by ShiftNick at 2013-04-24 13:00:10
Hello,by DonJ at 2013-04-25 07:14:24
I’m working on a script that will create the new users, set a temporary password and then require the users to change the password at the next logon. I can get everything to work expect the password change. Below is the script I’m running. I’m very new at this and this is a script I copied and changed what I needed to. My experience is limited at this point.
Any assistance would be appreciated.$objOU=[ADSI]“LDAP://OU=Office,OU=Toronto,DC=DomainName,DC=localâ€
$dataSource=import-csv “userlist.csvâ€
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ††+ $dataRecord.LastName
$sAMAccountName=$dataRecord.FirstInitial + $dataRecord.LastName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName
$sAMAccountName=$sAMAccountName.ToLower()
$displayName=$givenName + “ †+ $sn
$userPrincipalName=$sAMAccountName + “@edgetest.localâ€
$objUser=$objOU.Create(“userâ€,â€CN=â€+$cn)
$objUser.Put(“sAMAccountNameâ€,$sAMAccountName)
$objUser.Put(“userPrincipalNameâ€,$userPrincipalName)
$objUser.Put(“displayNameâ€,$displayName)
$objUser.Put(“givenNameâ€,$givenName)
$objUser.Put(“snâ€,$sn)
$objUser.SetInfo()
$objUser.SetPassword(“Passwordâ€)
$objUser.psbase.InvokeSet(“AccountDisabledâ€,$false)
$objUser.psbase.InvokeSet("pwdLastSet",$0)
$objUser.SetInfo()
}
Are you able to use the Microsoft AD cmdlets to do this? Or the Quest ones? The cmdlets would be a lot easier - what you’ve got is basically a VBScript rewritten in PowerShell’s language.by ShiftNick at 2013-04-25 07:23:19
I can definitely use the AD cmdlets if that’s a more effective way to get the results I need.by DonJ at 2013-04-25 09:19:15
I think it would be. The New-ADUser and Set-ADUser commands would do exactly what you’re after in a much less programmatic fashion.by ShiftNick at 2013-04-25 10:31:19
I’m trying this now;by DonJ at 2013-04-25 10:45:50Import-Module ActiveDirectory
$Users = Import-Csv -Delimiter "," -Path ".\userlist.csv"
foreach ($User in $Users)
{
<#define the OU the users will be added to, dont forget to change the domain to your domains DN#>
$OU = $User.OrgU +",DC=edgetest,DC=local"
<# Set variables for user #>
$Password = $Edge123
$Detailedname = $User.firstname + " " + $User.lastname
$UserFirstname = $User.Firstname
<# the next 2 lines sets the username variable to be the first letter the persons firstname
followed by the lastname #>
$FirstLetterFirstname = $UserFirstname.substring(0,1)
$SAM = $FirstLetterFirstname + $User.lastname
New-ADUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName
$Detailedname -GivenName $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled
$true -ChangePasswordAtLogon $true -Path $OU
}
and the following error is being returned.
New-ADUser : Directory object not found
At C:\scripts\NewUserImportScript.ps1:29 char:11
+ New-ADUser <<<< -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -G
me $user.firstname -Surname $user.lastname -AccountPassword $Password -Enabled $true -ChangePasswordAtLogon $true
$OU
+ CategoryInfo : ObjectNotFound: (CN=John Smith21…getest,DC=local:String) [New-ADUser], ADIdentity
undException
+ FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.NewADUser
This is the info from the CSV file.
FirstName,LastName,OrgU
John,Smith21,OU=Users
John,Smith22,OU=Users
John,Smith23,OU=Users
John,Smith24,OU=Users
John,Smith25,OU=Users
John,Smith26,OU=Users
John,Smith27,OU=Users
John,Smith28,OU=Users
John,Smith29,OU=Users
John,Smith30,OU=Users
"users" is not an OU. It’s a container; CN=users.by ShiftNick at 2013-04-26 06:46:55
Try running the command manually, using example values, first. It’s a ton easier to debug that way. Once it’s working you can put it into a script.
It looks like New-ADUser is not a recognized cmdlet. That doesn’t seem right. Is there some add-on that I still need to install?by DonJ at 2013-04-26 06:51:12
Yes, the ActiveDirectory module. In v2, you have to manually load it by using "Import-Module ActiveDirectory" and note that the module isn’t native to Windows. It is in both the Windows 7 and Windows 8 RSAT downloads. It requires a Win2008R2 or later domain controller; or a Win2003-Win2008 DC on which you’ve installed the free Microsoft AD Management Gateway service (that’s what the commands talk to).by ShiftNick at 2013-04-26 06:58:06
OK, I have RSAT installed, just didn’t realize i had to manually load the module. Thanks!by DonJ at 2013-04-26 07:01:26
My fault. I’m completely used to v3, where you don’t.by ShiftNick at 2013-04-26 07:40:37
I got it working and thanks so much for your help!by DonJ at 2013-04-26 07:47:29
Any other benefits in upgrading to v3 other than not having to load the modules?
A substantial number of benefits, yes.