none
New-ADUser workaround for EmployeeType? RRS feed

  • Question

  • I'm creating a script that bulk adds users to Active Directory from an imported csv file. The New-ADUser cmdlet does not have the ability to set the hidden "EmployeeType" attribute. I've tried some workarounds with the OtherAttributes, but none have been successful. Many of my security and distribution list additions (not shown in code below) hinge off this attribute.

    Does anyone know a method/workaround in PowerShell where I can set this attribute correctly? Any help, of course, would be greatly appreciated. Thanks!

    # Add AD Module 
    Import-Module ActiveDirectory 
    
    $UserList = Import-Csv -Path "C:\Temp\employeelist.csv"            
    foreach ($User in $UserList)            
    {            
        $Displayname = $User.'Firstname' + " " + $User.Lastname            
        $UserFirstname = $User.'Firstname'            
        $UserLastname = $User.'Lastname'            
        $OU = $User.'OU'            
        $SAM = $User.'SAM'            
        $UPN = $User.'Firstname' + "." + $User.'Lastname' + "@" + $User.'Maildomain'            
        $Description = $User.'Description'            
        $Password = $User.'Password' 
        $Office = $User.'Office' 
        $HomeDirectory = $User.'HomeDirectory'
        $HomeDrive = $User.'HomeDrive' 
        $OtherAttributes = @{'EmployeeType' = $User.'EmployeeType'} 
                 
        New-ADUser -Name "$Displayname" -DisplayName "$Displayname" -SamAccountName $SAM -UserPrincipalName $UPN -GivenName "$UserFirstname" -Surname "$UserLastname" -Description "$Description" -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Path "$OU" -ChangePasswordAtLogon $true –PasswordNeverExpires $false -Enabled $true -server dc1.mydomain -Office $Office -HomeDirectory $HomeDirectory -HomeDrive $HomeDrive -OtherAttributes $OtherAttributes
        

    Friday, June 5, 2015 10:34 PM

Answers

  • I just ran that code on a 2008R2 domain and it works with no issue using your CSV.

    $UserList = Import-Csv C:\Temp\employeelist.csv      
    
    
    foreach ($User in $UserList){            
        New-ADUser $user.Sam -OtherAttributes @{EmployeeType=$user.EmplType}
    }
    


    \_(ツ)_/

    • Marked as answer by David Bolton Sunday, June 7, 2015 5:30 PM
    Saturday, June 6, 2015 11:18 PM

All replies

  • Perhaps try (in part):

    $EmplType = $user.EmployeeType
    -OtherAttributes @{'EmployeeType'="$EmplType"}

    Richard Mueller - MVP Directory Services

    • Marked as answer by David Bolton Saturday, June 6, 2015 9:14 PM
    • Unmarked as answer by David Bolton Saturday, June 6, 2015 10:02 PM
    • Proposed as answer by Bob22212 Friday, November 17, 2017 5:26 PM
    • Unproposed as answer by Bob22212 Friday, November 17, 2017 5:26 PM
    Friday, June 5, 2015 10:49 PM
    Moderator
  • I've tried similar, and plugged your code in as:

    code excerpt
    ...
    $HomeDrive = $User.'HomeDrive'
    $EmplType =$User.'EmployeeType'
    
    New-ADUser -Name $DisplayName...-OtherAttributes @{'EmployeeType'="$EmplType"}
    But this throws an exception "New-ADUser : The server is unwilling to process the request". Same as before.

    Friday, June 5, 2015 11:21 PM
  • Your new-aduser command is incorrect. 

    $EmplType =$User.EmployeeType
    New-ADUser -Name$DisplayName -OtherAttributes @{EmployeeType=$EmplType}

    The above works always as long as the value is not null or empty.


    \_(ツ)_/


    • Edited by jrv Friday, June 5, 2015 11:48 PM
    • Proposed as answer by jrv Saturday, June 6, 2015 9:23 PM
    • Unproposed as answer by David Bolton Saturday, June 6, 2015 10:03 PM
    Friday, June 5, 2015 11:46 PM
  • Thanks for the reply. The values under the -OtherAttributes (in the header of the .csv file) are not null or empty, they are either Licensed, Classified, Confidential, Supervisory or Administrator and all fields are filled in for over 800 accounts.

    What am I missing?

    Thanks -D

    Saturday, June 6, 2015 4:09 PM
  • The CSV file has a header called "OtherAttributes"?  Why?  The header must be "EmplType"

    \_(ツ)_/

    • Marked as answer by David Bolton Saturday, June 6, 2015 9:14 PM
    • Unmarked as answer by David Bolton Saturday, June 6, 2015 10:02 PM
    Saturday, June 6, 2015 5:16 PM
  • That worked.

    Thanks!

    • Marked as answer by David Bolton Saturday, June 6, 2015 9:14 PM
    • Unmarked as answer by David Bolton Saturday, June 6, 2015 9:14 PM
    Saturday, June 6, 2015 9:14 PM
  • That worked.

    Thanks!

    What worked?

    Your reaction to an answer is not an answer.  Only mark posts that are the answer or that pointed at the answer.  If it help then say what it was that you did to implement the solution.  Remember that this forum is also to help others find solutions.


    \_(ツ)_/

    Saturday, June 6, 2015 9:22 PM
  • @JRV

    You stated "The header must be "EmplType"" I changed it and it worked.

    Rather particular fellow you are JRV ;-P

    Saturday, June 6, 2015 9:35 PM
  • That was in no way clear from your statements.

    \_(ツ)_/

    Saturday, June 6, 2015 9:44 PM
  • And...I spoke too soon.

    The script set "EmplType" as the employeeType for my test run user, not "Licensed" as I have in the EmplType field for this user.

    This is frustrating. To revisit:

    In my foreach section I have:

    foreach ($User in $UserList)
    {
       $EmplType = $User.'EmployeeType'
    

    In my New-ADUser command section I have:

    -OtherAttributes @{'EmployeeType'="$EmplType"}

    And in my .csv file I have:

    EmplType 
    "Licensed" 

    EmplType is the header and "Licensed" is just one of the fields in this column.

    Running the script with: -OtherAttributes @{'EmployeeType'="$EmplType"} throws the error "The server is unwilling to process the request"

    Running the script with -OtherAttributes @{'EmployeeType'=$EmplType} (note the no quotes on EmplType) throws the error "Cannot validate argument on parameter -OtherAttributes. The argument is null..."

    If I run the script with: -OtherAttributes @{'EmployeeType'="Licensed") the script runs without error and sets the value on the user correctly.

    This is not what I want. If I did it this way I'd have to write a separate script for each employeeType.

    I want to parse the .csv file where I have five different values for 800 employees. What am I doing incorrectly?

    Saturday, June 6, 2015 10:01 PM
  • You marked this as answer4ed and now you are saying it isn't answered.  Why?

    If you CSV has a column called "EmplType" tjhen this is how you do it

    $UserList = Import-Csv C:\Temp\employeelist.csv      
    foreach ($User in $UserList){            
        $EmplType =$User.EmployeeType 
         New-ADUser $user.Sam -OtherAttributes @{EmployeeType=$EmplType}
    }
    

    There is no need for quotes on anything.  Perhaps you do not have a real CSV file. Post a sample of the first two or three lines of your file.  The file must be exactly structured with no mistakes or extra/missing commas.  Every row must have an identical number of fields and no fields can contain commas without being in quotes.


    \_(ツ)_/


    • Edited by jrv Saturday, June 6, 2015 10:14 PM
    Saturday, June 6, 2015 10:14 PM
  • This also would work but I skipped it to prevent confusion.

    New-ADUser$user.Sam -OtherAttributes @{EmployeeType=$user.EmplType}


    \_(ツ)_/



    • Edited by jrv Saturday, June 6, 2015 10:16 PM
    Saturday, June 6, 2015 10:16 PM
  • CSV header and fields. formatting may be off here as this text box isn't expanding correctly.

    Firstname,Lastname,Maildomain,SAM,OU,Password,Description,Office,HomeDirectory,HomeDrive,EmplType

    John,Brown,mymaildomain.org,john.brown,"OU=_New,OU=Staff,DC=my,DC=mail,DC=domain,DC=com","P@ssw0rd10",

    "Some School Staff","Some School",\\server\share\%username%,"P:",Licensed

    John,Green,mymaildomain.org,john.gree,"OU=_New,OU=Staff,DC=my,DC=mail,DC=domain,DC=com","P@ssw0rd10",

    "Some School Staff","Some School",\\server\share\%username%,"P:",Classified

    John,Blue,mymaildomain.org,john.blue,"OU=_New,OU=Staff,DC=my,DC=mail,DC=domain,DC=com","P@ssw0rd10",

    "Some School Staff","Some School",\\server\share\%username%,"P:",Confidential


    Saturday, June 6, 2015 10:59 PM
  • Those records all look good.  For those the following line will work as long as SAM and EmplType are never blank

    New-ADUser$user.Sam -OtherAttributes @{EmployeeType=$user.EmplType}


    \_(ツ)_/

    Saturday, June 6, 2015 11:09 PM
  • I just ran that code on a 2008R2 domain and it works with no issue using your CSV.

    $UserList = Import-Csv C:\Temp\employeelist.csv      
    
    
    foreach ($User in $UserList){            
        New-ADUser $user.Sam -OtherAttributes @{EmployeeType=$user.EmplType}
    }
    


    \_(ツ)_/

    • Marked as answer by David Bolton Sunday, June 7, 2015 5:30 PM
    Saturday, June 6, 2015 11:18 PM
  • Not sure what I was missing JRV.

    I used the ISE (with intellisense on) to rewrite this one line of code and sure enough adding @{'EmployeeType'=$User.Empltype} worked flawlessly (on a Server 2012 R2 domain).

    I know you said I didn't need any of the quotes, but for my script to run, I must single quote all my variable's values. There is either an MSDN or MS Blog post somewhere that explains changing these values for the script to run. If I find it again, I will post it back.

    Thanks a ton for your patience!

    Sunday, June 7, 2015 5:30 PM
  • No - what needs to be quotes is in a  filter when you use a variable like this:

    -Filter "EmployeetType='$EmplType'"

    That requires single quotes and has always required single quotes on all versions of Windows and PowerShell.  If the attribute is numeric then you don't use quotes:

    $uid=1234
    -Filter "uidNumber=$uid"


    \_(ツ)_/

    Sunday, June 7, 2015 7:17 PM
  • The help for New-ADUser states the following:

    ==== quote ====

    Property values that are not associated with cmdlet parameters can be set by using the OtherAttributes parameter. When using this parameter be sure to place single quotes around the attribute name as in the following example.

    New-ADUser -SamAccountName "glenjohn" -GivenName "Glen" -Surname "John" -DisplayName "Glen John" -Path 'CN=Users,DC=fabrikam,DC=local' -OtherAttributes @{'msDS-PhoneticDisplayName'="GlenJohn"}


    Richard Mueller - MVP Directory Services

    Sunday, June 7, 2015 7:40 PM
    Moderator
  • It is not necessary to plade quotes around the key except when it has spaces. It is a hash table;

    Read the help and test correctly:

    https://technet.microsoft.com/en-us/library/hh847780.aspx

    Explicit that only when a space is in a key name then you would need quotes.  Adding quotes is not going to cause a problem but they are not necessary.  I never use them except in the odd case.

    The quotes I was talking about were the quotes placed around the value item.  They can cause issues and are never needed for simple string values. Again.  Sometimes they will not cause issues but when they do you will have a hard time discovering what is wrong.


    \_(ツ)_/

    Sunday, June 7, 2015 7:44 PM
  • The help for New-ADUser states the following:

    ==== quote ====

    Property values that are not associated with cmdlet parameters can be set by using the OtherAttributes parameter. When using this parameter be sure to place single quotes around the attribute name as in the following example.

    New-ADUser -SamAccountName "glenjohn" -GivenName "Glen" -Surname "John" -DisplayName "Glen John" -Path 'CN=Users,DC=fabrikam,DC=local' -OtherAttributes @{'msDS-PhoneticDisplayName'="GlenJohn"}


    Richard Mueller - MVP Directory Services

    It may say that in the help but I never do that and have never had an issue.  I also retested with this exact example in this thread and it works without any quotes on the attribute name.

    It is a hash and is passed as a hash.  Only the rules of a hashtable are required.


    \_(ツ)_/

    Sunday, June 7, 2015 8:06 PM
  • And the error I was getting without the single quote was "Error: New-ADUser: The object name has a bad syntax."

    Here is the article that I mentioned; it explains removing the -delimeter (which I had originally) and placing values in single quotes, which worked for me.

    Again, thanks JRV and RM for pointing me in the right direction to get a workable script.

    Sunday, June 7, 2015 8:52 PM
  • Delimiter ahs nothing to do with New-AdUser.  The article appears to be completely bogus.  The example of the CSV is pipe delimited and poster claims removing -delimiter fixes the issue.  That is compete nonsense unless user has change default delimiter to a pipe character.  The article says nothing about hash table format.


    \_(ツ)_/

    Sunday, June 7, 2015 9:47 PM