I’m getting errors on this script: “New-ADUser : The server was unable to process the request due to an internal error.”
$Firstname = Read-Host "Enter new First name"
$Lastname = Read-Host "Enter new Last name"
$Username = Read-Host "Enter new Username"
$Password = Read-Host "Enter new Password"
$OrgName = ",DC=MyDC,DC=org'"
$O = Read-Host "Enter OU Name"
$O2 = "'OU="
$OU = $O2 + $O + $OrgName
#Existing User?
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user exist error out
Write-Warning "A user account $Username has already been created in Active Directory."
}
else
{
New-ADUser -Name "$Firstname $Lastname" -SamAccountName "$Username" -UserPrincipalName '"$Username@MyDomain.org"' -GivenName $Firstname -Surname $Lastname -Enabled $True -EmailAddress "$Username@MyDomain.org" -ChangePasswordAtLogon $False -DisplayName "$Firstname $Lastname" -Path $OU -AccountPassword (convertto-securestring $Password -AsPlainText -Force)
}
Are you able to create the user account manually from UI ?
Some suggestions on the script:
Use parameters rather than using Read-Host in script for inputs.
Param(
[Parameter(Mandatory]
[string]$Firstname,
[Parameter(Mandatory]
[string]$$Lastname,
[Parameter(Mandatory]
[string]$$Username,
[Parameter(Mandatory]
[System.Security.SecureString]$$Password,
[Parameter(Mandatory]
[string]$OUName
)
$O2 = "'OU="
$OU = $O2 + $OUName + $OrgName
$UPN = "{0}@MyDomain.org" -f $Username
#Existing User?
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user exist error out
Write-Warning "A user account $Username has already been created in Active Directory."
}
else
{
New-ADUser -Name "$Firstname $Lastname" -SamAccountName $Username -UserPrincipalName $UPN -GivenName $Firstname -Surname $Lastname -Enabled $True -EmailAddress "$Username@MyDomain.org" -ChangePasswordAtLogon $False -DisplayName "$Firstname $Lastname" -Path $OU -AccountPassword $Password
}
Or if you want those descriptinve input questions, that can be done via parameters too.
Param(
[string]$Firstname = $(Read-Host "Enter new First name"),
[string]$$Lastname = $(Read-Host "Enter new Last name"),
[string]$$Username = $(Read-Host "Enter new Username"),
[System.Security.SecureString]$$Password = $(Read-Host "Enter new Password"),
[string]$OUName = $(Read-Host "Enter OU Name")
)
Not using parameters will make it difficult to automate things… in case of some other script calling this script.
You need to remove the ‘ from the $OrgName and $O2 variables. The $OU variable will combine the full organizational unit into one string and there is no need to have another set of ’.
$Firstname = Read-Host "Enter new First name"
$Lastname = Read-Host "Enter new Last name"
$Username = Read-Host "Enter new Username"
$Password = Read-Host "Enter new Password"
$OrgName = ",DC=MyDC,DC=org"
$O = Read-Host "Enter OU Name"
$O2 = "OU="
$OU = $O2 + $O + $OrgName
#Existing User?
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user exist error out
Write-Warning "A user account $Username has already been created in Active Directory."
}
else
{
New-ADUser -Name "$Firstname $Lastname" -SamAccountName "$Username" -UserPrincipalName '"$Username@MyDomain.org"' -GivenName $Firstname -Surname $Lastname -Enabled
$True -EmailAddress "$Username@MyDomain.org" -ChangePasswordAtLogon $False -DisplayName "$Firstname $Lastname" -Path $OU -AccountPassword (convertto-securestring
$Password -AsPlainText -Force)
}
Also, I would definitely recommend implementing the approach @kvprasoon suggested by removing the Read-Host and creating parameters for the inputs. Another suggestion is to splat your New-ADUser variables.
$ADParams = @{
Name = "$Firstname $Lastname"
SamAccountName = $Username
UserPrincipalName = "$Username@MyDomain.org"
GivenName = $Firstname
Surname = $Lastname
Enabled = $True
EmailAddress = "$Username@MyDomain.org"
ChangePasswordAtLogon = $False
DisplayName = "$Firstname $Lastname"
Path = $OU
AccountPassword = (convertto-securestring $Password -AsPlainText -Force)
}
New-ADUser @ADParams
pwshliquori
Both suggestions were a big help. thanks!