Author Posts

March 18, 2018 at 10:08 pm

Hi all

I am trying to create a few AD groups with PowerShell and I can't seem to escape special characters. One group I am trying to create -==My Group
I have tried "-\=\=My group" "-\`=`\=My Group" and neither seem to work, I get New-ADGroup : The name provided is not a properly formed account name error

Any help would be appreciated
Thanks
Tim

March 18, 2018 at 10:16 pm

That's... an odd name.

The backtick is PowerShell's escape character; you wouldn't use a backslash. But that's only PowerShell; there may be additional checking in the code of that command which is causing the rejection. PowerShell wouldn't normally need you to escape – or =, so it's AD most likely causing the error.

But backslashes are definitely not allowed. So they may be your problem source.

March 19, 2018 at 6:37 am

Thanks Don

I am replacing an old Small Business Server 2011 that is bad shape. I was using PowerShell to get the ADgroup listing and recreate them on the new server. I am not going to worry about creating the exact groups. Just going to replace them with something more sane.

Thanks again.
Tim

March 19, 2018 at 10:52 am

There's an IBM post that says = isn't allowed in user, group and computer names

https://www.ibm.com/support/knowledgecenter/en/SSPREK_6.1.0/com.ibm.itame.doc_6.1/am61_admin607.htm

The standard AD escape character \ doesn't work with = nor does the trick of using the ASCII code

Given the form of a distinguished name
CN=Testgroup2,OU=UserGroups,DC=Manticore,DC=org

I could understand = not being allowed

This
https://social.technet.microsoft.com/wiki/contents/articles/11216.active-directory-requirements-for-creating-objects.aspx#Group_Objects
implies that = is allowed

BUT this
https://social.technet.microsoft.com/Forums/windowsserver/en-US/2a8ae68c-02fa-4c4e-bd47-36fd934b8dd8/newaduser-the-name-provided-is-not-a-properly-formed-account-name?forum=winserverpowershell

states that = NOT allowed in AD names.

AD administrative center just fails with a = in the name

AD Users and Computers says that nay of these

/\[]:;|=,+*?" are illegal characters for the pre-Windows 2000 group name and will be replaced by a underscore _

My opinion at the moment is that you're not going to be able to create groups with = in the name