Hi all,
Do you know how I can create 2 ad users with the same first and last name?
thank you
Hi all,
Do you know how I can create 2 ad users with the same first and last name?
thank you
What is the problem youâre having?
First name (givenName
) and last name (sn
) attributes donât have to be unique within the directory. However, if youâre using them to create the sAMAccountname
which must be unique, or the cn
which must be unique within the container, then youâll need to have your creation script handle that, perhaps by appending a number or inserting an initial.
Can you share the code youâre having problems with?
I think that my problem with the CN,but it donât know how to change the CN every time
this is the script:
$s=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ex2019.alex.local/powershell
Import-PSSession -session $s -AllowClobber
$SkypeSession = New-PSSession -Credential $Credentials -ConnectionURI https://Skype-Server.alex.local/OcsPowershell
Import-PSSession $SkypeSession -AllowClobber
$ADPath = âOU=Users,OU=Alex,DC=alex,DC=localâ
$firstname = Read-Host -Prompt âEnter First Nameâ
while (!($firstname -eq ââ)){
$lastname = Read-Host -Prompt âEnter Last Nameâ
$password = Read-Host -Prompt âEnter passwordâ
$i = 1
$username = $firstName + $lastName.Substring(0,$i)
$username = $username.ToLower()
while ((Get-ADUser -filter {SamAccountName -eq $username}).SamAccountName -eq $username)
{
$username = $firstName + $lastName.Substring(0,$i++)
$username = $username.ToLower()
}
$email = $username + â@alex.localâ
New-ADUser -Name "$firstname $lastname"
-GivenName $firstname -Surname $lastname
-Displayname â$FirstName $lastnameâ -UserPrincipalName $email
-SamAccountName $username -AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force)
-Path $ADPath `
-Enabled 1
Get-User -OrganizationalUnit alex.local/alex/users -RecipientTypeDetails user | Enable-Mailbox
Get-CsAdUser -Ou âalex.local/alex/usersâ -Filter `
{Enabled -ne $false} | Enable-CsUser -RegistrarPool âSkype-Server.alex.localâ -SipAddressType SamAccountName -SipDomain âalex.localâ
Get-CsAdUser -OU âalex.local/alex/usersâ -Filter {Enabled -ne $false} | Measure-Object | FL Count
Write-Host -ForegroundColor Green âThe userâ$username" created successfully."
$firstname = Read-Host -Prompt âEnter First Nameâ
Write-verbose âWriting logsâ
$failedUsers |ForEach-Object {â$($b).) $($)â; $b++} | out-file -FilePath $LogFolder\FailedUsers.log -Force -Verbose
$successUsers | ForEach-Object {â$($a).) $($)â; $a++} | out-file -FilePath $LogFolder\successUsers.log -Force -Verbose
$su=(Get-Content â$LogFolder\successUsers.logâ).count
$fu=(Get-Content â$LogFolder\FailedUsers.logâ).count
Write-Host "$fu Users Creation Failed and " -NoNewline -ForegroundColor red
Write-Host "$su Users Successfully Created " -NoNewline -ForegroundColor green
Write-Host ââ> Launching LogsFolder have a Look and review.â -ForegroundColor Magenta
Start-Sleep -Seconds 5
Invoke-Item $LogFolder
}
Write-Host -ForegroundColor Red âDone, Thank Youâ
Firstly, when posting code in the forum, please can you use the preformatted text </> button. It really helps us with readability, and also makes testing easier as we can copy and paste your code without faffing about replacing curly quote marks to get things working.
What you need to do is test if the user account exists before creating it. If the account exists, youâll need to modify it based on your companyâs policy.
$dn = "CN=$firstname $lastname,$ADPath"
if (-not (Get-ADUser -Identity $dn)) {
Create the user...
}
else {
$name = "$firstname $initial $lastname"
Create the user...
}
You may consider creating a function to create the user to avoid duplicating code in your conditional code blocks, especially as you should really perform the same checks for the sAMAccountName
.
ok thank you but it not working.this is what it did
# Grab Variables from User
$ADPath = "OU=Users,OU=Alex,DC=alex,DC=local"
# Grab Variables from User
$firstname = Read-Host -Prompt "Enter First Name"
# Stop by empty first name
while (!($firstname -eq "")){
$lastname = Read-Host -Prompt "Enter Last Name"
$password = Read-Host -Prompt "Enter password"
$dn = "CN=$firstname $lastname,$ADPath"
if (-not (Get-ADUser -Identity $dn)) {
New-ADUser `
-Name "$firstname $lastname" `
-GivenName $firstname `
-Surname $lastname `
-Displayname "$FirstName $lastname" `
-UserPrincipalName $email `
-SamAccountName $username `
-AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) `
-Path $ADPath `
-Enabled 1
}
else {
$name = "$firstname $initial $lastname"
New-ADUser `
-Name "$firstname $lastname" `
-GivenName $firstname `
-Surname $lastname `
-Displayname "$FirstName $lastname" `
-UserPrincipalName $email `
-SamAccountName $username `
-AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) `
-Path $ADPath `
-Enabled 1
}
# Set username
$i = 1
$username = $firstName + $lastName.Substring(0,$i)
$username = $username.ToLower()
while ((Get-ADUser -filter {SamAccountName -eq $username}).SamAccountName -eq $username)
{
$username = $firstName + $lastName.Substring(0,$i++)
$username = $username.ToLower()
}
$email = $username + "@alex.local"
# Create the AD User
New-ADUser `
-Name "$firstname $lastname" `
-GivenName $firstname `
-Surname $lastname `
-Displayname "$FirstName $lastname" `
-UserPrincipalName $email `
-SamAccountName $username `
-AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) `
-Path $ADPath `
-Enabled 1
Write-Host -ForegroundColor Green "The user"$username" created successfully."
$firstname = Read-Host -Prompt "Enter First Name"
}
Write-Host -ForegroundColor Red "Done, Thank You"
still getting New-ADUser : The specified account already exists
Youâre not modifying the sAMAccountName
. If you have a user with the same firstname and lastname and youâre generating the sAMAccountName
from those values (firstname + initial) that has to be unique as well.
Just to be clear: letâs say you have a user âmatt bloomfieldâ who exists and a user âmatt brownâ that you want to create:
When you check for the user by searching for the distinguishedName
'CN=matt brown,OU=Users,OU=Alex,DC=alex,DC=local'
you wonât find the user so youâre assuming itâs OK to create it. However, the sAMAccountName
that youâre generating will be mattb
which is the same as the sAMAccountName
for the existing user.
You will need to write checks and/or handle errors for any attributes that must be unique.
I understand that
by my sAMAccountName
if different
whit this command
while ((Get-ADUser -filter {SamAccountName -eq $username}).SamAccountName -eq $username)
{
$username = $firstName + $lastName.Substring(0,$i++)
$username = $username.ToLower()
}
but still it not possbile for me to create 2 users with the same name but with different sAMAccountName
OK, I missed that bit when I scanned through your initital post
If you look at your latest post though, youâre executing the code out of order. You need to make sure the sAMAccountName
is correct before you try to create the user.
Your current flow is:
$Initial
so the name will be the same.sAMAccountName
So, make sure you have a value for $initial
so that you can modify the name if required.
Have a look at the order in which youâre doing things.
As previously suggested, use a function to avoid duplicating the create user code.
Wow thank you.
i dont know how to that
can you maybe assist me?
After thinking about it a bit you can get away with not using a function in this script.
Iâve not tested this as I donât have an AD to test against but it should give you an idea of what you need to do.
$ADPath = "OU=Users,OU=Alex,DC=alex,DC=local"
$firstname = Read-Host -Prompt "Enter First Name"
$lastname = Read-Host -Prompt "Enter Last Name"
$initial = Read-Host -Prompt "Enter Middle Initial"
$password = Read-Host -Prompt "Enter Password"
$dn = "CN=$firstname $lastname,$ADPath"
if (-not (Get-ADUser -Identity $dn)) {
$name = "$firstname $lastname"
}
else {
$name = "$firstname $initial $lastname"
}
$i = 1
$username = "$firstName$($lastName.Substring(0,$i))"
$username = $username.ToLower()
while ((Get-ADUser -filter {SamAccountName -eq $username}).SamAccountName -eq $username) {
$username = "$firstName$($lastName.Substring(0,$i++))"
$username = $username.ToLower()
}
$email = "$username@alex.local"
$params = @{
Name = $name
GivenName = $firstname
Surname = $lastname
Displayname = $name
UserPrincipalName = $email
SamAccountName = $username
AccountPassword = (ConvertTo-SecureString $password -AsPlainText -Force)
Path = $ADPath
Enabled = $true
}
New-ADUser @params
I changed a couple of bits in your code as you should try to:
thank you
but this is the error that i got after running your script:
Get-ADUser : Directory object not found
At line:11 char:11
~~~~~~~~~~~~~~~~~~~~~~~~
New-ADUser : Cannot validate argument on parameter âNameâ. The argument is null or empty. Provide an argument that is not null or empty, and then try the command
again.
At line:41 char:12
~~~~~~~
OK, sounds like Get-ADUser
throws an exception if the user doesnât exist. Try this instead.
If that doesnât work, Iâll spin up a VM over the weekend if I get time and test it properly.
$ADPath = "OU=Users,OU=Alex,DC=alex,DC=local"
$firstname = Read-Host -Prompt "Enter First Name"
$lastname = Read-Host -Prompt "Enter Last Name"
$initial = Read-Host -Prompt "Enter Middle Initial"
$password = Read-Host -Prompt "Enter Password"
$dn = "CN=$firstname $lastname,$ADPath"
try {
Get-ADUser -Identity $dn
$name = "$firstname $initial $lastname"
}
catch{
$name = "$firstname $lastname"
}
$i = 1
$username = "$firstName$($lastName.Substring(0,$i))"
$username = $username.ToLower()
while ((Get-ADUser -filter {SamAccountName -eq $username}).SamAccountName -eq $username) {
$username = "$firstName$($lastName.Substring(0,$i++))"
$username = $username.ToLower()
}
$email = "$username@alex.local"
$params = @{
Name = $name
GivenName = $firstname
Surname = $lastname
Displayname = $name
UserPrincipalName = $email
SamAccountName = $username
AccountPassword = (ConvertTo-SecureString $password -AsPlainText -Force)
Path = $ADPath
Enabled = $true
}
New-ADUser @params
Thank you very much now its working
I have one more issue
Iâm using employee numbers instead of Middle Initial
is there a way to force enter just numbers?
You could use a function with advanced parameter and use its validation to limit the input to whatever you need.