Solved

How to control/validate the creation of AD users with same lastname and same first initial on firstname ?

Posted on 2013-06-05
16
649 Views
Last Modified: 2013-06-05
Hello,
Let say in AD, I have the following scenarios:
Scenario 1: (Easier to be controlled)
User in AD:
DaSilva, Neymar, dasilvan
New User to be created:
DaSilva, Nancy, dasilvan1

Scenario 2:
Users in AD
DaSilva, Neymar, dasilvan
DaSilva, Nancy, dasilvan1
New User to be created: (Tricky)
DaSilva, Noreen, dasilvan2

Question, how do i know that the new user to be created I had to add a 2, 3, 4, 5 etc, etc as a suffix ?

Do i have split the user and find out the last digit or last two digits ?

Thanks for your help,
0
Comment
Question by:namerg
  • 9
  • 7
16 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39223384
You can try something like..
$Name = "Subsun"
$SName = $Name
$Count = 0
While ((Get-ADUser -Identity $Name -ea SilentlyContinue) -ne $null)
{
  $Count++
  $Name  = $SName + $Count
}
$Name

Open in new window

0
 

Author Comment

by:namerg
ID: 39223629
Hmm, not working...it worked the fist run but afterwards did not.  
In Master File:
Morgan,Alex,Seattle Sounders,3044
Morgan,Anna, Seattle Sounders,3052
Morgan,Anna, Seattle Sounders,3053
In AD, i have:
Morgan, Alex, morgana,3044
Morgan, Anna, morgana1 (First run creation)
CODE:
 Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
  Catch { }
If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
       	$setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
       		$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
       		if (!($existsSAM)) {
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
			Else {
       			$Count++
       			$sam =  $sam + $Count
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
       	}
       	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

The problem is that it wants to create one more time morgana user and add the suffix, it should not.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223649
You have not even used my logic in this script which you posted... So how can you say it's not working.. :-)..

I am in a middle of work.. Give me sometime, I will try to modify the code for you..
0
 

Author Comment

by:namerg
ID: 39223679
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null) 

Open in new window

0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 500 total points
ID: 39223682
Try..
Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
     $setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223710
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
In your code it check the samaccountname only once..

The code which I posted has a while loop which does the trick..
0
 

Author Comment

by:namerg
ID: 39223720
Hmm, got the following error:
ERROR: Get-ADUser : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:27 char:22
While ((Get-ADUser <<<<  -Identity $sam -ea SilentlyContinue) -ne $null) {
ERROR:     + CategoryInfo          : ObjectNotFound: (hughesa:ADUser) [Get-ADUser], ADIdentityNotFoundException
ERROR:     + FullyQualifiedErrorId : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.,Microsoft.ActiveDirectory.Management.Commands.GetADUs
ERROR:    er

Open in new window

0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39223813
Hmm.. try changing line 7 to..
While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

Open in new window

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:namerg
ID: 39223872
Almost, almost...it broke the renaming
I got this:
Rename-ADObject : An attempt was made to add an object to the directory with a name that is already in use
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:59 char:23
ERROR: +           Rename-ADObject <<<<  -Identity $newdn -NewName $CN
ERROR:     + CategoryInfo          : NotSpecified: (CN=morgana2,OU=...=DOMAIN,DC=COM:ADObject) [Rename-ADObject], ADException
ERROR:     + FullyQualifiedErrorId : An attempt was made to add an object to the directory with a name that is already in use,Microsoft.ActiveDirectory.Management.Co
ERROR:    mmands.RenameADObject
ERROR:

Open in new window


CODE:
New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
$dn  = (Get-ADUser $sam).DistinguishedName
       	Move-ADObject -Identity $dn -TargetPath $location
       	$newdn = (Get-ADUser $sam).DistinguishedName
       	$CN = $LastName + ", " + $_."First Name"
      	Rename-ADObject -Identity $newdn -NewName $CN

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223904
An attempt was made to add an object to the directory with a name that is already in use
As of now the code modify the samaccountname.. The error says the object name already exist in the OU.. If you want to add a numeric to the object name then try changing line 5 to..

$CN = $LastName + ", " + $_."First Name"+$Count
0
 

Author Comment

by:namerg
ID: 39223915
hmm, I see.
I cannot have two people with the same full name but different sAMAccountName, right ?
i have to add the number next to the LastName ?
0
 

Author Comment

by:namerg
ID: 39223945
You da man....Namaste.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223947
Add following line just before creating the user and see if it work as expected...
       $LastName = $LastName+$Count

Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	$domain = "@COMPANY.COM"
        $setpass = ConvertTo-SecureString -AsPlainText $password -force
        $LastName = $LastName+$Count
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 

Author Comment

by:namerg
ID: 39223954
Yep. I did this       $CN = $LastName+$Count + ", " + $_."First Name"
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223964
If you add it in the end then it will not reflect in your accounts displayname, sn , UPN etc.. if it is ok with you then you can add it in the end as you mentioned in your last comment...
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223991
Also If you want you can replace

While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

With

While ((Get-ADUser -Filter 'sAMAccountName -eq $sam') -ne $null)

This will specifically look for the sAMAccountName in AD..
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now