New-ADUser question

This topic contains 17 replies, has 5 voices, and was last updated by  Tony Antony 1 year ago.

  • Author
    Posts
  • #57734

    Tony Antony
    Participant

    Hello,

    I have a script that creates new AD User. But, when I open the account in AD, and go to the "Account" tab, I can see the "User logon name" is correct, but there's a drop down menu to the right of it where it's blank.

    I want it to say "@domain_name.com", how would I do that?

    Thank you,

    Tony

  • #57739

    Tony Antony
    Participant

    One more question,

    so my user's account name is bbobertson.

    When I search AD for bbobertson, it displays bbobertson, how would I make it display Bob Bobertson?

    • #57755

      Olaf Soyk
      Participant

      For your 1st question: you may show your script. Maybe there is something missing.
      For your 2nd question – try this:

      Get-ADUser -Identity bbobertson | Select-Object -ExpandProperty DisplayName
  • #57761

    Tony Antony
    Participant

    Thank you,

    
    $Sam_Account_Name = "bbobertson"
    $Employee_Names = "Bob Bobertson"
    
    New-ADUser $Sam_Account_Name -Title $Job_Title -GivenName $First_Name -Surname $Last_Name -DisplayName $Employee_Names -SamAccountName $Sam_Account_Name -UserPrincipalName $Sam_Account_Name -AccountPassword $AccountPassword -Enabled $true -ChangePasswordAtLogon $true
    Set-ADUser $Sam_Account_Name -EmailAddress $Sam_Account_Name"@company.com" -Description $Description -Office $Office -OfficePhone $OfficePhone -StreetAddress $StreetAddress -City $City -State $State -PostalCode $Zipcode -Fax $Fax -Department $Department -Company $Company -Manager $Manager -HomeDrive 'H:' -HomeDirectory $HomeDirectory
    • #57767

      Olaf Soyk
      Participant

      If I'm not wrong you cannot use the sAMAccaountName as the UserPrincipalName. Here you can see the naming restrictions for the UPN: User Naming Attributes. It has to have a 'prefix' and a 'suffix'

  • #57772

    Tony Antony
    Participant

    I have "Bob Bobertson" as the UserPrincipalName, and when I run

    Get-ADUser bboberson | select-object UserPrincipalName

    , I can see it says Bob Boberson

    Still, when I search AD for Bob Boberston, it's displaying as bbobertson

  • #57773

    Richard Siddaway
    Moderator

    You need to set the Name to be Bob Boberson

    Add
    -Name "$first_name $last_name"

    to the New-ADUser statement

    Your UPN is also wrong it should something like

    -UserPrincipalName "$Sam_Account_Name@domain.com"

  • #57785

    Tony Antony
    Participant

    Thank you,

    I have the UPN, and it's applying it to the domain.

    I tried -Name "$First_Name $Last_Name", but it's showing the message below.

    Set-ADUser : A parameter cannot be found that matches parameter name 'Name'.

  • #57787

    Rob Simmers
    Participant

    Some other tips. You should consider using splatting and need to add basic error handling:

    $newUsrParams = @{
        Name = ("{0} {1}" -f $First_Name, $Last_Name)
        Title = $Job_Title 
        GivenName =$First_Name 
        Surname = $Last_Name 
        DisplayName = $Employee_Names 
        SamAccountName = $Sam_Account_Name 
        UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name 
        AccountPassword = $AccountPassword 
        Enabled = $true 
        ChangePasswordAtLogon = $true
        ErrorAction = "Stop"
    }
    
    
    try {
        New-ADUser @newUserParams
    }
    catch {
        "There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
    }
    
  • #57788

    Tony Antony
    Participant

    Thank you Rob, I'm new to powershell, I should really sit down and learn it. I'm just using Google, YouTube, and this forum for now.

    • #57802

      Olaf Soyk
      Participant

      Well ... Google and Youtube are not the worst places to start but maybe you should do it with a little structure. Here you can find some great places to start:

      Beginner Sites And Tutorials

  • #57794

    Tony Antony
    Participant

    I did the splatting and try & catch, but now getting this, not sure what I'm doing wrong.

    There was an issue creating BobB. The name provided is not a properly formed account name

    $New_User_Info = @{
    
                Name = ("{0} {1}" -f $First_Name, $Last_Name)
                SamAccountName = $Sam_Account_Name 
                Title = $Job_Title 
                GivenName = $First_Name 
                Surname  = $Last_Name 
                DisplayName = $Employee_Names 
                UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name
                AccountPassword = $AccountPassword 
                Enabled = $true 
                ChangePasswordAtLogon = $true
                EmailAddress = "$Sam_Account_Name@mycompany.com" 
                Description = $Description 
                Office = $Office 
                OfficePhone = $OfficePhone 
                StreetAddress = $StreetAddress 
                City = $City 
                State = $State 
                PostalCode = $Zipcode 
                Fax = $Fax
                Department = $Department
                Company = $Company
                Manager = $Manager
                HomeDrive = 'H:'
                HomeDirectory = $HomeDirectory
                }
    
                try
                {
                New-ADUser @$New_User_Info                  
                }
                catch
                {
                "There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
                }
  • #57808

    Ron
    Participant

    Have it dump $New_User_Info when you get an error. That way you can see what you tried to do and will likely lead you to your error.

  • #57812

    Tony Antony
    Participant

    Thanks, I have $New_User_Info, and it's saying this below. Everything looks correct to me, not sure why it's not creating the account now.

    There was an issue creating BobB. The name provided is not a properly formed account name

    Name Value
    —- —–
    AccountPassword System.Security.SecureString
    Description Chester
    UserPrincipalName BobB@company.com
    Name BobB
    SamAccountName BobB
    HomeDrive H:
    ErrorAction Stop
    EmailAddress BobB@company.com
    DisplayName Bob Bobertson
    Office Chester 5002
    GivenName Bob

  • #57833

    Rob Simmers
    Participant

    First, this is a big task for a first script. There are a lot of other things you'll need to check like if a user exists before you create them. If you run the following:

    Get-Help New-ADUser -Full
    

    Each command has a certain amount of parameters. If you try passing parameters the command isn't expecting, you're going to get an error. So, run the command above to see the parameters for New-ADUser and those are the only items that should be contained in the splat. If you start with this and see if the account creates successfully:

    $First_Name = "Bob"
    $Last_Name = "Bobertson"
    $Sam_Account_Name = "{0}{1}" -f $First_Name.Substring(0,1), $Last_Name
    $Friendly_Name = ("{0} {1}" -f $First_Name, $Last_Name)
    $Job_Title = "Accounting Analyst I"
    $AccountPassword = "P@ssword1" | ConvertTo-SecureString -AsPlainText -Force
    
    $newUsrParams = @{
        Name = $Friendly_Name
        Title = $Job_Title 
        GivenName =$First_Name 
        Surname = $Last_Name 
        DisplayName = $Friendly_Name 
        SamAccountName = $Sam_Account_Name 
        UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name 
        AccountPassword = $AccountPassword 
        Enabled = $true 
        ChangePasswordAtLogon = $true
        ErrorAction = "Stop"
    }
    
    
    try {
        $newUser = New-ADUser @newUsrParams
    }
    catch {
        "There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
    }
    

    Once you get that code working, then you need to add your Set-ADUser command to update additional attributes:

    $First_Name = "Bob"
    $Last_Name = "Bobertson"
    $Sam_Account_Name = "{0}{1}" -f $First_Name.Substring(0,1), $Last_Name
    $Friendly_Name = ("{0} {1}" -f $First_Name, $Last_Name)
    $Job_Title = "Accounting Analyst I"
    $AccountPassword = "P@ssword1" | ConvertTo-SecureString -AsPlainText -Force
    
    $newUsrParams = @{
        Name = $Friendly_Name
        Title = $Job_Title 
        GivenName =$First_Name 
        Surname = $Last_Name 
        DisplayName = $Friendly_Name 
        SamAccountName = $Sam_Account_Name 
        UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name 
        AccountPassword = $AccountPassword 
        Enabled = $true 
        ChangePasswordAtLogon = $true
        ErrorAction = "Stop"
    }
    
    $setUsrParams = @{
        Department = "Accounting"
        ErrorAction = "Stop"
    }
    
    try {
        $newUser = New-ADUser @newUsrParams
        try {
            $newUser | Set-ADUser $setUsrParams
        }
        catch {
            "There was an issue setting attributes on user {0}. {1}" -f $Sam_Account_Name, $_
        }
    }
    catch {
        "There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
    }
    

    Do one small chunk at a time and make sure it works before trying to set 40 attributes. Update a couple, validate it worked and then keep adding them until all attributes are updated.

  • #57838

    Tony Antony
    Participant

    Thanks again Rob. I'll try doing that.

  • #57865

    Ron
    Participant

    The data dump looks ok, but I'll echo @Rob's suggestion to trim out everything that isn't essential to creating the account. Your name/samaccountname fields look ok, but perhaps they contain leading/trailing spaces? Also, are you editing the output, or is your domain name really company.com? Make sure the upn is a proper one, again, with no extra spaces.

  • #57923

    Tony Antony
    Participant

    Thank you all,

    I have it working now. Appreciate everyone's help and hints.

You must be logged in to reply to this topic.