Create Users & require password change at next logon script

Welcome Forums General PowerShell Q&A Create Users & require password change at next logon script

Viewing 0 reply threads
  • Author
    Posts
    • #6331
      Participant
      Topics: 1562
      Replies: 0
      Points: 1
      Rank: Member

      by ShiftNick at 2013-04-24 13:00:10

      Hello,

      I’m working on a script that will create the new users, set a temporary password and then require the users to change the password at the next logon. I can get everything to work expect the password change. Below is the script I’m running. I’m very new at this and this is a script I copied and changed what I needed to. My experience is limited at this point.

      Any assistance would be appreciated.

      $objOU=[ADSI]“LDAP://OU=Office,OU=Toronto,DC=DomainName,DC=local”<br />$dataSource=import-csv “userlist.csv”<br />foreach&#40;$dataRecord in $datasource&#41; {<br />$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName<br />$sAMAccountName=$dataRecord.FirstInitial + $dataRecord.LastName<br />$givenName=$dataRecord.FirstName<br />$sn=$dataRecord.LastName<br />$sAMAccountName=$sAMAccountName.ToLower&#40;&#41;<br />$displayName=$givenName + “ ” + $sn<br />$userPrincipalName=$sAMAccountName + “@edgetest.local”<br />$objUser=$objOU.Create&#40;“user”,”CN=”+$cn&#41;<br />$objUser.Put&#40;“sAMAccountName”,$sAMAccountName&#41;<br />$objUser.Put&#40;“userPrincipalName”,$userPrincipalName&#41;<br />$objUser.Put&#40;“displayName”,$displayName&#41;<br />$objUser.Put&#40;“givenName”,$givenName&#41;<br />$objUser.Put&#40;“sn”,$sn&#41;<br />$objUser.SetInfo&#40;&#41;<br />$objUser.SetPassword&#40;“Password”&#41;<br />$objUser.psbase.InvokeSet&#40;“AccountDisabled”,$false&#41;<br />$objUser.psbase.InvokeSet&#40;&quot;pwdLastSet&quot;,$0&#41;<br />$objUser.SetInfo&#40;&#41;<br />}

      by DonJ at 2013-04-25 07:14:24

      Are you able to use the Microsoft AD cmdlets to do this? Or the Quest ones? The cmdlets would be a lot easier – what you’ve got is basically a VBScript rewritten in PowerShell’s language.

      by ShiftNick at 2013-04-25 07:23:19

      I can definitely use the AD cmdlets if that’s a more effective way to get the results I need.

      by DonJ at 2013-04-25 09:19:15

      I think it would be. The New-ADUser and Set-ADUser commands would do exactly what you’re after in a much less programmatic fashion.

      by ShiftNick at 2013-04-25 10:31:19

      I’m trying this now;

      Import-Module ActiveDirectory <br />$Users = Import-Csv -Delimiter &quot;,&quot; -Path &quot;.\userlist.csv&quot;  <br />foreach &#40;$User in $Users&#41;  <br />{  </p><p> &lt;#define the OU the users will be added to, dont forget to change the domain to your domains DN#&gt;</p><p>    $OU = $User.OrgU +&quot;,DC=edgetest,DC=local&quot; </p><p> &lt;# Set variables for user #&gt;</p><p>    $Password = $Edge123 <br />    $Detailedname = $User.firstname + &quot; &quot; + $User.lastname <br />    $UserFirstname = $User.Firstname</p><p>  &lt;# the next 2 lines sets the username variable to be the first letter the persons firstname <br />followed by the lastname #&gt; </p><p>    $FirstLetterFirstname = $UserFirstname.substring&#40;0,1&#41; <br />    $SAM =  $FirstLetterFirstname + $User.lastname </p><p>New-ADUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName <br />$Detailedname -GivenName $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled <br />$true -ChangePasswordAtLogon $true -Path $OU  <br />}

      and the following error is being returned.

      New-ADUser : Directory object not found
      At C:\scripts\NewUserImportScript.ps1:29 char:11
      + New-ADUser <<<< -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -G
      me $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled $true -ChangePasswordAtLogon $true
      $OU
      + CategoryInfo : ObjectNotFound: (CN=John Smith21…getest,DC=local:String) [New-ADUser], ADIdentity
      undException
      + FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.NewADUser

      This is the info from the CSV file.

      FirstName,LastName,OrgU
      John,Smith21,OU=Users
      John,Smith22,OU=Users
      John,Smith23,OU=Users
      John,Smith24,OU=Users
      John,Smith25,OU=Users
      John,Smith26,OU=Users
      John,Smith27,OU=Users
      John,Smith28,OU=Users
      John,Smith29,OU=Users
      John,Smith30,OU=Users

      by DonJ at 2013-04-25 10:45:50

      "users" is not an OU. It’s a container; CN=users.

      Try running the command manually, using example values, first. It’s a ton easier to debug that way. Once it’s working you can put it into a script.

      by ShiftNick at 2013-04-26 06:46:55

      It looks like New-ADUser is not a recognized cmdlet. That doesn’t seem right. Is there some add-on that I still need to install?

      by DonJ at 2013-04-26 06:51:12

      Yes, the ActiveDirectory module. In v2, you have to manually load it by using "Import-Module ActiveDirectory" and note that the module isn’t native to Windows. It is in both the Windows 7 and Windows 8 RSAT downloads. It requires a Win2008R2 or later domain controller; or a Win2003-Win2008 DC on which you’ve installed the free Microsoft AD Management Gateway service (that’s what the commands talk to).

      by ShiftNick at 2013-04-26 06:58:06

      OK, I have RSAT installed, just didn’t realize i had to manually load the module. Thanks!

      by DonJ at 2013-04-26 07:01:26

      My fault. I’m completely used to v3, where you don’t.

      by ShiftNick at 2013-04-26 07:40:37

      I got it working and thanks so much for your help!

      Any other benefits in upgrading to v3 other than not having to load the modules?

      by DonJ at 2013-04-26 07:47:29

      A substantial number of benefits, yes.

Viewing 0 reply threads
  • The topic ‘Create Users & require password change at next logon script’ is closed to new replies.