by morpheus83uk at 2012-11-29 06:08:28
Hello,by DonJ at 2012-11-29 07:44:08
I have a function which checks if a user exists which is:
Function CheckUserExistance {
if(Get-QADUser -Identity $Global:DUser) {
$prompt = "This User Already Exists, Please Choose Another Name."
$title = "Error"
Add-Type -AssemblyName microsoft.visualbasic
$popup = [Microsoft.VisualBasic.interaction]::MsgBox($prompt,‘OkOnly,Critical’, $title)
if ($popup -eq "Ok"){
$prompt = "Please Enter The Name To Create (All Lowercase e.g john.smith):"
$title = "User To Create"
Add-Type -AssemblyName microsoft.visualbasic
$Global:DUser = [Microsoft.VisualBasic.interaction]::inputbox($prompt,$title)
if ($Global:DUser -eq ""){exit}
}
}
}
Now if I have a user which is called john smithaf created in AD and I want to create another user called john smith the above funtion says the user already exists.
Is there a way of getting around this so I can create the john smith user?
Many Thanks
James
As a hint, you can use the Code and PowerShell buttons in the toolbar to get your code to format nicely here.by Benduru at 2012-11-30 03:00:47
Also note that it’s a pretty poor practice for a function to rely on a global variable as you’ve done. It’s a lot better to use a parameter:
function Test-ADUser {
param([string]$Identity)
if (Get-QADUser -Identity $identity) {
# continue...
Using $Identity within your function instead of $global:DUser. You’d call this function like this:
if (Test-ADUser -Identity $DUser) {
# and so on...
From your main script or from the shell.
Now for what you actually asked about :). Just to make sure I’m reading this right, and not seeing a typo, you’re checking on a user named "john smith" and it’s telling you it exists, but what really exists is a user named "john smithaf" is that correct?
Hi,by morpheus83uk at 2012-11-30 06:00:08
Quest AD module use wildcards in search. it’s strange that your function return all john.smith*.
Are you sure the variable $DUser is correctly setted ?
Regards,
Thank you for the help on thatby DonJ at 2012-11-30 06:50:19
Yes that is correct the john smithaf exists which when I do the command in a shell window it returns the john smithaf user when I put in:
get-qaduser -identity "john smith"
It pulls it up as it matches…
Is there anything I can do about this?
Many Thanks
James
Nope. That’s the way the command works. You might ask on PowerGUI.org and see if anyone from Quest is still answering questions, but I’m not sure if those commands are even under active development any more or not.by robertskinner at 2012-11-30 06:52:15
You are matching on a wild card in the identity field. What are you using for the username naming convention? If you look at the properties of the account (you can do this with the standard AD Powershell tools also). You can compare values on GivenName, Name, UPN, CN, DN. That is assuming you are giving users login names such as firstname.lastname. I am a number for logon, but when you search for my name, you would get other similar names in our system. In order to prevent this, several of my scripts use the above values for validating users and I concentrate on the DN. So I have a validation in place that is either automatic, or asks for a user response.by DonJ at 2012-11-30 06:57:39
If you use the regular AD tools you can get a list of the properties by doing ‘get-aduser 123456 -properties *’
I do not have the quest tools in front of me at this moment to give you the similar command.
Another approach is to assume you’re doing a wildcard match (which you are). In your script, simply getting back a user object doesn’t mean you’ve found a match - you’ll have to take the additional step of comparing it to what you’re looking for to see if it’s the user you care about. It’ll just mean a few additional lines of code.by RichardSiddaway at 2012-11-30 08:01:49
The quest AD cmdlets use ANR - Ambiguous Name Resolution - when they search. This means that if you useby RichardSiddaway at 2012-11-30 09:49:10
get-qaduser "John Smith"
You will get
"John Smith"
"John Smith2"
"John Smithson"
etc etc etc
Either use a unique identifier such as the samaccountName or try using the -LDAPFilter parameter
I’ve posted some examples of using LDAP filters with the Quest cmdlets hereby morpheus83uk at 2012-12-03 01:31:27
http://msmvps.com/blogs/richardsiddaway … tence.aspx
Hello,by RichardSiddaway at 2012-12-03 07:06:55
Thank you for that it appears to work however the only snag I have is that I would need to do this based on a variable? I have tried a few different things but cant seem to get it working with a variable.
Does anyone know how I do that?
Many Thanks
James
can you post the code you are trying to useby morpheus83uk at 2012-12-10 03:31:45
Does anyone have any ideas or suggestions as I cant seem to figure it out?by morpheus83uk at 2012-12-10 03:33:41
Many Thanks
James
Sorry I have only just seen your reply about posting the code I am using!by RichardSiddaway at 2012-12-10 10:12:50
Here it is:
$User = "User Name"
Get-QADUser -LdapFilter ‘(name=$User)’
That is what I am trying to achieve as the user can change dependant so cant be hard coded.
Many Thanks
James
Do you just have the user name - could you test on a combination of firstname and lastname which might cut the ambiguity a bit.by morpheus83uk at 2012-12-11 02:47:48
using the Quest cmdlets you are always going to have this problem because of the way they use ANR
Yes we will only have the users name which contains the first and surnameby RichardSiddaway at 2012-12-11 03:20:57
So there is no way around it using quest including the ldap filter?
Many Thanks
James
What are you trying to do with a variable? can you post the code?by morpheus83uk at 2012-12-11 07:37:28
The variable is being populated from an input box from the user. So who ever is doing user admin types the persons name into a box which populates the variable…
Then it gets checked against AD and here lies the problem…
Does this make sense?
Many Thanks
James