Author Posts

October 16, 2015 at 12:05 am

Hi Scripting people,
I'm really starting to learn Powershell, and I really love it.
Now I wan't to create a script that can create users in AD, with special parameters, and create the user in the right OU, that the user gets prompted when running the script.

Here is the script, I have created, but it needs some love 🙂
As this is my first script, please be nice 😀
I wan't to expand my skills and advance my job opportunity.
I currently work at survelliance for big company.
THANK YOU GUYS!

################################################################
# AUTHOR : Nicolai Magnussen – Overvaaking – ekstern – Adecco
# DATE : 16.10.2015
# COMMENT : Dette scriptet lager AD brukere, og promter for input
################################################################

#———————————————————-
$Password = (convertto-securestring -asplaintext "Sommer2015" -force)
$Fornavn = Read-Host 'Tast inn fornavnet'
$Etternavn = Read-Host 'Tast inn etter navnet'
$User = Read-Host 'Tast inn brukernavn med domene, eksempel – ajones@steria.no'
$Email = Read-Host 'Tast inn E-mail adresse'
$Displayname = Read-host 'tast inn fornavn og etternavn'
#———————————————————-
#STATIC VARIABLES
#———————————————————-

new-aduser –name $Fornavn -UserPrincipalName $User –samaccountname $User -EmailAddress $Email –givenName $Fornavn –surname $Etternavn –displayname “$Displayname” -accountpassword $password -changepasswordatlogon $true –enabled $true-Path Ad:\"DC=Practicelabs,DC=com" -Recurce -path "CN=Test,OU,DC=practicelabs,DC=com"

October 16, 2015 at 6:41 am

Hi Nicolai

Welcome to the wonderful world of PowerShell, I'm sure it will bring your lots of joy.

By default the New-ADUser Cmdlet will create the user under the 'Users' container in your AD (CN=Users,DC=practicelabs,DC=com).
If you want to create the user under a specific Organizational Unit, you must specify the X.500 path of that OU (right-click the OU in AD Users and Computers, open the Attribute Editor tab, and check the distinguishedName attribute to get the exact path)

As an example, if you wanted to create a user in an OU with the path practicelabs.com/SiteName/Users, you would enter it as 'OU=Users,OU=SiteName,DC=practicelabs,DC=com'.

Also, you have entered the path parameter twice which will lead to errors, but that is probably just a copy/paste error.

You could reduce the input required by when running the script, by reusing the content of $Fornavn and $Etternavn to generate $DisplayName withouth prompting for input.
You could also increase the readability of the script by creating a $Parameters variable and using 'splatting' when calling the New-ADUser commandlet.

I have done a bit of tidying of your script here:

# Prompt for input
$Fornavn     = Read-Host 'Tast inn fornavnet'
$Etternavn   = Read-Host 'Tast inn etter navnet'
$User        = Read-Host 'Tast inn brukernavn med domene, eksempel – ajones@steria.no'
$Email       = Read-Host 'Tast inn E-mail adresse'


# Set additional variables
$Password    = (ConvertTo-SecureString -AsPlainText 'Sommer2015' -Force)
$DisplayName = "$Fornavn $Etternavn"
$OUPath      = 'OU=Users,OU=SiteName,DC=practicelabs,DC=com'


# Create a hash table with parameters, used to "Splat" parameters to the New-ADUser Cmdlet
$Parameters = @{
    'SamAccountName'        = $User
    'UserPrincipalName'     = $User 
    'Name'                  = $Fornavn
    'EmailAddress'          = $Email 
    'GivenName'             = $Fornavn 
    'Surname'               = $Etternavn 
    'DisplayName'           = “$Displayname” 
    'AccountPassword'       = $password 
    'ChangePasswordAtLogon' = $true 
    'Enabled'               = $true 
    'Path'                  = $OUPath
}

# Call New-ADUser with the parameters set above
New-ADUser @Parameters

The next things you might want to look into could be input validation (ensure that values entered are not blank), check for existing users before trying to create an account, error handling etc. But I will leave that up to your for now.

By the way ... always be carefull not to post sensitive data such as passwords (even if it is temporary) and domain names to online forums etc.

October 18, 2015 at 2:38 pm

Hi Christian

First i want to say, that I feel privileged to receive such a thorough explanation of the script
I could not have had a nicer welcome.
THANKS

I also now see, that it is very much fine adjustments you can do with PowerShell , so the script is more readable for others, and looks more professional and better.

I have not tested the script yet, but I'll do that, and will come back to you with some feedback .

You are absolutely correct when pointing out that I should not post personal information, passwords etc.
But in this case, this is just random text, but thanks for pointing that out.
I can also see that you use this things { but the script works without it?

I see that I have much to learn. But I'm looking forward to it.
Again thank you
Also my motherlanguage is norwegian, so sorry if I have some typos, or poor sentence structure.

Best regards
Nicolai Humble Nube.

December 31, 2015 at 1:10 am

Hey guys,
I am new to power-shell and also diving into creating user accounts for the first time. For testing purposes I have been using the script posted by Christian. It works great the only problem is when a user is created the way the name displays in "Active Directory Users and Computers" is incorrect. For example if I create a user named "Max Keller" it displays on the list as "Max." If you go into the properties of the user, the first and last name are correct and so is the display name but the way the name appears on the list is it only shows the first name. Not sure if this is by design when creating users through power-shell but when creating a user by right clicking on the OU it appears just fine. Please let me know if you have any suggestion. Thank you

January 4, 2016 at 8:02 am

In answer to the question by sysDarkside,

There is two separate attributes for an active directory user account.
displayname is the display name listed on the general tab of the user account.
CN is the name given to the object when you view the list of user accounts within active directory.

There is no direct link between the two.
Hope this helps.

Karl