Hi all,
I have a script that should create a user with an employee number a should check if the employee number is exciting to create a new employee number.
but this stop is no working for me
Import-Module ActiveDirectory
Function Test-PasswordForDomain {
Param (
[Parameter(Mandatory=$true)][string]$Password,
[Parameter(Mandatory=$false)][string]$AccountSamAccountName = "",
[Parameter(Mandatory=$false)][string]$AccountDisplayName,
[Microsoft.ActiveDirectory.Management.ADEntity]$PasswordPolicy = (Get-ADDefaultDomainPasswordPolicy -ErrorAction SilentlyContinue)
)
If ($Password.Length -lt $PasswordPolicy.MinPasswordLength) {
return $false
}
if (($AccountSamAccountName) -and ($Password -match "$AccountSamAccountName")) {
return $false
}
if ($AccountDisplayName) {
$tokens = $AccountDisplayName.Split(",.-,_ #`t")
foreach ($token in $tokens) {
if (($token) -and ($Password -match "$token")) {
return $false
}
}
}
return $true
}
function Get-AvailableEmployeeNumber {
param(
[int]$EmployeeNumber,
[string[]]$AllNum
)
if($AllNum -contains $EmployeeNumber){
Get-AvailableEmployeeNumber -EmployeeNumber ($EmployeeNumber + 1) -AllNum $AllNum
}
else{
$EmployeeNumber
}
}
# Grab Variables from User
$ADPath = "OU=Users,OU=Alex,DC=alex,DC=local"
# Grab Variables from User
$firstname = Read-Host -Prompt "Enter First Name"
# Stop by empty first name
while (!($firstname -eq "")){
$lastname = Read-Host -Prompt "Enter Last Name"
do {
try {
[int]$EmployeeNumber = Read-Host "Enter Employee Number"
}
catch [System.Management.Automation.PSInvalidCastException] {
Write-Warning "You can only use numbers!"
}
}
until (($EmployeeNumber -or $EmployeeNumber -eq 0) -and $EmployeeNumber -match "^[0-9]*$")
if (-not(Get-ADUser -filter "EmployeeNumber -eq '$EmployeeNumber'")) {
write-output "$EmployeeNumber is available."
}
else {
Write-Warning "EmployeeNumber '$EmployeeNumber' is already in use."
$allNum =
[Int32[]]($((Get-ADUser -Filter * -Properties EmployeeNumber).EmployeeNumber)) |
Sort-Object -Descending
$newNum = Get-AvailableEmployeeNumber -EmployeeNumber $EmployeeNumber -AllNum $allNum
Write-Output "The next Available EmployeeNumber is '$newNum'"
}
$password = Read-Host -Prompt "Enter password"
while(!(Test-PasswordForDomain -Password $password)){
write-host -ForegroundColor Yellow "Password complexity error!!!"
$password = Read-Host -Prompt "Enter password"
}
# Set username
$i = 1
$username = $firstName + $lastName.Substring(0,$i)
$username = $username.ToLower()
while ((Get-ADUser -filter {SamAccountName -eq $username}).SamAccountName -eq $username)
{
$username = $firstName + $lastName.Substring(0,$i++)
$username = $username.ToLower()
}
$email = $username + "@alex.local"
if (Get-ADUser -Filter "surname -eq '$lastname' -and givenname -eq '$firstname'")
{
# Create the AD User
New-ADUser `
-Name "$firstname $lastname ($EmployeeNumber)" `
-GivenName $firstname `
-Surname $lastname `
-EmployeeNumber $EmployeeNumber `
-Displayname "$FirstName $lastname" `
-UserPrincipalName $email `
-SamAccountName $username `
-AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) `
-Path $ADPath `
-Enabled 1
}
else
{
# Create the AD User
New-ADUser `
-Name "$firstname $lastname" `
-GivenName $firstname `
-Surname $lastname `
-EmployeeNumber $EmployeeNumber `
-Displayname "$FirstName $lastname" `
-UserPrincipalName $email `
-SamAccountName $username `
-AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) `
-Path $ADPath `
-Enabled 1
}
Write-Host -ForegroundColor Green "The user"$username" created successfully."
Remove-Variable -Name 'EmployeeNumber'
$firstname = Read-Host -Prompt "Enter First Name"
}
Write-Host -ForegroundColor Red "Done, Thank You"
that’s a big chunk of code. Where exactly does it stop? Please don’t make us debugging your complete script.
And BTW: Since you seem to anyway increase the number the user of this script enters if it’s already there why not assigning a new employee number automatically by increasing the last/highest found employee number? That would make your script a little more robust.
i thouth this is helping forum
so i thouth that maybe someone will hlep me
but i see that you the only one whos here an you not willing to help
so i will look for some other help
Of course. But you have to be willing to help us helping you as well. So either you tell us where exactly your code is not working as expected or you post the approach you coulnd’t complete and we could try to make it work.
If you have an OU in your AD where you have all your user accounts I hihgly recommend to use a SearchBase pointing to this OU as this reduces the stress you put on your AD with this kind of query.
Regardless of that … please read the help for
Using backticks to be able to add line breaks is a really bad style and error prone btw.
Your function New-AdUser would look like this:
The function I suggested does not need any input at all. So you can drop all the code you used to get the input from the user and all that other stuff. With the name you used for the function (EmployeeNumber) all you need is this:
The function I suggested determines the next unused employeenumber. So you don’t need to provide a particular employeenumber at all. If you insist to provide a particular employeenumber you have to use your own code. Is that really so hard to understand?
Do you have a completely empty AD with no user accounts yet?
OK. And I assume they already have employeenumbers, right? So when you use my suggestion the newly created user will automatically get an employeenumber 1 number higher than the highest already existing employeenumber.