New-ADUser: Access is Denied

by graybin at 2012-11-20 12:19:36

When I run the New-ADUser command through a script, I get the error, but if I run the exact same command in the same powershell session, it works fine and I don’t get the error. The rest of the script runs fine, I have started the session normally and as Administrator.
by powerschill at 2012-11-20 12:38:40
Can you post the output so we can review?
by graybin at 2012-11-21 04:59:53
$txt = -Name ‘$test’ -SamAccountName ‘$test’ -DisplayName ‘Test SA’ -AccountPassword $global:Pass -Description ‘This is a test Service Account’ -Enabled $True -Path " <Valid Path here> "
$global:Pass is of SecureString type

Works if I run the line “New-ASUser $txt”, but I get the following if I run the script:
New-ADUser : Access is denied
At C:\AddNewUser.ps1:33 char:11
+ New-ADUser <<<< $txt
+ CategoryInfo : PermissionDenied: (CN=\ -Name '$te…C=BobLoblaw,DC=com:String) [New-ADUser], UnauthorizedA
ccessException
+ FullyQualifiedErrorId : Access is denied,Microsoft.ActiveDirectory.Management.Commands.NewADUser
by powerschill at 2012-11-21 10:00:09
I am not sure but I would guess that the issue is referencing the global Pass variable. Are you executing the command and the script in the same PowerShell session? Also I would recommend using the structure below to define your parameters. Its called splatting.

$Parameters = @{
Name = “$Test”
SamAccountName = “Test”
DisplayName = ‘Test SA’
AccountPassword = $Global:Pass
Description = ‘This is a test Service Account’
Enabled = $True
Path = " <Valid Path here> "

}
New-ADUser @Parameters
by Infradeploy at 2012-11-21 13:22:24
UAG maybe?
by graybin at 2012-11-23 04:14:33
We don’t use Forefront UAG