locked
Issue with user account creation PS script RRS feed

  • Question

  • I am having an issue with a script that I have been modifying to create AD accounts from a CSV file that gets uploaded on a daily basis. I'll start off by saying that I did not write this script, I found it online and it is available for anyone to use, I have only been modifying it to fit our needs. Also, I am really just getting into using PS more and more and definitely not a pro by any stretch, hence the reason I am here.

    I'll try not to make this incredibly long and boring but want you to understand the scripts purpose and where I am having problems at. The script should look for a CSV file and use that file to create/update/disable AD user accounts based on different fields. The script checks for duplicate SAM accounts as part of this process and has a method to come up with a different username if there is a duplicate. Also, based on the "Status" field the script should either enable or disable an existing user account.

    The main issue I am currently having is that the account will get created, everything seems to work properly except all accounts will be disabled during the running of the script, regardless of the status field. If I comment out those lines of the script the account will get created and be enabled like it should be so I'm not sure what I am missing.

    Also, when a duplicate SAMaccountname is found, the script should come up with a unique name based on defined rules but that does not seem to work properly as I get messages during the New-ADuser command that it fails due to a user with that name already existing. 

    I will post the code below and any help or guidance I could get would be greatly appreciated. I am not asking for someone to re-write this and make it work, simply point me in the right direction would be great. Again, I am not great with PS as of yet but do feel I at least understand the flow of this script, just can't seem to understand where it is going wrong at.

    # Import the Active Directory functions
    Import-Module ActiveDirectory
    
    #Setup some hashtables
    #For each school code in your SIS, map it to the appropriate fileserver in the format "schoolcode" = "servername";
    #$server = @{"1001" = "fscluster1"; "1002" = "SchoolB-FS"; "1003" = "SchoolC-FS"}
    #If you're using standardized abbreviations anywhere (perhaps your groups are named like like SITEA-Students, SITEB-Students etc) It's useful to create a map of those abbreviations
    $siteabbr = @{"1001" = "2021"; "1002" = "SITEB"; "1003" = "SITEC"}
    #Create a map of codes to Active Directory OUs where students should be moved/created etc. Student grade to grad year mapping.
    $orgunits = @{"12" = "2019"; "11" = "2020"; "10" = "2021"; "09" = "2022"; "08" = "2023"; "07" = "2024"; "06" = "2025"; "05" = "2026"; "04" = "2027"; "03" = "2028"; "02" = "2029"; "01" = "2030"; "K" = "2031"; "PK" = "2032"}
    #Create a map of grades to email distribution groups.
    $emailgroup = @{"12" = "Seniors"; "11" = "Juniors"; "10" = "Sophmores"; "9" = "Freshmen"; "PK" = "PK"}
    
    # Import the Data - This is based on using the accompanying SISsync.sql file to extract data from PowerSchool and expects a tab delimited file, if you're using a CSV from another system or autosend, change `t to , (or omit the delimiter option entirely) and modify the headers appropriately
    $sisfile = Import-Csv -delimiter "`t" -Path "C:\TEMP\AD_SYNC\DATA\cts export.txt" -header "grade","givenName","sn","lunchpin","studentid","status"
    
    #Start Processing per file line
    foreach ($sisline in $sisfile) {
    	#Set the username example below is gradyear+firstinitial+lastname. If a duplicate is found the format will be gradyear+firstthreeletters+lastname.
        $sisline.givenname | ForEach-Object {$firstinitial = $_[0]}
        $givenname = $sisline.givenname
        # $dup variable gets the first three letters of the students first name to use if a duplicate SAMaccountname is found.
        $dup = $sisline.givenname.Substring(0,3)
        $duplicate = $orgunits.Get_Item($sisline.Grade) + $dup + $sisline.sn
       	$sAMAccountName = $orgunits.Get_Item($sisline.Grade) + $firstinitial + $sisline.sn
    	#tidy up samaccountName to make it more valid (no spaces, double periods or apostrophies. Helpful for when there's data entry 'issues' in your source
    	$sAMAccountName = $sAMAccountName.replace(" ","")
    	$sAMAccountName = $sAMAccountName.replace("..",".")
    	$sAMAccountName = $sAMAccountName.replace("'","")
        $sAMAccountName = $sAMAccountName.replace("-","")
    	#Truncate to 19 characters
    	#$sAMAccountName = $sAMAccountName.substring(0,19)
    	#Set the displayname for the account in AD example below is firstname space lastname
    	$name = $sisline.givenName + " " + $sisline.sn
    	#Set a password for the account, example below takes their Lunch PIN (LunchPIN) and assigns it as their initial password
        $pass = "wildcats" + $sisline.lunchPIN 
    	$password = ConvertTo-SecureString -AsPlainText $pass -Force
    	#Set the UPN for the account for most instances, should be AD Account name + @AD.FQDN. Need to change for each domain!
    	$userPrincipalName = $sAMAccountName + "@slater.local"
    	#Set the mail attribute for the account (if desired, usually helpful if you're synchronizing to Google Apps/Office 365)
    	$mail = $sAMAccountName + "@testschool.net"
    	#Set name attributes
    	$givenName = $sisline.givenName
    	$sn = $sisline.sn
        #Set status variable (if account gets enabled or disabled) Status is determined whether or not there is a value in this field. Only 
        #will have a value if the student has withdrawn from school.
        $status = $sisline.status
    	#Store student ID in AD's "EmployeeID" attribute
    	$employeeID = $sisline.studentid
    	#Optional location attributes, helpful if syncing to Moodle via LDAP
    	$c = "US"
    	$co = "United States"
    	$l = $orgunits.Get_Item($sisline.Grade)
    	#Optional other attribute population we set these because they're easy to view with the MMC taskpad we push to secretaries to allow them to reset passwords
    	$company = $orgunits.Get_Item($sisline.Grade)
    	$physicalDeliveryOfficeName = $sisline.grade
    	$description = $orgunits.Get_Item($sisline.Grade)
    	$comment = $sAMAccountName + "@slater.local"
    	#Create a hashtable of all the "otherattributes" this is used when we create/update the user
    	$otherAttributes = @{'userPrincipalName' = "$userPrincipalName"; 'mail' = "$mail"; 'comment' = "$comment"; 'givenName' = "$givenName"; 'sn' = "$sn"; 'employeeID' = "$employeeID"; 'employeeNumber' = "$pass"; 'c' = "$c"; 'l' = "$l"; 'company' = "$company"; 'physicalDeliveryOfficeName' = "$physicalDeliveryOfficeName"; 'description' = "$description"}
    
    	#recast description as a string because AD commands require it and it gets converted to int if it's all numeric.
    	$otherAttributes.description = [string]$otherAttributes.description
    
    	#set the path variable to the OU the student should end up in. In the example below the AD OU Structure is Slater -> Test -> Students -> 2021
    	$path = "OU=" + $company + ",OU=STUDENT,OU=USERS,OU=MANAGED,DC=slater,DC=local"
    
    	#Check if student exists
    	#THIS IS WHERE IT GETS TERRIBLY SLOW IF YOU HAVEN'T ADDED EMPLOYEEID TO THE LIST OF INDEXED AD ATTRIBUTES. STRONGLY CONSIDER THIS.
    	$user = Get-ADUser -Filter {employeeID -eq $employeeID}
    
    	if ($user -eq $null) {
    		#student doesn't exist, create them
    		#find a valid username
    		#This is probably the most inelegant backwards way of doing this, but it works. Feel free to improve
    		$i = 1 
       		$sAMSearch = $sAMAccountName
    		while ((Get-ADUser -Filter {sAMAccountName -eq $sAMSearch}) -ne $null) {		
    			$sAMSearch = $duplicate
    			$i++
    		}
    		$i--
    		if ($i -ne 0) {
    		#name was taken, update constants to reflect new name formart gradyearfirstthreelastname
    			$sAMAccountName = $sAMSearch
    			$otherAttributes.Set_Item("userPrincipalName", $sAMAccountName + "@slater.local")
    			$otherAttributes.Set_Item("mail", $sAMAccountName + "@testschool.net")
    			$otherAttributes.Set_Item("comment", $sAMAccountName + "@testschool.net")
    			#$name = $name + $i
    		}
    		#create user using $sAMAccountName and set attributes and assign it to the $user variable
    		New-ADUser -sAMAccountName $sAMAccountName -Name $name -Path $path -otherAttributes $otherAttributes -Enable $true -AccountPassword $password -CannotChangePassword $true -PasswordNeverExpires $true 
    		$user = Get-ADUser -Filter {employeeID -eq $employeeID}
            
    	} elseif (($user.Surname -ne $sn) -or ($user.givenName -ne $givenName)) {
    		#The first or last names were changed in the import source, need to make some changes to the user
    		#find a valid username
    		#This is probably the most inelegant backwards way of doing this, but it works. Feel free to improve
    		$i = 1
    		$sAMSearch = $sAMAccountName
    		while ((Get-ADUser -Filter {sAMAccountName -eq $sAMSearch}) -ne $null) {		
    			$sAMSearch = $duplicate
    			$i++
    		}
    		$i--
    		if ($i -ne 0)
    		#need to update Name, sAMAccountName, UPN and email because of name collison  
    		{
    			$sAMAccountName = $sAMSearch
    			$otherAttributes.Add("sAMAccountName", $sAMAccountName)
    			$otherAttributes.Set_Item("userPrincipalName", $sAMAccountName + "@slater.local")
    			$otherAttributes.Set_Item("mail", $sAMAccountName + "@testschool.net")
    			$otherAttributes.Set_Item("comment", $sAMAccountName + "@testschool.net")
    			$name = $name
    		}
    		Rename-ADObject -Identity $user $name
    		#need to re-key user variable after rename
    		$user = Get-ADUser -Filter {employeeID -eq $employeeID}
    		#Update AD attributes to reflect changes
    		
    		Set-ADUser -Identity $user -replace $otherAttributes -SamAccountName $sAMAccountName
    	} else {
    		#Update AD Attributes for existing user whos name hasn't changed. Unset anything usernamebased first since the username hasn't changed
    		$otherAttributes.Remove("userPrincipalName")
    		$otherAttributes.Remove("mail")
    		$otherAttributes.Remove("comment")  
    		Set-ADUser -Identity $user -replace $otherAttributes
    	}
        
    	#reset the samaccountname variable to what it currently queries out of AD as, probably not necessary
    	$sAMAccountName = $user.SamAccountName
    	#check to see if the DN of the user contains the school name, if not, move it to the correct location
    	$properdn = "OU=$company,"
    	write-host $properdn
    	if ($user.DistinguishedName -notlike "*$properdn*")
    	{
    		Move-ADObject -Identity $user -TargetPath $path
    		$user = Get-ADUser -Filter {employeeID -eq $employeeID}
    	}
            
        # $user = Get-ADUser -Filter {samaccountname -eq $samaccountname}
    
        write $user
        
    
        #Enable or disable a user account. This is determined by whether or not there is a value in the 
        #withdrawal date field. If there is a value student is no longer active and should be disabled
        #if there is no value student is active and should be enabled.
    
        if ($status -ne " "){
    
        Disable-ADAccount -Identity $user}
    
        elseif ($status -like " "){
    
        Enable-ADAccount -Identity $user}
    
    	#Check to see if folders exist on proper server, if not, create them and set permissions.
    	#Used to dynamically pick fileserver based on certain field - $servername = $server.Get_Item($sisline.grade)
        $servername = "fscluster1"
    
    	#The example below assumes student home folders exist on \\fileserver\student$\username structure
    	$homepath = "\\"  + $servername + "\student$\" + $sAMAccountName
    	if ((Test-Path ($homepath)) -ne $true)
    	{
    		#create folder and set permissions
    		#Change DOMAIN below with your AD Domain
    		New-Item -ItemType directory -Path $homepath
    		$acl = Get-Acl $homepath
    		$permission = "slater.local\$sAMAccountName","Modify","ContainerInherit,ObjectInherit","None","Allow"
    		$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
    		$acl.SetAccessRule($accessRule)
    		$acl | Set-Acl $homepath
    	}
    
    	#A quick 100ms pause to make sure the folder has been created and the permissions applied. you may be able to dial that back or remove it entirely	
    	Start-Sleep -m 100
    
    	#Set the users homedrive
    	Set-ADUser -Identity $user -HomeDirectory $homepath -HomeDrive "H:"
    
    	#Add user to site student group and grad year group also a good place to add any other groups you may require
    	#This assumes a security group with the site abbreviation-Students exists and a group called Grad#### exists
    	#It doesn't check to see if the user is already a part of these groups, so it will often print an error stating it can't add them because they already exist
    	$studentgroup1 = $orgunits.Get_Item($sisline.grade)
        #Add students to the correct email distribution group based on grade level.
        $studentgroup2 = $emailgroup.Get_Item($sisline.grade)
    	#$gradgroup = "Grad" + $description
    	Add-ADGroupMember $studentgroup1 $user
        #Add-ADGroupMember $studentgroup2 $user
    	#Add-ADGroupMember ALL_STUDENT $user
    
    }
    
    #rename.ps1
    #Change filename to whatever file needs to be renamed. 
     $fileName = "C:\TEMP\AD_SYNC\DATA\cts export.txt"
    
    # Check the file exists
    # if (-not(Test-Path $fileName)) 
    
    # {break}
    
    # Display the original name
    "Original filename: $fileName"
    
    $fileObj = get-item $fileName
    
    # Get the date
    $DateStamp = get-date -uformat "%Y-%m-%d@%H-%M-%S"
    
    $extOnly = $fileObj.extension
    
    if ($extOnly.length -eq 0) {
       $nameOnly = $fileObj.Name
       rename-item "$fileObj" "$nameOnly-$DateStamp"
       }
    else {
       $nameOnly = $fileObj.Name.Replace( $fileObj.Extension,'')
       rename-item "$fileName" "$nameOnly-$DateStamp$extOnly"
       }
    
    # Display the new name
    #"New filename: $nameOnly-$DateStamp$extOnly"
    
    
    #Sorts files by creation date, skips the top twenty newest files and deletes any older than the top twenty. Folder path and number of 
    #skipped files can be modified to fit your needs.
    Get-ChildItem C:\TEMP\AD_SYNC\DATA\ -Recurse| Where-Object{-not $_.PsIsContainer}| Sort-Object CreationTime -desc| 
        Select-Object -Skip 10| Remove-Item -Force
    

    Here is some of the error messages I get when running the PS script:

    PS C:\TEMP\AD_SYNC> C:\TEMP\AD_SYNC\SISsync.ps1
    New-ADUser : The server is unwilling to process the request
    At C:\TEMP\AD_SYNC\SISsync.ps1:92 char:3
    +         New-ADUser -sAMAccountName $sAMAccountName -Name $name -Path  ...
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (CN=GivenName SN...slater,DC=local:String) [New-ADUse 
       r], ADException
        + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Comman 
       ds.NewADUser
     
    OU=,
    Move-ADObject : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a 
    valid value for the argument, and then try running the command again.
    At C:\TEMP\AD_SYNC\SISsync.ps1:137 char:27
    +         Move-ADObject -Identity $user -TargetPath $path
    +                                 ~~~~~
        + CategoryInfo          : InvalidData: (:) [Move-ADObject], ParameterBindingValidationExcepti 
       on
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Manageme 
       nt.Commands.MoveADObject
     
    Disable-ADAccount : Cannot validate argument on parameter 'Identity'. The argument is null. 
    Provide a valid value for the argument, and then try running the command again.
    At C:\TEMP\AD_SYNC\SISsync.ps1:152 char:33
    +     Disable-ADAccount -Identity $user}
    +                                 ~~~~~
        + CategoryInfo          : InvalidData: (:) [Disable-ADAccount], ParameterBindingValidationExc 
       eption
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Manageme 
       nt.Commands.DisableADAccount
     
    Set-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a 
    valid value for the argument, and then try running the command again.
    At C:\TEMP\AD_SYNC\SISsync.ps1:180 char:23
    +     Set-ADUser -Identity $user -HomeDirectory $homepath -HomeDrive "H ...
    +                          ~~~~~
        + CategoryInfo          : InvalidData: (:) [Set-ADUser], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Manageme 
       nt.Commands.SetADUser


    Tuesday, January 22, 2019 9:13 PM

Answers

  • Here is the part of the script that seems to always disable the AD accounts when they are created since if I remove this section the accounts will remain enabled:

    #Enable or disable a user account. This is determined by whether or not there is a value in the #withdrawal date field. If there is a value student is no longer active and should be disabled #if there is no value student is active and should be enabled. if ($status -ne " "){ Disable-ADAccount -Identity $user} elseif ($status -like " "){ Enable-ADAccount -Identity $user}

    I'll make sure to change that enable to enabled just to get it cleaned up as well.

    Thanks!

    Very badly written code.

    This is the correct syntax for an if/else.:

    if($status){
        Enable-ADAccount -Identity $user
    } else{
        Disable-ADAccount -Identity $user
    }


    \_(ツ)_/

    • Marked as answer by NMarsh Wednesday, January 23, 2019 2:53 PM
    Tuesday, January 22, 2019 10:57 PM

All replies

  • Well i guess noone will fix the code you found on internet.. but i see something..   for example

    $user = Get-ADUser -Filter {employeeID -eq $employeeID}

    If none user is found, rest of following code will throw an error.  U have to implement try/catch statement, or just simply check if $user is populated.

    $user = Get-ADUser -Filter {employeeID -eq $employeeID}
    if ($user) {
    .. run rest of the code
    }

    Only post the part of the code u think its failing, the error .... What u posted is messy

    Tuesday, January 22, 2019 9:28 PM
  • Thanks for looking into this Mekac. I know it is messy to post the entire thing but wanted to give an idea of what all is going on.

    I understand that $user would be null if there is no match with the employee ID (and that would generate an error message for that line) but I don't believe that is the underlying problem. I will compare this script (that I have modified) with the original as I believe it worked properly as far as looking for a user based on employee ID and if that didn't exist then create a new user account. 

    There have been some changes made from the original to fit our needs but the main, underlying structure of the script has stayed the same so I am thinking it must have been something simple that I am doing wrong.

    Again, I greatly appreciate you taking the time to even look it over at all and post a reply even though it is such a mess.

    In the current state this script will create new AD accounts and do everything it is suppose to except all of the accounts will be in the disabled state regardless of the data in the "status" field

    Thanks again!

    Tuesday, January 22, 2019 9:58 PM
  • In your new-aduser part u have parameter Enable instead of Enabled

    -Enable $true (should be -Enabled $true)



    • Edited by Mekac Tuesday, January 22, 2019 10:13 PM
    Tuesday, January 22, 2019 10:06 PM
  • In your new-aduser part u have parameter Enable instead of Enabled

    -Enable $true (should be -Enabled $true)



    Doesn't matter.  The Parameter will resolve if enough letters are unique. This is basic to how PowerShell handles parameters.

    Example:

     Get-ChildItem -pa c:\ -i *.txt

    Try it.

    This is probably a better example:

    Get-ChildItem -pa C:\Windows\* -I *.dll


    \_(ツ)_/



    • Edited by jrv Tuesday, January 22, 2019 10:26 PM
    Tuesday, January 22, 2019 10:22 PM
  • In your new-aduser part u have parameter Enable instead of Enabled

    -Enable $true (should be -Enabled $true)



    Doesn't matter.  The Parameter will resolve if enough letters are unique. This is basic to how PowerShell handles parameters.

    Example:

     Get-ChildItem -pa c:\ -i *.txt

    Try it.

    This is probably a better example:

    Get-ChildItem -pa C:\Windows\* -I *.dll


    \_(ツ)_/



    Ah.. u right.. totally forgot these shortcuts .. 
    Tuesday, January 22, 2019 10:33 PM
  • However, when publishing scripts, I recommend letting auto-complete enter the correct full parameter name.

    \_(ツ)_/

    Tuesday, January 22, 2019 10:35 PM
  • Here is the part of the script that seems to always disable the AD accounts when they are created since if I remove this section the accounts will remain enabled:

    #Enable or disable a user account. This is determined by whether or not there is a value in the #withdrawal date field. If there is a value student is no longer active and should be disabled #if there is no value student is active and should be enabled. if ($status -ne " "){ Disable-ADAccount -Identity $user} elseif ($status -like " "){ Enable-ADAccount -Identity $user}

    I'll make sure to change that enable to enabled just to get it cleaned up as well.

    Thanks!

    Tuesday, January 22, 2019 10:53 PM
  • Ye .. i was about to post the same thing that u should comment out this part of the code and see what happens. 
    Tuesday, January 22, 2019 10:56 PM
  • Here is the part of the script that seems to always disable the AD accounts when they are created since if I remove this section the accounts will remain enabled:

    #Enable or disable a user account. This is determined by whether or not there is a value in the #withdrawal date field. If there is a value student is no longer active and should be disabled #if there is no value student is active and should be enabled. if ($status -ne " "){ Disable-ADAccount -Identity $user} elseif ($status -like " "){ Enable-ADAccount -Identity $user}

    I'll make sure to change that enable to enabled just to get it cleaned up as well.

    Thanks!

    Very badly written code.

    This is the correct syntax for an if/else.:

    if($status){
        Enable-ADAccount -Identity $user
    } else{
        Disable-ADAccount -Identity $user
    }


    \_(ツ)_/

    • Marked as answer by NMarsh Wednesday, January 23, 2019 2:53 PM
    Tuesday, January 22, 2019 10:57 PM
  • Note that matching an empty string that way will always cause the control structure to fail the test.

    You cannot match an empty string with a space.  An empty string is ALWAYS false.

    This code will always execute and disable the accout:

    if ($status -ne " "){
       
    Disable-ADAccount -Identity$user}

    The code I posted above is how to do this programmatically.


    \_(ツ)_/



    • Edited by jrv Tuesday, January 22, 2019 11:01 PM
    Tuesday, January 22, 2019 10:59 PM
  • Thanks! That code for enabling/disabling the account worked great!

    Now if I could just figure out why it won't create a different username if there is already an account with the same username everything would be working great!

    #Set the username example below is gradyear+firstinitial+lastname. If a duplicate is found the format will be gradyear+firstthreeletters+lastname.
        $sisline.givenname | ForEach-Object {$firstinitial = $_[0]}
        $givenname = $sisline.givenname
        # $dup variable gets the first three letters of the students first name to use if a duplicate SAMaccountname is found.
        $dup = $sisline.givenname.Substring(0,3)
        $duplicate = $orgunits.Get_Item($sisline.Grade) + $dup + $sisline.sn

    #Check if student exists
    	#THIS IS WHERE IT GETS TERRIBLY SLOW IF YOU HAVEN'T ADDED EMPLOYEEID TO THE LIST OF INDEXED AD ATTRIBUTES. STRONGLY CONSIDER THIS.
    	$user = Get-ADUser -Filter {employeeID -eq $employeeID}
    
    	if ($user -eq $null) {
    		#student doesn't exist, create them
    		#find a valid username
    		#This is probably the most inelegant backwards way of doing this, but it works. Feel free to improve
    		$i = 1 
       		$sAMSearch = $sAMAccountName
    		while ((Get-ADUser -Filter {sAMAccountName -eq $sAMSearch}) -ne $null) {		
    			$sAMSearch = $duplicate
    			$i++
    		}
    		$i--
    		if ($i -ne 0) {
    		#name was taken, update constants to reflect new name formart gradyearfirstthreelastname
    			$sAMAccountName = $sAMSearch
    			$otherAttributes.Set_Item("userPrincipalName", $sAMAccountName + "@slater.local")
    			$otherAttributes.Set_Item("mail", $sAMAccountName + "@testschool.net")
    			$otherAttributes.Set_Item("comment", $sAMAccountName + "@testschool.net")
    			#$name = $name + $i
    		}
    		#create user using $sAMAccountName and set attributes and assign it to the $user variable
    		New-ADUser -sAMAccountName $sAMAccountName -Name $name -Path $path -otherAttributes $otherAttributes -Enabled $true -AccountPassword $password -CannotChangePassword $true -PasswordNeverExpires $true 
    		$user = Get-ADUser -Filter {employeeID -eq $employeeID}

    If I should create a new post for this issue let me know and I can gladly do so.

    Tuesday, January 22, 2019 11:45 PM
  • Here you have to extract the problem code and test it by itself until it does what you want.


    \_(ツ)_/

    Tuesday, January 22, 2019 11:48 PM
  • By the way, there are scripts in the gallery that already do what you are trying to do.


    \_(ツ)_/

    Tuesday, January 22, 2019 11:49 PM
  • By the way, there are scripts in the gallery that already do what you are trying to do.


    \_(ツ)_/

    I have looked for some before I found this one online but didn't really have any luck.

    Looking for something that takes data from CSV file uploaded on daily basis to:

    -create new AD account if it does not already exist

    -look for duplicate usernames before creating new account

    -update existing accounts with name changes, etc

    -Enable/disable account based on status field

    -create user folder and assign permissions

    -add user to specified groups

    I'm definitely not saying there aren't some out there already that will do all of that, just didn't find them. Seems I could always find some that would do bits and pieces but not all and with my limited PS experience I wasn't able to piece them together very well.

    I do greatly appreciate all the help so far as I am learning a lot.

    Wednesday, January 23, 2019 12:01 AM
  • I will check them out again and see what I can find. Thanks for the link and all your help!

    Wednesday, January 23, 2019 12:29 AM
  • Hi,

    Just checking in to see if the information provided was helpful. 
    Please let us know if you would like further assistance.

    Best Regards,
    Lee

    Just do it.

    Wednesday, January 23, 2019 3:20 AM
  • Yes, I believe that has resolved the issue with the accounts being disabled upon creation. I'm still working on the name duplication issue but I will continue to work on that myself and if I can't get it I'll create a new post.

    Thanks again for all the help/guidance!

    Nathan

    Thursday, January 24, 2019 5:30 PM
  • Start with test function:

    function Get-NewAdAccountName{
        param(
            $RequestedName
        )
        
        #add code to create test and return the new name
    }
    
    

    Put the code that alters the name and test.  You can sit at a prompt and test and debug as long you need to.


    \_(ツ)_/

    Thursday, January 24, 2019 6:56 PM