Hey,
I need to create a large number of generic user accounts.
I created a really simple PowerShell script that does the following
- Generates a random password.
- Stores this password in our password manager by user.
- Creates a new user account using New-QADUser.
When I was testing this by just creating a single account, outside of any sort of loop, it worked perfectly.
When I tried the same logic inside of a loop, everything works the same except for one step. The password in ARS/AD is wrong.
I use the following command to create the new user:
# Connect to ARS
$pw = read-host "Enter password" -AsSecureString
Try
{
Connect-QADService -service '<ARS Servere>' -proxy -ConnectionAccount '<User Name>' -ConnectionPassword $pw | Out-Null
}
Catch
{
Write-Host "Learn how to type your password correctly"
Break
}
# Import our password generation script to be used to generate paswords
Import-Module -DisableNameChecking <Password Generation Script>
# Import the list of work centers
$wcNumbers = Import-Csv -Path '<Path to User Details CSV>\wc_numbers.csv'
# Assign ticket associated to the creation of all of these accounts.
$ticket = "134986"
# Prepare for log collection
$logCollection = @()
# Function used to store password in password PasswordState
function storePassword
{
# - This function accepts two parameters
# - Title = Title of password in PasswordState
# - Name = User name
param
(
[Parameter(Mandatory = $false)]
[string]$title,
[string]$uName,
[string]$pwd
)
$pwd = Create-Password
# PowerShell Request
#JSON data for the object
$jsonData = '
{
"PasswordListID":"<blank>",
"Title":"' + $title + '",
"UserName":"' + $uName + '",
"Description":"<blank>",
"ADDomainNetBIOS":"<blank>",
"AccountType":"<blank>",
"password":"' + $pwd + '",
"APIKey":"<blank>"
}
'
$passwordServiceUrl = '<blank>'
$global:result = $null
try
{
$global:result = Invoke-Restmethod -Method Post -Uri $passwordServiceUrl -ContentType "application/json" -Body $jsonData
Write-Host $result
}
catch
{
$errorMessage = $_.Exception.Message
if (Get-Member -InputObject $_.Exception -Name 'Response') {
try {
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
} catch {
throw "An error occurred while calling REST method at: $url. Error: $errorMessage. Cannot get more information."
break
}
}
throw "An error occurred while calling REST method at: $url. Error: $errorMessage. Response body: $responseBody"
break
}
}
# Begin loop for work centers
ForEach ( $wc in $wcNumbers )
{
# Uncomment to test single account
#If ( $wc.WC_Number -eq "53" )
#{
# Figure out the location of the work center
switch ( $wc.Location )
{
"location1" { $wcLocation = "local1" }
"location2" { $wcLocation = "local2" }
"location3" { $wcLocation = "local3" }
}
# Generate account attributes
$wcNewUserFirstName = ("Wc" + $wc.WC_Number + $wcLocation)
$wcNewUserLastName = "User"
$wcNewUserSamAccountName = $wcNewUserFirstName.ToLower() + "." + $wcNewUserLastName.ToLower()
# Write something to terminal. Only for seeing progress.
Write-Host "Working on $wcNewUserSamAccountName"
# Generate unique password
$pwd = Create-Password
# Store password and user in PasswordState
storePassword -title "$wcNewUserFirstName $wcNewUserLastName" -uName "$wcNewUserSamAccountName" -pwd "$pwd"
# Prepare parameters for the new user account creation
$newQADUser = @{
ParentContainer = "OU=someOU,DC=local,DC=domain"
Name = "$firstname $lastname"
userprincipalname = "$userprincipalname"
UserPassword = "$pwd"
Email = "$userSamAccountName@yourdomain.com"
SamAccountName = "$userSamAccount"
DisplayName = "$firstname $lastname"
Description = "Ticket #$ticket"
FirstName = "$firstname"
LastName = "$lastname"
}
# Create user in ARS/AD
New-QADUser @newQADUser
Set-QADUser -Identity "$wcNewUserSamAccountName" -PasswordNeverExpires $TRUE
# Collect some simple details about the process and dump to a CSV.
$object = New-Object PSObject
$object | Add-Member -MemberType NoteProperty -Name "User Name" -Value "$wcNewUserFirstName $wcNewUserLastName"
$object | Add-Member -MemberType NoteProperty -Name "Work Center" -Value $wc.WC_Number
$object | Add-Member -MemberType NoteProperty -Name "Location" -Value $wc.Location
$logCollection += $object
#} Uncomment to test single account
}
# Write to log file
$LogCollection | Export-Csv "<Path to log>\Accounts Created.csv" -NoTypeInformation
# Disconnect from ARS
Disconnect-QADService
The loop I have basically just brings in the information for the user accounts, and then loops through each user executing the code above. There is more to the script that isn't shown here, but it all works as intended. The user gets created in ARS/AD, but the password doesn't get set properly in ARS/AD.
If I take this same code, and hardcode the values, and execute it, the password is set properly.
The script doesn't output any errors and I know that the passwords that are being generated meet our password policies.
Any ideas on what I can do to try and understand why the password doesn't get set properly when this code exists in a loop?
Regards,
Todd
