I'm working on a small script to make adding users to our AD easier. It's just a one line New-ADUser powershell script that asks for inputs. It looks like this:
New-ADUser -Name (Read-Host "User Name") -AccountExpirationDate 0 -CannotChangePassword 1 -ChangePasswordAtLogon 0 -PasswordNeverExpires 1 -Company (Read-Host "Company") -Department (Read-Host "Department") -Title (Read-Host "Title") -Manager (Read-Host "Manager's User Name") -GivenName (Read-Host "Full Name") -MobilePhone (Read-Host "Cell Phone Number") -State (Read-Host "State") -AccountPassword (Read-Host -AsSecureString "Password") -ProfilePath (Read-Host "Roaming Profile Path") -Path (Read-Host "AD Path to User")
It asks for everything like it should but after inputting everything it returns: "New-ADUser : Not a valid Win32 FileTime. At line:1 char:11." I checked that location in the command (it's the space after "New-ADUser") and I don't know why it would return that.
Is this an efficient way of doing what I want? How can I fix my command to not return the error? Is it what I'm inputting into the spots?
You have to change:
-AccountExpirationDate 0
with
-AccountExpirationDate $null
or you can simply not set this parameter for an unexpiring account.
This technet page has an error.
For Windows Server 2016 the problem above exists, and the solution above does not work (completely).
I have found a workaround.
Yes, the Technet page above has an error; unfortunately, that also results in the PowerShell scripting system having a problem parsing the script
So - Error #1 - If you use the command New-ADUser as specified with 0 as the parameter, you get error New-ADUser : Not a valid win32 FileTime.
When you change 0 to $null, you get Error #2 - The term '(the next parameter in your command)' is not recognized as the name of a cmdlet, function
I found the following solution to completely solve the problem:
Change (as above) -AccountExpirationDate $null
Move this parameter to the LAST Parameter! Otherwise, you then end up with the error where the next item is incorrectly parsed. You'll note that in the IDE where the parameter shows up in the wrong color.
Related
I'd like to have a script that creates a local user based on choices from the user.
I currently do it by putting the command in a variable then I invoke it.
$pw = Read-Host "Enter password" -AsSecureString
$command = "New-LocalUser -Name $name -Password $pw $accountparam $accexpiredate $passwordparam $pwexpiredate $canchangepwparam"
iex $command
Everything is working fine except the password, the command fails with the following error :
Unable to convert the "System.Security.SecureString" value from the "System.String" type to the "System.Security.SecureString" type
If I remove the password parameter and let PowerShell automatically ask it then it works, but I'd like to manually ask it.
Can someone help me ?
Well I fixed it, here is the solution in case someone is asking himself the same question and finds this
$command = "New-LocalUser -Name $name -Password (ConvertTo-SecureString '$pw' -AsPlainText -Force) $accountparam $accexpiredate $passwordparam $pwexpiredate $canchangepwparam"
So i'm trying to create a list of new users in powershell on my windows server 2012 r2. I want the users name as Mike, Linda, Kurt. I run the following command
New-ADUser Kurt -enabled
I get an error as that does not work. I know that this command exists and works
New-ADUser Kurt
Is there a command to create a new user and set it to enabled without setting a password to it? I'm a beginner at powershell
You will need to add the $true value to the -Enabled flag, like so:
New-ADUser Kurt -Enabled $true
This is because the -Enabled flag expects a boolean value (true, false) to be sent to it.
We try to create new-mailbox in office 365 account using the cmdlet
New-Mailbox -UserPrincipalName chris#contoso.com -Alias chris -Database "Mailbox Database 1"
in WindowsPowershell ISE.To our surprise -UserPrincipalName is not a recognizable.However,using the following cmdlet ,we are able to create new mail box
New-Mailbox -Name "abcd" -MicrosoftOnlineServicesID "abcd#abcdwe.onmicrosoft.com" -Password $Password
here -MicrosoftOnlineServicesID is well recognizable and runs successfully also.
Note:I mean recognizable since when I type -MicrosoftOnlineServicesID in Windows Powershell ISE,the intellisense pops up a suggestion.
My question is why is the parameter -MicrosoftOnlineServicesID is recognizable and why the prameter -UserPrincipalName is not recognizable?
Note:In the same way as -UserPrincipalName , the parameter -TemplateInstance and many other parameters are not recognizable or not working properly.
Please carify what we need to include/import to make these cmdlets recognizable.
I have written a script to update a lot of users in Active Directory. It is taking about 10 seconds to run the update, and that seems like too long.
Here is my command:
Set-ADUser $userName -StreetAddress $address1 -Server "MyWickedCoolServerName"
I also tried something like this:
Set-ADUser $userName –Replace #{st=$address1} -Server "MyWickedCoolServerName"
As you can see I have to specify the server each time since we don't have the default one set up, could this be causing the issue? Also, I am running this script remotely on my pc which is not on the domain, so I have to use "runas" to run powershell and have access to AD. Could that be causing the issue?
Any suggestions on what I can look at to see where the performance issue is?
Your command will not work, because your computer is not joined to the Active Directory domain. Since you said that your computer is not domain-joined, you will have to use the -Credential parameter of the Set-ADUser command in order to run it successfully.
$Credential = Get-Credential;
Set-ADUser -Identity $userName -StreetAddress $address1 -Server MyWickedCoolServerName -Credential $Credential;
I have several domains and one admin account in each one. It is a great pain to log into each domain to change password every month..
I have therefore written a script that will connect to all domains and check to see if I have already changed the password or if I am still using the old one.
If I am using the old one the script should update it.
I connect to the domains (sequentially) with
$oldPassword = Read-Host "Enter old password" -AsSecureString
$newPassword = Read-Host "Enter new password" -AsSecureString
$oldCredentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "$domain\$adminusername",$oldPassword
Connect-QADService -Service $domain -Credential $oldCredentials
and if I get a successfull connection with $oldcredentials I try to change pwd with
GET-QADUSER $adminusername | SET-QADUSER -UserPassword $newPassword
I am guessing that I am not passing the secure string correctly to SET-QADUSER but I've found no documentation on another way to do it.
Please advice:)
SET-QADUSER -UserPassword accept [string] type not [System.Security.SecureString].
Try to pass just a string as password.