Create Users & require password change at next logon script

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 5 months ago.

  • Author
    Posts
  • #6331

    by ShiftNick at 2013-04-24 13:00:10

    Hello,

    I'm working on a script that will create the new users, set a temporary password and then require the users to change the password at the next logon. I can get everything to work expect the password change. Below is the script I'm running. I'm very new at this and this is a script I copied and changed what I needed to. My experience is limited at this point.

    Any assistance would be appreciated.

    $objOU=[ADSI]“LDAP://OU=Office,OU=Toronto,DC=DomainName,DC=local”
    $dataSource=import-csv “userlist.csv”
    foreach($dataRecord in $datasource) {
    $cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
    $sAMAccountName=$dataRecord.FirstInitial + $dataRecord.LastName
    $givenName=$dataRecord.FirstName
    $sn=$dataRecord.LastName
    $sAMAccountName=$sAMAccountName.ToLower()
    $displayName=$givenName + “ ” + $sn
    $userPrincipalName=$sAMAccountName + “@edgetest.local”
    $objUser=$objOU.Create(“user”,”CN=”+$cn)
    $objUser.Put(“sAMAccountName”,$sAMAccountName)
    $objUser.Put(“userPrincipalName”,$userPrincipalName)
    $objUser.Put(“displayName”,$displayName)
    $objUser.Put(“givenName”,$givenName)
    $objUser.Put(“sn”,$sn)
    $objUser.SetInfo()
    $objUser.SetPassword(“Password”)
    $objUser.psbase.InvokeSet(“AccountDisabled”,$false)
    $objUser.psbase.InvokeSet("pwdLastSet",$0)
    $objUser.SetInfo()
    }

    by DonJ at 2013-04-25 07:14:24

    Are you able to use the Microsoft AD cmdlets to do this? Or the Quest ones? The cmdlets would be a lot easier – what you've got is basically a VBScript rewritten in PowerShell's language.

    by ShiftNick at 2013-04-25 07:23:19

    I can definitely use the AD cmdlets if that's a more effective way to get the results I need.

    by DonJ at 2013-04-25 09:19:15

    I think it would be. The New-ADUser and Set-ADUser commands would do exactly what you're after in a much less programmatic fashion.

    by ShiftNick at 2013-04-25 10:31:19

    I'm trying this now;

    Import-Module ActiveDirectory
    $Users = Import-Csv -Delimiter "," -Path ".\userlist.csv"
    foreach ($User in $Users)
    {

    < #define the OU the users will be added to, dont forget to change the domain to your domains DN#>

    $OU = $User.OrgU +",DC=edgetest,DC=local"

    < # Set variables for user #>

    $Password = $Edge123
    $Detailedname = $User.firstname + " " + $User.lastname
    $UserFirstname = $User.Firstname

    < # the next 2 lines sets the username variable to be the first letter the persons firstname
    followed by the lastname #>

    $FirstLetterFirstname = $UserFirstname.substring(0,1)
    $SAM = $FirstLetterFirstname + $User.lastname

    New-ADUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName
    $Detailedname -GivenName $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled
    $true -ChangePasswordAtLogon $true -Path $OU
    }

    and the following error is being returned.

    New-ADUser : Directory object not found
    At C:\scripts\NewUserImportScript.ps1:29 char:11
    + New-ADUser < <<< -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -G
    me $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled $true -ChangePasswordAtLogon $true
    $OU
    + CategoryInfo : ObjectNotFound: (CN=John Smith21...getest,DC=local:String) [New-ADUser], ADIdentity
    undException
    + FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    This is the info from the CSV file.

    FirstName,LastName,OrgU
    John,Smith21,OU=Users
    John,Smith22,OU=Users
    John,Smith23,OU=Users
    John,Smith24,OU=Users
    John,Smith25,OU=Users
    John,Smith26,OU=Users
    John,Smith27,OU=Users
    John,Smith28,OU=Users
    John,Smith29,OU=Users
    John,Smith30,OU=Users

    by DonJ at 2013-04-25 10:45:50

    "users" is not an OU. It's a container; CN=users.

    Try running the command manually, using example values, first. It's a ton easier to debug that way. Once it's working you can put it into a script.

    by ShiftNick at 2013-04-26 06:46:55

    It looks like New-ADUser is not a recognized cmdlet. That doesn't seem right. Is there some add-on that I still need to install?

    by DonJ at 2013-04-26 06:51:12

    Yes, the ActiveDirectory module. In v2, you have to manually load it by using "Import-Module ActiveDirectory" and note that the module isn't native to Windows. It is in both the Windows 7 and Windows 8 RSAT downloads. It requires a Win2008R2 or later domain controller; or a Win2003-Win2008 DC on which you've installed the free Microsoft AD Management Gateway service (that's what the commands talk to).

    by ShiftNick at 2013-04-26 06:58:06

    OK, I have RSAT installed, just didn't realize i had to manually load the module. Thanks!

    by DonJ at 2013-04-26 07:01:26

    My fault. I'm completely used to v3, where you don't.

    by ShiftNick at 2013-04-26 07:40:37

    I got it working and thanks so much for your help!

    Any other benefits in upgrading to v3 other than not having to load the modules?

    by DonJ at 2013-04-26 07:47:29

    A substantial number of benefits, yes.

You must be logged in to reply to this topic.