How can I set msTSInitialProgram in New-ADUser with PowerShell? - powershell

I'm using a PowerShell script I found to add new AD users. It reads info from a CSV file, and everything works well, except that I need it to set the initial startup program for the new users. Here is the command:
New-ADUser $sam -GivenName $_.GivenName -DisplayName $_.DisplayName `
-UserPrincipalName ($sam + "#" + $dnsroot) -AccountPassword $setpass -Enabled $enabled `
-PasswordNeverExpires $expires -OtherAttributes #{'msTSInitialProgram'="programToRun"; 'msTSWorkDirectory'="directoryToRunIn"}
After looking at the user that is created, I see that it effectively ignores the -OtherAttributes.
Am I missing an attribute somewhere that is causing it to skip setting the initial program?

The 'msTSInitialProgram' attribute specifies the path and file name of the application that the user wants to start automatically when the user logs on to the terminal server. To set an initial application to start when the user logs on, the implementer must first set this property, and then set the TerminalServicesWorkDirectory property. If the implementer sets only the TerminalServicesInitialProgram property, the application starts in the user's session in the default user directory.
These attributes are implemented on Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, and Windows Server 2012 R2 operating system.
On my Windows Server 2012 your command line works, run as administrator, works perfectly and assigned 'msTSInitialProgram' and 'msTSWorkDirectory' as you can see here under.
New-ADUser "T2" -GivenName "Tg" -DisplayName "T2" `
-UserPrincipalName ("T2#SILOGIX-ESS01.local") -Enabled $true -AccountPassword $(convertto-securestring "P#ssW0rD!" -asplaintext -force) `
-OtherAttributes #{'msTSInitialProgram'="programToRun"; 'msTSWorkDirectory'="directoryToRunIn"}

Related

Exchange hybrid enviornment powershell add user with a mailbox

What is the best way to add a user in a hybrid on-prem/o365 deployment with a mailbox? If I go into Exchange Admin Center on either the on-prem or o365 and add a recipient it replicates it out to the other EAC as well as adding the user to active directory on prem. Looking thru the powershell documentation it looks like the New-Mailbox command should do that but I cant get it to work. Here is what I have so far.
Connect-ExchangeOnline -Credential $credential -ShowProgress $true
Connect-AzureAD -Credential $credential
Connect-MsolService -Credential $credential
New-Mailbox -MicrosoftOnlineServicesID $uName"#mydomain.com" -Name "$fName $lName" -Password $secureString -ResetPasswordOnNextLogon $true
This creates the mailbox/user in o365 portal but not in on/off-prem EAC or active directory.
Steps:
First Create user and Assign a License
"New-ADUser -Name "user" -Accountpassword (Read-Host -AsSecureString "AccountPassword") -Enabled $true"
Enable remote Mailbox
"Enable-RemoteMailbox user -RemoteRoutingAddress user#domain.mail.onmicrosoft.com"

Create local administrator user account fails in Intune

The PowerShell script below works fine when I run it manually in a machine, but it won't run when deployed using Intune. It simply shows an error.
I have deployed this script using Intune with these settings -
(1) Run this script using the logged on credentials: No. (2)
Enforce script signature check: No. (3)
Run script in 64 bit PowerShell Host: No
Tested the script in a Windows 10 computer by starting CMD as admin, it works fine. Creates the local account if it does not exists, if it exists it changes the password.
PS> PowerShell -Ex ByPass scriptname.ps1
I am not able to find any event log (under DeviceManagement-Enterprise-Diagnostics-Provider) or error under MDMDiagnostics logs in the Intune enrolled Windows 10 computer.
$ExpectedLocalUser = "SUPERMAN"
$Password = ConvertTo-SecureString "P#ssw0rd" -AsPlainText -Force
Function Create_LocalAdmin
{
New-LocalUser $ExpectedLocalUser -Password $Password -FullName "Local Admin" -Description "Local Administrator account."
Add-LocalGroupMember -Group "Administrators" -Member $ExpectedLocalUser
Set-LocalUser -Name $ExpectedLocalUser -PasswordNeverExpires:$true
}
Try
{
## Catch if not found
$LocaAdminUser = Get-LocalUser -Name $ExpectedLocalUser -ErrorAction Stop
## If an account is found update the password
Set-LocalUser -Name $ExpectedLocalUser -Password $Password -PasswordNeverExpires:$true
}
Catch
{
Create_LocalAdmin
}
#mathias-r-jessen Suggestion worked. Changed to start PS in 64 bit host, and it worked.

Powershell New-ADUser set as enable

So i'm trying to create a list of new users in powershell on my windows server 2012 r2. I want the users name as Mike, Linda, Kurt. I run the following command
New-ADUser Kurt -enabled
I get an error as that does not work. I know that this command exists and works
New-ADUser Kurt
Is there a command to create a new user and set it to enabled without setting a password to it? I'm a beginner at powershell
You will need to add the $true value to the -Enabled flag, like so:
New-ADUser Kurt -Enabled $true
This is because the -Enabled flag expects a boolean value (true, false) to be sent to it.

New-Mailbox creation error

We try to create new-mailbox in office 365 account using the cmdlet
New-Mailbox -UserPrincipalName chris#contoso.com -Alias chris -Database "Mailbox Database 1"
in WindowsPowershell ISE.To our surprise -UserPrincipalName is not a recognizable.However,using the following cmdlet ,we are able to create new mail box
New-Mailbox -Name "abcd" -MicrosoftOnlineServicesID "abcd#abcdwe.onmicrosoft.com" -Password $Password
here -MicrosoftOnlineServicesID is well recognizable and runs successfully also.
Note:I mean recognizable since when I type -MicrosoftOnlineServicesID in Windows Powershell ISE,the intellisense pops up a suggestion.
My question is why is the parameter -MicrosoftOnlineServicesID is recognizable and why the prameter -UserPrincipalName is not recognizable?
Note:In the same way as -UserPrincipalName , the parameter -TemplateInstance and many other parameters are not recognizable or not working properly.
Please carify what we need to include/import to make these cmdlets recognizable.

set-aduser takes too long

I have written a script to update a lot of users in Active Directory. It is taking about 10 seconds to run the update, and that seems like too long.
Here is my command:
Set-ADUser $userName -StreetAddress $address1 -Server "MyWickedCoolServerName"
I also tried something like this:
Set-ADUser $userName –Replace #{st=$address1} -Server "MyWickedCoolServerName"
As you can see I have to specify the server each time since we don't have the default one set up, could this be causing the issue? Also, I am running this script remotely on my pc which is not on the domain, so I have to use "runas" to run powershell and have access to AD. Could that be causing the issue?
Any suggestions on what I can look at to see where the performance issue is?
Your command will not work, because your computer is not joined to the Active Directory domain. Since you said that your computer is not domain-joined, you will have to use the -Credential parameter of the Set-ADUser command in order to run it successfully.
$Credential = Get-Credential;
Set-ADUser -Identity $userName -StreetAddress $address1 -Server MyWickedCoolServerName -Credential $Credential;