Scripting creation of a new user from a template

Hello all, this is my first post, thank you for your time in reading in advance.

I am trying to automate our new user creation process through powershell/the active roles module and I am having some issues with the scripting to do so. Is there any documentation or a complete example script of a new user creation based on a template? I have found the copy.ps1 script in the SDK but I'm getting some errors just trying to create a test user account from a profile. I made it past a few of them but seem to have hit a wall on this error. Any help with this specifically, an example script that is known to be working, or a white paper on the module would be greatly appreciated. 

Error I am seeing:

Exception calling "SetInfo" with "0" argument(s): "Corporate policy violation. The 'Logon Name (pre-Windows 2000)' property value does not conform to corporate policy.
The specified value 'DOMAIN\username' does not conform to policy requirements.

I have tried "username" only in this field as well.

Code is the default copy.ps1 script from the SDK with just the variables it lists modified to match my company environment. 

  • Hi Fred

    The error you're getting here is to do with the samAccountName value being specified in your script. It is likely that either the username already exists, or that the Administration Policy linked to the OU or container where you're trying to copy the account to, has a rule about how the samAccoutName must be formed (IE must be 1 character from the firstname, 7 from the last name, and then optionally a numeric number.

    I modified the OOTB copy.ps1 script in the SDK, to make use of a CSV file. The CSV file format was a below:


    The PowerShell code I used was as below:

    # -----------------------------------
    # -----------------------------------
    # Before using the script, modify the following constants
    # PAth to a CSV file containing your users
    $ImportPath = "$($env:USERPROFILE)\Desktop\NewUsers.csv"
    # DN of the object to be copied
    $ReferenceUserDN = "CN=TemplateUser,OU=Users,DC=contoso,DC=com"
    $UPNSuffix = ""
    # Processing
    # Import the list of users
    $SourceData = Import-csv -Path $ImportPath
        # Bind to source user
        $SourceUser = [ADSI]"EDMS://$ReferenceUserDN"
        #Bind to the source user's parent container
        $ContainerObject = [ADSI]$SourceUser.Parent
    ForEach($User in $SourceData)
        Write-Host "$($SourceData.IndexOf($NewUser)+1)\$($SourceData.Count) - Creating $($User.USerName)"
        #Copy the source user
        $NewUser = $ContainerObject.CopyHere("EDMS://$ReferenceUserDN", "CN=$($User.UserName)")
        #Set the newly created user's properties
        $NewUser.Put("givenName", "$($User.FirstName)")
        $NewUser.Put("sn", "$($User.LastName)")
        $NewUser.Put("sAMAccountName", "$($User.UserName)")
        $NewUser.Put("userPrincipalName", "$($User.UserName)@$UPNSuffix")
        $NewUser.Put("edsaPassword", "$($User.Password)")
         #Commit changes

    You would need to modify the following paramters:

    • $ImportPath (Currently in the script above is looking for a file call NewUsers.csv on the desktop of the user running the script, you can change this to the file path and file name you wish)
    • $ReferenceUserDN (This would be your user you're copying from)
    • $UPNSuffix (This would be your part after the @ in the userPrincipalName field)

    I've run this in my test lab and works as expected. You could add extra columns into the CSV, and therefore populate additional properties of the user objects you're creating. You could also write functions in the script to generate unique passwords for each user, or generate a unique samAccountName, UPN, CN etc.

    Hope this helps.