Script to generate unique username

I have a script that takes a input CSV, and for new users generates unique usernames using the first initial of first name, and last name(complete last name). If a user already exists, then it should take first 2 initials of first name and complete last name and so on. If a characters in first name ends, then it should increment it with number. For example:
User 1: John Smith - JSmith
User 2: John Smith - JoSmith
User 3: John Smith - JohSmith
User 4: John Smith - JohnSmith
User 5: John Smith - JohnSmith1
User 6: John Smith - JohnSmith2

As an added functionality, script should also check if user already exists in AD using another unique attribute “employeeId”. If a user already exists (i.e not a new user) then it should not generate unique username for such users, and populate output csv with existing username from AD.
I am unable to populate output csv with existing username from AD. My current output cvs only contains list of users for whom new unique username is generated using script.

Bit of a weird username policy. It makes handling long surnames tricky.

Please share your code.

When sharing code, please be sure to format it correctly:

How to format code on PowerShell.org

That policy is different to say the least. Why not use something simpler like:

JSmith1
JSmith2
JSmith3
etc…

Is there a compelling reason for that syntax? just curious.

I would actually encourage a simpler account naming convention.

The larger the organization, the more value there is in using complete legal names as the basis for the account. It also simplifies account creation and uniqueness checking either by script or using something like Microsoft Identity Manager to create accounts.

People’s preferred names that do not match official HR records or chopped up names like you are proposing can really create stress for those that are trying to make sure the account they are about to place into an ACL group for something sensitive is really and truly the right account.

Full legal name for first and last names attributes.
Full legal name as the basis of the UPN
First John Smith hired gets to be john.smith
Second john smith hired gets to be john.h.smith
If you actually hire another John H Smith, he will get to be john.h.smith2

using first dot last format has a lot of friendliness to it and helps with consistency across AD, Exchange, Skype via convention so that users have to remember less. And unless you measure your employees in 10’s of thousands rarely do you run into the need to add a number.

Don’t forget the UPN and SAM do not have to match and the UPN can hold far more characters than SAM. I have yet to run into a name that can’t be built into a UPN using full first and last legal names.

For the SamAccountName, I am wished I had created a fixed account name that wasn’t based on the user’s legal name. Basing the SAM on the user’s actual name runs into a couple problems.
1. name changes. Everything but the SAM is easy. But changing the SAM can get tricky in some situations due to cached credentials. In the office, easy peasy. If they are remote, not so much.
2. length of name. Since the SAM is limited to 20 character you can really butcher some names.

For the SAM, maybe create a random name 5 characters that mix letters and numbers. It will then be fixed, won’t ever need to change, and really isn’t an issue for anything I mentioned above. But oh will it make your life easier when people want to change their names due to marriage or if HR goofed and you need to correct the spelling on the account.

just some thoughts for you.

Or, one could use the employee ID as the identifier since it is unique. You can precede that with a letter to indicate contractor, employee etc. That is what a previous employer of mine did. That also forces them to know their employee ID as well.

More thoughts :slight_smile:

sorry for bad format. I am new to forum