• State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 2156 views
  • Users 0 members are here
Options
Related

Scripting creation of a new user from a template

fred weckerling
over 4 years ago

Hello all, this is my first post, thank you for your time in reading in advance.

I am trying to automate our new user creation process through powershell/the active roles module and I am having some issues with the scripting to do so. Is there any documentation or a complete example script of a new user creation based on a template? I have found the copy.ps1 script in the SDK but I'm getting some errors just trying to create a test user account from a profile. I made it past a few of them but seem to have hit a wall on this error. Any help with this specifically, an example script that is known to be working, or a white paper on the module would be greatly appreciated. 

Error I am seeing:

Exception calling "SetInfo" with "0" argument(s): "Corporate policy violation. The 'Logon Name (pre-Windows 2000)' property value does not conform to corporate policy.
The specified value 'DOMAIN\username' does not conform to policy requirements.

I have tried "username" only in this field as well.

Code is the default copy.ps1 script from the SDK with just the variables it lists modified to match my company environment. 

  • 0 over 4 years ago

    Hi Fred

    The error you're getting here is to do with the samAccountName value being specified in your script. It is likely that either the username already exists, or that the Administration Policy linked to the OU or container where you're trying to copy the account to, has a rule about how the samAccoutName must be formed (IE must be 1 character from the firstname, 7 from the last name, and then optionally a numeric number.

    I modified the OOTB copy.ps1 script in the SDK, to make use of a CSV file. The CSV file format was a below:

    FirstName,LastName,Password,username
Test9,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9999
Test8,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9998
Test7,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9997
Test6,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9996
Test5,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9995
Test4,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9994
Test3,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9993
Test2,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9992
Test1,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9991
Test0,Test,AV3ryR4nd0mP4ssw0rd1!,TestUser9990

    The PowerShell code I used was as below:

    Clear-Host
# -----------------------------------
# PARAMETERS OF SCRIPT YOU MAY MODIFY
# -----------------------------------
# Before using the script, modify the following constants
# PAth to a CSV file containing your users
$ImportPath = "$($env:USERPROFILE)\Desktop\NewUsers.csv"
# DN of the object to be copied
$ReferenceUserDN = "CN=TemplateUser,OU=Users,DC=contoso,DC=com"
$UPNSuffix = "contoso.com"

#---------------------------------------------------------------------------------
# Processing

# Import the list of users
$SourceData = Import-csv -Path $ImportPath

try
{
    # Bind to source user
    $SourceUser = [ADSI]"EDMS://$ReferenceUserDN"
    #Bind to the source user's parent container
    $ContainerObject = [ADSI]$SourceUser.Parent
}
catch
{
    return
}

ForEach($User in $SourceData)
{
    Write-Host "$($SourceData.IndexOf($NewUser)+1)\$($SourceData.Count) - Creating $($User.USerName)"
    #Copy the source user
    $NewUser = $ContainerObject.CopyHere("EDMS://$ReferenceUserDN", "CN=$($User.UserName)")

    #Set the newly created user's properties
    $NewUser.Put("givenName", "$($User.FirstName)")
    $NewUser.Put("sn", "$($User.LastName)")
    $NewUser.Put("sAMAccountName", "$($User.UserName)")
    $NewUser.Put("userPrincipalName", "$($User.UserName)@$UPNSuffix")
    $NewUser.Put("edsaPassword", "$($User.Password)")
     #Commit changes
    $NewUser.SetInfo()
}

    You would need to modify the following paramters:

    • $ImportPath (Currently in the script above is looking for a file call NewUsers.csv on the desktop of the user running the script, you can change this to the file path and file name you wish)
    • $ReferenceUserDN (This would be your user you're copying from)
    • $UPNSuffix (This would be your part after the @ in the userPrincipalName field)

    I've run this in my test lab and works as expected. You could add extra columns into the CSV, and therefore populate additional properties of the user objects you're creating. You could also write functions in the script to generate unique passwords for each user, or generate a unique samAccountName, UPN, CN etc.

    Hope this helps.

    Cheers

    Stu