none
Powershell New-ADUser -Instance

    Domanda

  • I have searched, but was unable to find anything helpful, so my apologies in advance for my ignorance.

    I have manage to create a powershell script that imports a simple csv file and create users. Unfortunately I could not see a way to ad these users to a global group. So I thought to use the -Instance parameter. I even got that to work (or so it seemed), but the properties of the template user do not appear in the new users.

    Here is my script (sanitised and without the CSV bit)

    new-ADuser -name "My Test" -instance (get-AdUser -identity "#Template") `
    -accountPassword (ConvertTo-SecureString "Pa55w0rd" -asPlainText -force) `
    -changePasswordAtLogon $True -enabled $True -GivenName "My" `
    -path "ou=Learners,dc=contoso,dc=com" -samAccountName "MyTest" -Surname "Test" `
    -userPrincipalName ("MyTest@contoso.com")

    It runs without error.

    Am I wrong in beleiving that group membership should be copied from the template?

    venerdì 2 marzo 2012 12:05

Risposte

  • Group membership is not really a property of a user object.  That is an indirect property that is provided to you by ADSI, from examining the Members properties of the Group objects.

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    venerdì 2 marzo 2012 12:34
  • ADUC is doing the group membership population for you when you copy a user through that interface.

     

    I don't think it's accurate to say that those are the only properties you can use.  Those are the only properties there is a named parameter for, but there are many other properties you can set using the -add, -remove, and -replace parameters with a hash table.  You use those to manage properties they did not provide a named parameter for.  I think any property of the instance that's not an indirect or read-only property (like SID) can be copied, but I can't say I've ever tested that.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    venerdì 2 marzo 2012 15:25

Tutte le risposte

  • Group membership is not really a property of a user object.  That is an indirect property that is provided to you by ADSI, from examining the Members properties of the Group objects.

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    venerdì 2 marzo 2012 12:34
  • Thanks Rob

    I will take you at your word on that :)

    However if I copy a user account in ADU&C group membership is also copied.
    So are you saying that you can use 

    New-ADuser -instance $UserTemplate 

    only for the properties listed in http://technet.microsoft.com/en-us/library/dd378959(v=ws.10).aspx ?

    venerdì 2 marzo 2012 15:17
  • ADUC is doing the group membership population for you when you copy a user through that interface.

     

    I don't think it's accurate to say that those are the only properties you can use.  Those are the only properties there is a named parameter for, but there are many other properties you can set using the -add, -remove, and -replace parameters with a hash table.  You use those to manage properties they did not provide a named parameter for.  I think any property of the instance that's not an indirect or read-only property (like SID) can be copied, but I can't say I've ever tested that.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    venerdì 2 marzo 2012 15:25
  • Thanks

    I shall continue to experiment.

    venerdì 2 marzo 2012 17:22
  • Hi,

    I would like to confirm that is there any update about the issue. If there is anything else we can do for you, please feel free let us know.

    Best Regards,

    Yan Li

     

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Yan Li

    TechNet Community Support

    lunedì 5 marzo 2012 06:34
  • No furtehr help required, Thank you.
    lunedì 5 marzo 2012 08:15
  • This can be helpfull for your question...

    Add-ADPrincipalGroupMembership -id $username -server $DC -MemberOf (Get-ADPrincipalGroupMembership -id $TemplateUser | ? {$_.name -match "All_Groups_*"})

    lunedì 29 luglio 2013 16:24