Hello,
I have a script that creates new AD User. But, when I open the account in AD, and go to the “Account” tab, I can see the “User logon name” is correct, but there’s a drop down menu to the right of it where it’s blank.
I want it to say “@domain_name.com ”, how would I do that?
Thank you,
Tony
One more question,
so my user’s account name is bbobertson.
When I search AD for bbobertson, it displays bbobertson, how would I make it display Bob Bobertson?
Olaf
November 15, 2016, 10:24am
3
For your 1st question: you may show your script. Maybe there is something missing.
For your 2nd question - try this:
Get-ADUser -Identity bbobertson | Select-Object -ExpandProperty DisplayName
Thank you,
$Sam_Account_Name = "bbobertson"
$Employee_Names = "Bob Bobertson"
New-ADUser $Sam_Account_Name -Title $Job_Title -GivenName $First_Name -Surname $Last_Name -DisplayName $Employee_Names -SamAccountName $Sam_Account_Name -UserPrincipalName $Sam_Account_Name -AccountPassword $AccountPassword -Enabled $true -ChangePasswordAtLogon $true
Set-ADUser $Sam_Account_Name -EmailAddress $Sam_Account_Name"@company.com" -Description $Description -Office $Office -OfficePhone $OfficePhone -StreetAddress $StreetAddress -City $City -State $State -PostalCode $Zipcode -Fax $Fax -Department $Department -Company $Company -Manager $Manager -HomeDrive 'H:' -HomeDirectory $HomeDirectory
Olaf
November 15, 2016, 12:08pm
5
If I’m not wrong you cannot use the sAMAccaountName as the UserPrincipalName. Here you can see the naming restrictions for the UPN: User Naming Attributes . It has to have a ‘prefix’ and a ‘suffix’
I have “Bob Bobertson” as the UserPrincipalName, and when I run
Get-ADUser bboberson | select-object UserPrincipalName , I can see it says Bob Boberson
Still, when I search AD for Bob Boberston, it’s displaying as bbobertson
You need to set the Name to be Bob Boberson
Add
-Name “$first_name $last_name”
to the New-ADUser statement
Your UPN is also wrong it should something like
-UserPrincipalName “$Sam_Account_Name@domain.com ”
Thank you,
I have the UPN, and it’s applying it to the domain.
I tried -Name “$First_Name $Last_Name”, but it’s showing the message below.
Set-ADUser : A parameter cannot be found that matches parameter name ‘Name’.
Some other tips. You should consider using splatting and need to add basic error handling:
$newUsrParams = @{
Name = ("{0} {1}" -f $First_Name, $Last_Name)
Title = $Job_Title
GivenName =$First_Name
Surname = $Last_Name
DisplayName = $Employee_Names
SamAccountName = $Sam_Account_Name
UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name
AccountPassword = $AccountPassword
Enabled = $true
ChangePasswordAtLogon = $true
ErrorAction = "Stop"
}
try {
New-ADUser @newUserParams
}
catch {
"There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
}
Thank you Rob, I’m new to powershell, I should really sit down and learn it. I’m just using Google, YouTube, and this forum for now.
I did the splatting and try & catch, but now getting this, not sure what I’m doing wrong.
There was an issue creating BobB. The name provided is not a properly formed account name
$New_User_Info = @{
Name = ("{0} {1}" -f $First_Name, $Last_Name)
SamAccountName = $Sam_Account_Name
Title = $Job_Title
GivenName = $First_Name
Surname = $Last_Name
DisplayName = $Employee_Names
UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name
AccountPassword = $AccountPassword
Enabled = $true
ChangePasswordAtLogon = $true
EmailAddress = "$Sam_Account_Name@mycompany.com"
Description = $Description
Office = $Office
OfficePhone = $OfficePhone
StreetAddress = $StreetAddress
City = $City
State = $State
PostalCode = $Zipcode
Fax = $Fax
Department = $Department
Company = $Company
Manager = $Manager
HomeDrive = 'H:'
HomeDirectory = $HomeDirectory
}
try
{
New-ADUser @$New_User_Info
}
catch
{
"There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
}
Olaf
November 15, 2016, 3:28pm
12
Well … Google and Youtube are not the worst places to start but maybe you should do it with a little structure. Here you can find some great places to start:
Beginner Sites And Tutorials
Have it dump $New_User_Info when you get an error. That way you can see what you tried to do and will likely lead you to your error.
Thanks, I have $New_User_Info, and it’s saying this below. Everything looks correct to me, not sure why it’s not creating the account now.
There was an issue creating BobB. The name provided is not a properly formed account name
Name Value
AccountPassword System.Security.SecureString
Description Chester
UserPrincipalName BobB@company.com
Name BobB
SamAccountName BobB
HomeDrive H:
ErrorAction Stop
EmailAddress BobB@company.com
DisplayName Bob Bobertson
Office Chester 5002
GivenName Bob
First, this is a big task for a first script. There are a lot of other things you’ll need to check like if a user exists before you create them. If you run the following:
Get-Help New-ADUser -Full
Each command has a certain amount of parameters. If you try passing parameters the command isn’t expecting, you’re going to get an error. So, run the command above to see the parameters for New-ADUser and those are the only items that should be contained in the splat. If you start with this and see if the account creates successfully:
$First_Name = "Bob"
$Last_Name = "Bobertson"
$Sam_Account_Name = "{0}{1}" -f $First_Name.Substring(0,1), $Last_Name
$Friendly_Name = ("{0} {1}" -f $First_Name, $Last_Name)
$Job_Title = "Accounting Analyst I"
$AccountPassword = "P@ssword1" | ConvertTo-SecureString -AsPlainText -Force
$newUsrParams = @{
Name = $Friendly_Name
Title = $Job_Title
GivenName =$First_Name
Surname = $Last_Name
DisplayName = $Friendly_Name
SamAccountName = $Sam_Account_Name
UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name
AccountPassword = $AccountPassword
Enabled = $true
ChangePasswordAtLogon = $true
ErrorAction = "Stop"
}
try {
$newUser = New-ADUser @newUsrParams
}
catch {
"There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
}
Once you get that code working, then you need to add your Set-ADUser command to update additional attributes:
$First_Name = "Bob"
$Last_Name = "Bobertson"
$Sam_Account_Name = "{0}{1}" -f $First_Name.Substring(0,1), $Last_Name
$Friendly_Name = ("{0} {1}" -f $First_Name, $Last_Name)
$Job_Title = "Accounting Analyst I"
$AccountPassword = "P@ssword1" | ConvertTo-SecureString -AsPlainText -Force
$newUsrParams = @{
Name = $Friendly_Name
Title = $Job_Title
GivenName =$First_Name
Surname = $Last_Name
DisplayName = $Friendly_Name
SamAccountName = $Sam_Account_Name
UserPrincipalName = "{0}@mycompany.com" -f $Sam_Account_Name
AccountPassword = $AccountPassword
Enabled = $true
ChangePasswordAtLogon = $true
ErrorAction = "Stop"
}
$setUsrParams = @{
Department = "Accounting"
ErrorAction = "Stop"
}
try {
$newUser = New-ADUser @newUsrParams
try {
$newUser | Set-ADUser $setUsrParams
}
catch {
"There was an issue setting attributes on user {0}. {1}" -f $Sam_Account_Name, $_
}
}
catch {
"There was an issue creating {0}. {1}" -f $Sam_Account_Name, $_
}
Do one small chunk at a time and make sure it works before trying to set 40 attributes. Update a couple, validate it worked and then keep adding them until all attributes are updated.
Thanks again Rob. I’ll try doing that.
The data dump looks ok, but I’ll echo @Rob ’s suggestion to trim out everything that isn’t essential to creating the account. Your name/samaccountname fields look ok, but perhaps they contain leading/trailing spaces? Also, are you editing the output, or is your domain name really company.com ? Make sure the upn is a proper one, again, with no extra spaces.
Thank you all,
I have it working now. Appreciate everyone’s help and hints.