• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 821
  • Last Modified:

How to control/validate the creation of AD users with same lastname and same first initial on firstname ?

Hello,
Let say in AD, I have the following scenarios:
Scenario 1: (Easier to be controlled)
User in AD:
DaSilva, Neymar, dasilvan
New User to be created:
DaSilva, Nancy, dasilvan1

Scenario 2:
Users in AD
DaSilva, Neymar, dasilvan
DaSilva, Nancy, dasilvan1
New User to be created: (Tricky)
DaSilva, Noreen, dasilvan2

Question, how do i know that the new user to be created I had to add a 2, 3, 4, 5 etc, etc as a suffix ?

Do i have split the user and find out the last digit or last two digits ?

Thanks for your help,
0
namerg
Asked:
namerg
  • 9
  • 7
2 Solutions
 
SubsunCommented:
You can try something like..
$Name = "Subsun"
$SName = $Name
$Count = 0
While ((Get-ADUser -Identity $Name -ea SilentlyContinue) -ne $null)
{
  $Count++
  $Name  = $SName + $Count
}
$Name

Open in new window

0
 
namergSystems AdministratorAuthor Commented:
Hmm, not working...it worked the fist run but afterwards did not.  
In Master File:
Morgan,Alex,Seattle Sounders,3044
Morgan,Anna, Seattle Sounders,3052
Morgan,Anna, Seattle Sounders,3053
In AD, i have:
Morgan, Alex, morgana,3044
Morgan, Anna, morgana1 (First run creation)
CODE:
 Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
  Catch { }
If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
       	$setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
       		$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
       		if (!($existsSAM)) {
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
			Else {
       			$Count++
       			$sam =  $sam + $Count
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
       	}
       	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

The problem is that it wants to create one more time morgana user and add the suffix, it should not.
0
 
SubsunCommented:
You have not even used my logic in this script which you posted... So how can you say it's not working.. :-)..

I am in a middle of work.. Give me sometime, I will try to modify the code for you..
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
namergSystems AdministratorAuthor Commented:
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null) 

Open in new window

0
 
SubsunCommented:
Try..
Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
     $setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 
SubsunCommented:
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
In your code it check the samaccountname only once..

The code which I posted has a while loop which does the trick..
0
 
namergSystems AdministratorAuthor Commented:
Hmm, got the following error:
ERROR: Get-ADUser : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:27 char:22
While ((Get-ADUser <<<<  -Identity $sam -ea SilentlyContinue) -ne $null) {
ERROR:     + CategoryInfo          : ObjectNotFound: (hughesa:ADUser) [Get-ADUser], ADIdentityNotFoundException
ERROR:     + FullyQualifiedErrorId : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.,Microsoft.ActiveDirectory.Management.Commands.GetADUs
ERROR:    er

Open in new window

0
 
SubsunCommented:
Hmm.. try changing line 7 to..
While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

Open in new window

0
 
namergSystems AdministratorAuthor Commented:
Almost, almost...it broke the renaming
I got this:
Rename-ADObject : An attempt was made to add an object to the directory with a name that is already in use
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:59 char:23
ERROR: +           Rename-ADObject <<<<  -Identity $newdn -NewName $CN
ERROR:     + CategoryInfo          : NotSpecified: (CN=morgana2,OU=...=DOMAIN,DC=COM:ADObject) [Rename-ADObject], ADException
ERROR:     + FullyQualifiedErrorId : An attempt was made to add an object to the directory with a name that is already in use,Microsoft.ActiveDirectory.Management.Co
ERROR:    mmands.RenameADObject
ERROR:

Open in new window


CODE:
New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
$dn  = (Get-ADUser $sam).DistinguishedName
       	Move-ADObject -Identity $dn -TargetPath $location
       	$newdn = (Get-ADUser $sam).DistinguishedName
       	$CN = $LastName + ", " + $_."First Name"
      	Rename-ADObject -Identity $newdn -NewName $CN

Open in new window

0
 
SubsunCommented:
An attempt was made to add an object to the directory with a name that is already in use
As of now the code modify the samaccountname.. The error says the object name already exist in the OU.. If you want to add a numeric to the object name then try changing line 5 to..

$CN = $LastName + ", " + $_."First Name"+$Count
0
 
namergSystems AdministratorAuthor Commented:
hmm, I see.
I cannot have two people with the same full name but different sAMAccountName, right ?
i have to add the number next to the LastName ?
0
 
namergSystems AdministratorAuthor Commented:
You da man....Namaste.
0
 
SubsunCommented:
Add following line just before creating the user and see if it work as expected...
       $LastName = $LastName+$Count

Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	$domain = "@COMPANY.COM"
        $setpass = ConvertTo-SecureString -AsPlainText $password -force
        $LastName = $LastName+$Count
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 
namergSystems AdministratorAuthor Commented:
Yep. I did this       $CN = $LastName+$Count + ", " + $_."First Name"
0
 
SubsunCommented:
If you add it in the end then it will not reflect in your accounts displayname, sn , UPN etc.. if it is ok with you then you can add it in the end as you mentioned in your last comment...
0
 
SubsunCommented:
Also If you want you can replace

While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

With

While ((Get-ADUser -Filter 'sAMAccountName -eq $sam') -ne $null)

This will specifically look for the sAMAccountName in AD..
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now