Creating AD user, my first script ever

This topic contains 4 replies, has 4 voices, and was last updated by Profile photo of Karl Forster Karl Forster 1 year, 6 months ago.

  • Author
    Posts
  • #30901
    Profile photo of Nicolai Magnussen
    Nicolai Magnussen
    Participant

    Hi Scripting people,
    I'm really starting to learn Powershell, and I really love it.
    Now I wan't to create a script that can create users in AD, with special parameters, and create the user in the right OU, that the user gets prompted when running the script.

    Here is the script, I have created, but it needs some love 🙂
    As this is my first script, please be nice 😀
    I wan't to expand my skills and advance my job opportunity.
    I currently work at survelliance for big company.
    THANK YOU GUYS!

    ################################################################
    # AUTHOR : Nicolai Magnussen – Overvaaking – ekstern – Adecco
    # DATE : 16.10.2015
    # COMMENT : Dette scriptet lager AD brukere, og promter for input
    ################################################################

    #———————————————————-
    $Password = (convertto-securestring -asplaintext "Sommer2015" -force)
    $Fornavn = Read-Host 'Tast inn fornavnet'
    $Etternavn = Read-Host 'Tast inn etter navnet'
    $User = Read-Host 'Tast inn brukernavn med domene, eksempel – ajones@steria.no'
    $Email = Read-Host 'Tast inn E-mail adresse'
    $Displayname = Read-host 'tast inn fornavn og etternavn'
    #———————————————————-
    #STATIC VARIABLES
    #———————————————————-

    new-aduser –name $Fornavn -UserPrincipalName $User –samaccountname $User -EmailAddress $Email –givenName $Fornavn –surname $Etternavn –displayname “$Displayname” -accountpassword $password -changepasswordatlogon $true –enabled $true-Path Ad:\"DC=Practicelabs,DC=com" -Recurce -path "CN=Test,OU,DC=practicelabs,DC=com"

  • #30924
    Profile photo of Christian Sandfeld
    Christian Sandfeld
    Participant

    Hi Nicolai

    Welcome to the wonderful world of PowerShell, I'm sure it will bring your lots of joy.

    By default the New-ADUser Cmdlet will create the user under the 'Users' container in your AD (CN=Users,DC=practicelabs,DC=com).
    If you want to create the user under a specific Organizational Unit, you must specify the X.500 path of that OU (right-click the OU in AD Users and Computers, open the Attribute Editor tab, and check the distinguishedName attribute to get the exact path)

    As an example, if you wanted to create a user in an OU with the path practicelabs.com/SiteName/Users, you would enter it as 'OU=Users,OU=SiteName,DC=practicelabs,DC=com'.

    Also, you have entered the path parameter twice which will lead to errors, but that is probably just a copy/paste error.

    You could reduce the input required by when running the script, by reusing the content of $Fornavn and $Etternavn to generate $DisplayName withouth prompting for input.
    You could also increase the readability of the script by creating a $Parameters variable and using 'splatting' when calling the New-ADUser commandlet.

    I have done a bit of tidying of your script here:

    # Prompt for input
    $Fornavn     = Read-Host 'Tast inn fornavnet'
    $Etternavn   = Read-Host 'Tast inn etter navnet'
    $User        = Read-Host 'Tast inn brukernavn med domene, eksempel – ajones@steria.no'
    $Email       = Read-Host 'Tast inn E-mail adresse'
    
    
    # Set additional variables
    $Password    = (ConvertTo-SecureString -AsPlainText 'Sommer2015' -Force)
    $DisplayName = "$Fornavn $Etternavn"
    $OUPath      = 'OU=Users,OU=SiteName,DC=practicelabs,DC=com'
    
    
    # Create a hash table with parameters, used to "Splat" parameters to the New-ADUser Cmdlet
    $Parameters = @{
        'SamAccountName'        = $User
        'UserPrincipalName'     = $User 
        'Name'                  = $Fornavn
        'EmailAddress'          = $Email 
        'GivenName'             = $Fornavn 
        'Surname'               = $Etternavn 
        'DisplayName'           = “$Displayname” 
        'AccountPassword'       = $password 
        'ChangePasswordAtLogon' = $true 
        'Enabled'               = $true 
        'Path'                  = $OUPath
    }
    
    # Call New-ADUser with the parameters set above
    New-ADUser @Parameters
    

    The next things you might want to look into could be input validation (ensure that values entered are not blank), check for existing users before trying to create an account, error handling etc. But I will leave that up to your for now.

    By the way ... always be carefull not to post sensitive data such as passwords (even if it is temporary) and domain names to online forums etc.

  • #30997
    Profile photo of Nicolai Magnussen
    Nicolai Magnussen
    Participant

    Hi Christian

    First i want to say, that I feel privileged to receive such a thorough explanation of the script
    I could not have had a nicer welcome.
    THANKS

    I also now see, that it is very much fine adjustments you can do with PowerShell , so the script is more readable for others, and looks more professional and better.

    I have not tested the script yet, but I'll do that, and will come back to you with some feedback .

    You are absolutely correct when pointing out that I should not post personal information, passwords etc.
    But in this case, this is just random text, but thanks for pointing that out.
    I can also see that you use this things { but the script works without it?

    I see that I have much to learn. But I'm looking forward to it.
    Again thank you
    Also my motherlanguage is norwegian, so sorry if I have some typos, or poor sentence structure.

    Best regards
    Nicolai Humble Nube.

  • #33396
    Profile photo of sysDarkside
    sysDarkside
    Participant

    Hey guys,
    I am new to power-shell and also diving into creating user accounts for the first time. For testing purposes I have been using the script posted by Christian. It works great the only problem is when a user is created the way the name displays in "Active Directory Users and Computers" is incorrect. For example if I create a user named "Max Keller" it displays on the list as "Max." If you go into the properties of the user, the first and last name are correct and so is the display name but the way the name appears on the list is it only shows the first name. Not sure if this is by design when creating users through power-shell but when creating a user by right clicking on the OU it appears just fine. Please let me know if you have any suggestion. Thank you

  • #33442
    Profile photo of Karl Forster
    Karl Forster
    Participant

    In answer to the question by sysDarkside,

    There is two separate attributes for an active directory user account.
    displayname is the display name listed on the general tab of the user account.
    CN is the name given to the object when you view the list of user accounts within active directory.

    There is no direct link between the two.
    Hope this helps.

    Karl

You must be logged in to reply to this topic.