none
Issue with User Creation script from CSV (PS QuestAD)

    Question

  • Good day masterminds of scripting!

    I have run into a problem with a bulk export/import of users and OUs from one domain to another one. Basically, a poor man`s AD replication with conditions.


    $ParentOU = "one.local/RENAMED"
    $a = "two.local/Accounts_Users/Finance/CPH"
    $TARGETOU = $a -replace "two.local/Accounts_Users",$ParentOU

    Works like a charm, however, I require the $TARGETOU to be written in a form:

    import-csv c:\Users.csv |
        foreach {
        $TARGETOU = $_.ParentContainer -replace ("two.local/Accounts_Users",$ParentOU)

        new-QADUser -ParentContainer $TARGETOU .....

    As I require the first part of the source OU to be adjusted to the target OU, saving the last part, in order to save the AD structure.

    Any advice would be much appreciated!


    • Edited by merrowind Wednesday, February 29, 2012 11:44 AM
    Wednesday, February 29, 2012 11:44 AM

Answers

  • First, the script you posted earlier needs to be corrected per your last reply (so that $Domain is "two.local"). Second, your original post should have had:

    $TARGETOU = $_.ParentContainer -replace ("one.local/Accounts_Users",$ParentOU)

    Third, I've decided that $ParentOU is a reference to the first OU object created in the new domain. It is not a string, so perhaps it does not work in the Replace function. My guess is that $ParentOU.ParentContainer has the value "two.local/TST". If so, perhaps the solution is to use the following statement in the ForEach loop of the second script:

    $TARGETOU = $_.ParentContainer -replace("one.local/Accounts_Users", $ParentOU.ParentContainer)

    -----



    Richard Mueller - MVP Directory Services

    Saturday, April 07, 2012 4:19 PM
    Moderator

All replies

  • If you just want to change the last part of the DN, why not just rename the AD object?

    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    Wednesday, February 29, 2012 12:02 PM
  • I am not sure I completely understand you.

    I need to re-create the OU structure, which I`ve got covered, alas, I`m at loss, as to why I fail to rename the Parent Container in the piping process of importing the data from the datasheet of the source domain.

    The script has to complete stand-alone, as communication between the domains is not an option.

    It is an option to rename the Parent Container value at the data export process as well, however that would mean pretty much the same foreach/rename steps.

    • Edited by merrowind Wednesday, February 29, 2012 12:43 PM
    Wednesday, February 29, 2012 12:40 PM
  • So, if I understand correctly, you have exported a whole lot of users from one domain, and now want to re-create the same domain structure in a new and separate domain?

    If so, please provide a sample of what the first few lines of

    Import-CSV C:\users.csv

    ...will produce, so we can get a better idea of the kind a data we are dealing with?


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)


    • Edited by Bigteddy Wednesday, February 29, 2012 12:50 PM
    Wednesday, February 29, 2012 12:49 PM
  • Good day masterminds of scripting!

    I have run into a problem with a bulk export/import of users and OUs from one domain to another one. Basically, a poor man`s AD replication with conditions.


    $ParentOU = "one.local/RENAMED"
    $a = "two.local/Accounts_Users/Finance/CPH"
    $TARGETOU = $a -replace "two.local/Accounts_Users",$ParentOU

    Works like a charm, however, I require the $TARGETOU to be written in a form:

    import-csv c:\Users.csv |
        foreach {
        $TARGETOU = $_.ParentContainer -replace ("two.local/Accounts_Users",$ParentOU)

        new-QADUser -ParentContainer $TARGETOU .....

    As I require the first part of the source OU to be adjusted to the target OU, saving the last part, in order to save the AD structure.

    Any advice would be much appreciated!


    You cannot change the parent container of an object. It is fixed.  You can only move or rename the object.

    If ypu aare recreateing the object in a new domain the just grab the target OU and add the object by name.  YO cannot create accounts using the old domain name so just use samaAccoupntName and the other personal attributes like SN to create teh new account.

    There is a user migration tool that does all of this automatically.  Just give it the source domain and ou(s) and the target domaina and OU mappings and it will do all of the rest and generate a log or just test the move to see if it can be done without confilct.


    ¯\_(ツ)_/¯

    Wednesday, February 29, 2012 6:43 PM
  • Good day masterminds of scripting!

    I have run into a problem with a bulk export/import of users and OUs from one domain to another one. Basically, a poor man`s AD replication with conditions.


    $ParentOU = "one.local/RENAMED"
    $a = "two.local/Accounts_Users/Finance/CPH"
    $TARGETOU = $a -replace "two.local/Accounts_Users",$ParentOU

    Works like a charm, however, I require the $TARGETOU to be written in a form:

    import-csv c:\Users.csv |
        foreach {
        $TARGETOU = $_.ParentContainer -replace ("two.local/Accounts_Users",$ParentOU)

        new-QADUser -ParentContainer $TARGETOU .....

    As I require the first part of the source OU to be adjusted to the target OU, saving the last part, in order to save the AD structure.

    Any advice would be much appreciated!


    I don't see any issue with what you are trying to do. Are you receiving an error?  When you are running New-QADUser, the targetOU variable should be set to "one.local/RENAMED/Finance/CPH".


    Rich Prescott | Infrastructure Architect, Windows Engineer and PowerShell blogger | MCITP, MCTS, MCP

    Engineering Efficiency
    @Rich_Prescott
    Windows System Administration tool
    AD User Creation tool

    Wednesday, February 29, 2012 11:50 PM
    Moderator
  • Data Export:

    Write-Host "!!!Script is to be executed with elevated privilegies!!!"

    Write-Host Exporting OU and User data from $SOURCE

    Set-Executionpolicy -ExecutionPolicy bypass -force

    Add-PSSnapin Quest.ActiveRoles.ADManagement

    Set-QADPSSnapinSettings -DefaultSizeLimit 0

    $SOURCE = "one.local/Accounts_Users"

    $EXPORTUSER = "C:\TEST\Users.csv"

    $EXPORTOU = "C:\TEST\OU.csv"

    Get-QADObject -Type OrganizationalUnit -SearchRoot $SOURCE |

    select name |

    Export-csv -Path $EXPORTOU -Encoding Unicode

    Get-QADUser -SearchRoot $SOURCE" -Enabled |

    select  name,SamAccountName,description,Firstname,lastname,email,ParentContainer |

    Export-Csv -Path $EXPORTUSER -Encoding Unicode

     

    Replication”

    Write-Host "!!!Script is to be executed with elevated privilegies!!!"

    $confirmpreference = "None"

    Set-Executionpolicy -ExecutionPolicy bypass -force

    Add-PSSnapin Quest.ActiveRoles.ADManagement

    #$PREFIX to define user account prefix

    $PREFIX = "adm"

    #$DOMAIN to define target domain on which the user account will be created.

    $DOMAIN = "@two.local"

    $PASS = "123456"

    #Creating OUs in the target domain

    New-QADObject -Type OrganizationalUnit -ParentContainer $DOMAIN -Name "TST" -Description "TEST OU" -OutVariable ParentOU

    Import-Csv C:\TEST\OU.csv |

    foreach {

          New-QADObject -Type OrganizationalUnit -ParentContainer $ParentOU -Name $_.Name -Description $_.Name

    }

    #Creating Users in the target domain

    import-csv c:\TEST\Users.csv |

          foreach {

          $TARGETOU = $_.ParentContainer -replace ("one.local/Accounts_Users",$ParentOU) #Modify the ParentContainer data while importing, to suit the target domain AD structure and ensure replication of the source AD structure.

          $SAMACC = $PREFIX + $_.samaccountname

          $UPName = $SAMACC + $DOMAIN

          new-QADUser -ParentContainer $TARGETOU -name $_.name -DisplayName $_.name -SamAccountName $SAMACC -UserPrincipalName $UPName -UserPassword $PASS -description $_.Description -Firstname $_.firstname -lastname $_.lastname -Email $_.email

          Set-QADUser -Identity $UPName -userMustChangePassword $true

          Disable-QADUser  -Identity $UPName

    If tunneling imported attribute of ParentContainer value, it returns blank, as opposed to the manual input.And I agree, that I cannot see a fault in the syntax myself. Also, I am open to optimization suggestions and analog solutions.

    *Note: the script has been tested and proved working, but the last drop is the modification of the targetOU for the new user objects.


    • Edited by merrowind Thursday, March 01, 2012 5:34 AM
    Thursday, March 01, 2012 5:33 AM
  • Example of the User data Imported/Exported:

    Name,SamAccountName,Description,FirstName,LastName,Email,ParentContainer

    "Klaus Jørgensen","KJ","Finance","Klaus","Jørgensen","kj@one.local","one.local/Accounts_Users/Finance"

    *bump*

    Thursday, March 15, 2012 7:01 PM
  • I don't use the Quest cmdlets, so I'm not used to the ParentContainer being in canonicalName format (instead of distinguished name). First, the example csv file you posted March 15, seems to already have the ParentContainer field modified. It refers to one.local instead of the original two.local. Do you mean to replace "two.local/Accounts_Users" with the string "one.local/RENAMED", as implied in your original post? If so, the string "one.local/Accounts_Users" will not be modified.

    In the last script you posted you have

    $TARGETOU = $_.ParentContainer -replace ("one.local/Accounts_Users",$ParentOU)

    But what is the value of $ParentOU? I guess I don't see how the value is assigned by this statement:

    New-QADObject -Type OrganizationalUnit -ParentContainer $DOMAIN -Name "TST" -Description "TEST OU" -OutVariable ParentOU

    Can you verify the value assigned to $ParentOU?

    And, of course, I don't understand the following:

    $DOMAIN = "@two.local"

    if that becomes the parent container of the first OU created.


    Richard Mueller - MVP Directory Services

    Tuesday, March 20, 2012 4:24 PM
    Moderator
  • New-QADObject -Type OrganizationalUnit -ParentContainer $DOMAIN -Name "TST" -Description "TEST OU" -OutVariable ParentOU

    Is the string that defines $ParentOU var.

    I have verified that $ParentOU is defined correctly with value "two.local/TST"

    $DOMAIN does indeed specify the root, and creates the main OU in which to operate.

    Tuesday, March 20, 2012 7:48 PM
  • So the distinguished name of the domain is "dc=@two,dc=com"? Or does Quest interpret the "@two.com" as "dc=two,dc=com"? I just thought it was a mistake.


    Richard Mueller - MVP Directory Services

    Tuesday, March 20, 2012 9:54 PM
    Moderator
  • @ is illegal in a domain name or in any name in AD.  It is only legal in the email address or the users domain identifier also known as the 'UserPrincipalName'

    dc=@anyhting is illegal.  It is impossible to create a spmoin name with an @ in it in AD, DNS or anywhere else.

    This get confused by some because non-technical people refere to teh @com.com part of an email address as teh 'email domain'.  The email domain is actually everything AFTER the @.


    ¯\_(ツ)_/¯

    Tuesday, March 20, 2012 10:11 PM
  • Gents, sorry for the late reply - worky, worky.

    $DOMAIN = $env:USERDNSDOMAIN
    $UPName = ($_.samacountname + "@" + $DOMAIN)

    Is what I use to determine target domain and format the UPN accodingly.

    Saturday, March 31, 2012 7:48 AM
  • First, the script you posted earlier needs to be corrected per your last reply (so that $Domain is "two.local"). Second, your original post should have had:

    $TARGETOU = $_.ParentContainer -replace ("one.local/Accounts_Users",$ParentOU)

    Third, I've decided that $ParentOU is a reference to the first OU object created in the new domain. It is not a string, so perhaps it does not work in the Replace function. My guess is that $ParentOU.ParentContainer has the value "two.local/TST". If so, perhaps the solution is to use the following statement in the ForEach loop of the second script:

    $TARGETOU = $_.ParentContainer -replace("one.local/Accounts_Users", $ParentOU.ParentContainer)

    -----



    Richard Mueller - MVP Directory Services

    Saturday, April 07, 2012 4:19 PM
    Moderator