AD User & Home Directory Rename

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Matt Howard Matt Howard 5 months, 1 week ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #37985
    Profile photo of Randy Presnell
    Randy Presnell
    Participant

    Hello
    I was tasked with updating all of our user names to our new scheme of firstname.lastname from our previous convention of first 6 letters of lastname plus first 2 of first name. I found a PS script and have modified it to try and accomplish what we need but I am very new to PS and not sure what I am missing or where I need to make changes. We have a mixed environment of some users having the 6 and 2 name while others have the first.last name. I am using the script below and it works to rename the older logons and home directories however it is throwing errors such as:
    "The specified account already exists" (Happens when running on account that is already set to first.last instead of checking to see if another account name already exists and if so, changes to first.middle.last or leaves as is if no existing account exists.)
    "Rename-Item: Cannot rename item at \\fs01\users\duckda does not exist"
    (I get this error but it changes the home directory path to \\fs01\users\daffy.duck"
    I am trying to have it look at a specific OU and then change the users to first.last unless there is an existing first.last account and then change it to first.middle.last. Any help or guidance would be greatly appreciated.

    import-module activedirectory

    $ou = Read-Host "What OU do you want to update?";

    $usersToChange = Get-ADUser -Filter * -SearchBase "OU=$ou, OU=RSD, DC=domain, DC=domain" -Properties *;
    # Grabs all the users in the OU and puts them in an array

    foreach ($user in $usersToChange) {

    $oldLogon = Get-AdUser $user -Properties * | Select-Object -Expand sAMAccountName;
    # This grabs old account info

    $lastName = Get-AdUser $user -Properties * | Select-Object -Expand surname;
    # This grabs Last Name

    $middleName = Get-ADUser $user -Properties * | Select-Object -Expand initials;
    # This grabs middle initial

    $firstName = Get-aduser $user -Properties * | Select-Object -Expand givenName;
    # This grabs first name

    $newLogon = $firstname, $lastName -join ".";
    # This concatenates into first.last

    $fullLogon = $firstName, $middleName, $lastName -join ".";
    # Concatenates into first.middle.last

    $principalName = $newLogon + "@domain";

    $fullprincipalName = $fullLogon + "@domain";

    IF(Get-AdUser -filter {samAccountName -ne "$newLogon"}) {
    Get-ADUser -Identity $user | Set-AdUser -Replace @{samaccountname = $newLogon};
    Get-ADUser -Identity $user | Set-AdUser -Replace @{userPrincipalName = $principalName};
    Set-AdUser -Identity $newLogon -HomeDrive "H:" -HomeDirectory "\\fs01\users\$oldLogon";
    Rename-Item -path "\\fs01\users\$oldLogon" -newName "\\fs01\users\$newLogon";
    # This renames the path of the home folder for the user to match the new logon name
    Set-AdUser -Identity $newLogon -HomeDrive "H:" -HomeDirectory "\\fs01\users\$newLogon";
    }
    ELSE {
    Get-ADUser -Identity $user | Set-AdUser -Replace @{samaccountname = $fullLogon};
    Get-ADUser -Identity $user | Set-AdUser -Replace @{userPrincipalName = $fullprincipalName};
    Set-AdUser -Identity $fullLogon -HomeDrive "H:" -HomeDirectory "\\fs01\users\$oldLogon";
    Rename-Item -path "\\fs01\users\$oldLogon" -newName "\\fs01\users\$fullLogon";
    # This renames the path of the home folder for the user to match the new logon name
    Set-AdUser -Identity $fullLogon -HomeDrive "H:" -HomeDirectory "\\fs01\users\$fullLogon";
    }

    }

    #37986
    Profile photo of Anthony Stringer
    Anthony Stringer
    Participant

    this is not a full script, but it may be a good starting point. instead of using get-aduser so many times, remember that the $user variable probably already has the information you're looking for

    Import-Module ActiveDirectory
    
    $ou = Read-Host 'What OU do you want to update?'
    
    # Grabs all the users in the OU and puts them in an array
    $usersToChange = Get-ADUser -Filter * -SearchBase "OU=$ou, OU=RSD, DC=domain, DC=domain" -Properties surname, initials, givenname, userprincipalname
    
    foreach ($user in $usersToChange) {
        $oldLogon = $user.samaccountname
        $lastName = $user.surname
        $middleName = $user.initials
        $firstName = $user.givenname
    
        # This concatenates into first.last
        $newLogon = $firstname, $lastName -join '.'
    
        $principalName = $newLogon + [email protected]'
    
        if ($middleName) {
            # Concatenates into first.middle.last
            $fullLogon = $firstName, $middleName, $lastName -join '.'
            $fullprincipalName = $fullLogon + [email protected]'
        }
    
        if ($oldLogon.ToLower() -ne $newLogon.ToLower()) {
            Write-Host "can create $newLogon"
            # do work here
        } else {
            Write-Host "$newLogon already exists"
            # do work here
        }
    }
    
    #38003
    Profile photo of Matt Howard
    Matt Howard
    Participant

    To tack on to what Anthony suggested, you do not need to call Set-ADUser multiple times. If you have all of the new values ready to go, you can use Set-ADUser with one line:

    Get-ADUser -Identity $User | Set-ADUser -SamAccountName $newLogon -UserPrincipalName $principalName -HomeDirectory "\\fs01\users\$newLogon"
    
    #38009
    Profile photo of Randy Presnell
    Randy Presnell
    Participant

    Is there a way to check to see if an existing user name already exists before creation? I modified the script like this and it works great except if I am trying to update doejo to John.Doe and our ORG already has an account John.Doe it errors and changes doejo's UPN to John.Doe while leaving the sAMAccountName and HomeDir untouched. I removed the middle name part as we only want to assign users that naming convention if there is already a John.Doe existing. I appreciate the help with this and we could work with this as there are only a handful of users that would have matching user names but a fully automated process would be great also.

    Import-Module ActiveDirectory

    $ou = Read-Host 'What OU do you want to update?'

    # Grabs all the users in the OU and puts them in an array
    $usersToChange = Get-ADUser -Filter * -SearchBase "OU=$ou, OU=RSD, DC=domain, DC=domain" -Properties surname, initials, givenname, userprincipalname

    foreach ($user in $usersToChange) {
    $oldLogon = $user.samaccountname
    $lastName = $user.surname
    $middleName = $user.initials
    $firstName = $user.givenname

    # This concatenates into first.last
    $newLogon = $firstname, $lastName -join '.'

    $principalName = $newLogon + [email protected]'

    if ($oldLogon.ToLower() -ne $newLogon.ToLower() -and $oldLogon.ToLower() -ne $fullLogon.ToLower()) {
    Write-Host "can create $newLogon"
    Get-ADUser -Identity $user | Set-AdUser -Replace @{samaccountname = $newLogon};
    Get-ADUser -Identity $user | Set-AdUser -Replace @{userPrincipalName = $principalName};
    Set-AdUser -Identity $newLogon -HomeDrive "H:" -HomeDirectory "\\fs01\users\$oldLogon";
    Rename-Item -path "\\fs01\users\$oldLogon" -newName "\\fs01\users\$newLogon";
    Set-AdUser -Identity $newLogon -HomeDrive "H:" -HomeDirectory "\\fs01\users\$newLogon";
    } else {
    Write-Host "$oldLogon already exists"
    # do work here
    }
    }

    #38015
    Profile photo of Matt Howard
    Matt Howard
    Participant

    change your $newLogon line to this try/catch statement:

    $newLogon = $firstName, $lastName -join '.'
    try {
        Get-ADUser -Identity $newLogon | Out-Null
        # If the previous command was successful, change the newLogon variable
        if ($?) {
            $newLogon = $firstName, $middleName, $lastName -join '.'
            Write-Host "Logon name exists. New Logon name is now $newLogon"
        }
    } catch {
        # This will handle the 'ADIdentityNotFoundException' error message if the logon is not in use
        Write-Host "Logon name $newLogon is not in use."
    }
    
Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.