Create Users & require password change at next logon script

by ShiftNick at 2013-04-24 13:00:10

Hello,

I’m working on a script that will create the new users, set a temporary password and then require the users to change the password at the next logon. I can get everything to work expect the password change. Below is the script I’m running. I’m very new at this and this is a script I copied and changed what I needed to. My experience is limited at this point.

Any assistance would be appreciated.

$objOU=[ADSI]“LDAP://OU=Office,OU=Toronto,DC=DomainName,DC=local”
$dataSource=import-csv “userlist.csv”
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
$sAMAccountName=$dataRecord.FirstInitial + $dataRecord.LastName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName
$sAMAccountName=$sAMAccountName.ToLower()
$displayName=$givenName + “ ” + $sn
$userPrincipalName=$sAMAccountName + “@edgetest.local”
$objUser=$objOU.Create(“user”,”CN=”+$cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
$objUser.SetInfo()
$objUser.SetPassword(“Password”)
$objUser.psbase.InvokeSet(“AccountDisabled”,$false)
$objUser.psbase.InvokeSet("pwdLastSet",$0)
$objUser.SetInfo()
}
by DonJ at 2013-04-25 07:14:24
Are you able to use the Microsoft AD cmdlets to do this? Or the Quest ones? The cmdlets would be a lot easier - what you’ve got is basically a VBScript rewritten in PowerShell’s language.
by ShiftNick at 2013-04-25 07:23:19
I can definitely use the AD cmdlets if that’s a more effective way to get the results I need.
by DonJ at 2013-04-25 09:19:15
I think it would be. The New-ADUser and Set-ADUser commands would do exactly what you’re after in a much less programmatic fashion.
by ShiftNick at 2013-04-25 10:31:19
I’m trying this now;

Import-Module ActiveDirectory
$Users = Import-Csv -Delimiter "," -Path ".\userlist.csv"
foreach ($User in $Users)
{

<#define the OU the users will be added to, dont forget to change the domain to your domains DN#>

$OU = $User.OrgU +",DC=edgetest,DC=local"

<# Set variables for user #>

$Password = $Edge123
$Detailedname = $User.firstname + " " + $User.lastname
$UserFirstname = $User.Firstname

<# the next 2 lines sets the username variable to be the first letter the persons firstname
followed by the lastname #>

$FirstLetterFirstname = $UserFirstname.substring(0,1)
$SAM = $FirstLetterFirstname + $User.lastname

New-ADUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName
$Detailedname -GivenName $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled
$true -ChangePasswordAtLogon $true -Path $OU
}


and the following error is being returned.

New-ADUser : Directory object not found
At C:\scripts\NewUserImportScript.ps1:29 char:11
+ New-ADUser <<<< -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -G
me $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled $true -ChangePasswordAtLogon $true
$OU
+ CategoryInfo : ObjectNotFound: (CN=John Smith21…getest,DC=local:String) [New-ADUser], ADIdentity
undException
+ FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.NewADUser


This is the info from the CSV file.

FirstName,LastName,OrgU
John,Smith21,OU=Users
John,Smith22,OU=Users
John,Smith23,OU=Users
John,Smith24,OU=Users
John,Smith25,OU=Users
John,Smith26,OU=Users
John,Smith27,OU=Users
John,Smith28,OU=Users
John,Smith29,OU=Users
John,Smith30,OU=Users
by DonJ at 2013-04-25 10:45:50
"users" is not an OU. It’s a container; CN=users.

Try running the command manually, using example values, first. It’s a ton easier to debug that way. Once it’s working you can put it into a script.
by ShiftNick at 2013-04-26 06:46:55
It looks like New-ADUser is not a recognized cmdlet. That doesn’t seem right. Is there some add-on that I still need to install?
by DonJ at 2013-04-26 06:51:12
Yes, the ActiveDirectory module. In v2, you have to manually load it by using "Import-Module ActiveDirectory" and note that the module isn’t native to Windows. It is in both the Windows 7 and Windows 8 RSAT downloads. It requires a Win2008R2 or later domain controller; or a Win2003-Win2008 DC on which you’ve installed the free Microsoft AD Management Gateway service (that’s what the commands talk to).
by ShiftNick at 2013-04-26 06:58:06
OK, I have RSAT installed, just didn’t realize i had to manually load the module. Thanks!
by DonJ at 2013-04-26 07:01:26
My fault. I’m completely used to v3, where you don’t.
by ShiftNick at 2013-04-26 07:40:37
I got it working and thanks so much for your help!

Any other benefits in upgrading to v3 other than not having to load the modules?
by DonJ at 2013-04-26 07:47:29
A substantial number of benefits, yes.