lastname" + ", " + "$Firstname" + " " + "$Middle"
$Username = "$lastname".ToLower() + "$firstname".substring(0,1).ToLower()
#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user does exist, give a warning
Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
#User does not exist then proceed to create the new user account
#Account will be created in the OU provided by the $OU variable read from the CSV file
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName "$Username#vinfen.org" `
-Name $DisplayName `
-GivenName $Firstname `
-surname $Lastname `
-initials $Middle `
-department $Department `
-title $Title `
-Office $Office `
-streetAddress $Address `
-Company $Company `
-employeeNumber $EmployeeNumber `
-employeeID $EmployeeID `
-OfficePhone $Telephone `
-mobile $Mobile `
-fax $Fax `
-DisplayName $DisplayName`
-Path $OU `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force) `
#-OtherAttribute #{pager="$(User."pager")"; extensionAttribute1="$(User."custom1")"; extensionAttribute2="$(User."custom2")"; extensionAttribute3="$(User."custom3")"; extensionAttribute4="$(User."custom4")"} `
-ChangePasswordAtLogon $true `
-Enabled $true `
}
}
Can't verify now, but looks like there is a missing space before the ` on the previous line.
-DisplayName $DisplayName`
Multi-line commands require the space before the ` symbol.