Author Posts

January 1, 2012 at 12:00 am

by ShiftNick at 2013-04-24 13:00:10

Hello,

I'm working on a script that will create the new users, set a temporary password and then require the users to change the password at the next logon. I can get everything to work expect the password change. Below is the script I'm running. I'm very new at this and this is a script I copied and changed what I needed to. My experience is limited at this point.

Any assistance would be appreciated.

$objOU=[ADSI]“LDAP://OU=Office,OU=Toronto,DC=DomainName,DC=local”
$dataSource=import-csv “userlist.csv”
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
$sAMAccountName=$dataRecord.FirstInitial + $dataRecord.LastName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName
$sAMAccountName=$sAMAccountName.ToLower()
$displayName=$givenName + “ ” + $sn
$userPrincipalName=$sAMAccountName + “@edgetest.local”
$objUser=$objOU.Create(“user”,”CN=”+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
$objUser.SetInfo()
$objUser.SetPassword(“Password”)
$objUser.psbase.InvokeSet(“AccountDisabled”,$false)
$objUser.psbase.InvokeSet("pwdLastSet",$0)
$objUser.SetInfo()
}

by DonJ at 2013-04-25 07:14:24

Are you able to use the Microsoft AD cmdlets to do this? Or the Quest ones? The cmdlets would be a lot easier – what you've got is basically a VBScript rewritten in PowerShell's language.

by ShiftNick at 2013-04-25 07:23:19

I can definitely use the AD cmdlets if that's a more effective way to get the results I need.

by DonJ at 2013-04-25 09:19:15

I think it would be. The New-ADUser and Set-ADUser commands would do exactly what you're after in a much less programmatic fashion.

by ShiftNick at 2013-04-25 10:31:19

I'm trying this now;

Import-Module ActiveDirectory
$Users = Import-Csv -Delimiter "," -Path ".\userlist.csv"
foreach ($User in $Users)
{

< #define the OU the users will be added to, dont forget to change the domain to your domains DN#>

$OU = $User.OrgU +",DC=edgetest,DC=local"

< # Set variables for user #>

$Password = $Edge123
$Detailedname = $User.firstname + " " + $User.lastname
$UserFirstname = $User.Firstname

< # the next 2 lines sets the username variable to be the first letter the persons firstname
followed by the lastname #>

$FirstLetterFirstname = $UserFirstname.substring(0,1)
$SAM = $FirstLetterFirstname + $User.lastname

New-ADUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName
$Detailedname -GivenName $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled
$true -ChangePasswordAtLogon $true -Path $OU
}

and the following error is being returned.

New-ADUser : Directory object not found
At C:\scripts\NewUserImportScript.ps1:29 char:11
+ New-ADUser < <<< -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -G
me $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled $true -ChangePasswordAtLogon $true
$OU
+ CategoryInfo : ObjectNotFound: (CN=John Smith21...getest,DC=local:String) [New-ADUser], ADIdentity
undException
+ FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.NewADUser

This is the info from the CSV file.

FirstName,LastName,OrgU
John,Smith21,OU=Users
John,Smith22,OU=Users
John,Smith23,OU=Users
John,Smith24,OU=Users
John,Smith25,OU=Users
John,Smith26,OU=Users
John,Smith27,OU=Users
John,Smith28,OU=Users
John,Smith29,OU=Users
John,Smith30,OU=Users

by DonJ at 2013-04-25 10:45:50

"users" is not an OU. It's a container; CN=users.

Try running the command manually, using example values, first. It's a ton easier to debug that way. Once it's working you can put it into a script.

by ShiftNick at 2013-04-26 06:46:55

It looks like New-ADUser is not a recognized cmdlet. That doesn't seem right. Is there some add-on that I still need to install?

by DonJ at 2013-04-26 06:51:12

Yes, the ActiveDirectory module. In v2, you have to manually load it by using "Import-Module ActiveDirectory" and note that the module isn't native to Windows. It is in both the Windows 7 and Windows 8 RSAT downloads. It requires a Win2008R2 or later domain controller; or a Win2003-Win2008 DC on which you've installed the free Microsoft AD Management Gateway service (that's what the commands talk to).

by ShiftNick at 2013-04-26 06:58:06

OK, I have RSAT installed, just didn't realize i had to manually load the module. Thanks!

by DonJ at 2013-04-26 07:01:26

My fault. I'm completely used to v3, where you don't.

by ShiftNick at 2013-04-26 07:40:37

I got it working and thanks so much for your help!

Any other benefits in upgrading to v3 other than not having to load the modules?

by DonJ at 2013-04-26 07:47:29

A substantial number of benefits, yes.