Solved

How to control/validate the creation of AD users with same lastname and same first initial on firstname ?

Posted on 2013-06-05
16
750 Views
Last Modified: 2013-06-05
Hello,
Let say in AD, I have the following scenarios:
Scenario 1: (Easier to be controlled)
User in AD:
DaSilva, Neymar, dasilvan
New User to be created:
DaSilva, Nancy, dasilvan1

Scenario 2:
Users in AD
DaSilva, Neymar, dasilvan
DaSilva, Nancy, dasilvan1
New User to be created: (Tricky)
DaSilva, Noreen, dasilvan2

Question, how do i know that the new user to be created I had to add a 2, 3, 4, 5 etc, etc as a suffix ?

Do i have split the user and find out the last digit or last two digits ?

Thanks for your help,
0
Comment
Question by:namerg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39223384
You can try something like..
$Name = "Subsun"
$SName = $Name
$Count = 0
While ((Get-ADUser -Identity $Name -ea SilentlyContinue) -ne $null)
{
  $Count++
  $Name  = $SName + $Count
}
$Name

Open in new window

0
 

Author Comment

by:namerg
ID: 39223629
Hmm, not working...it worked the fist run but afterwards did not.  
In Master File:
Morgan,Alex,Seattle Sounders,3044
Morgan,Anna, Seattle Sounders,3052
Morgan,Anna, Seattle Sounders,3053
In AD, i have:
Morgan, Alex, morgana,3044
Morgan, Anna, morgana1 (First run creation)
CODE:
 Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
  Catch { }
If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
       	$setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
       		$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
       		if (!($existsSAM)) {
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
			Else {
       			$Count++
       			$sam =  $sam + $Count
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
       	}
       	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

The problem is that it wants to create one more time morgana user and add the suffix, it should not.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223649
You have not even used my logic in this script which you posted... So how can you say it's not working.. :-)..

I am in a middle of work.. Give me sometime, I will try to modify the code for you..
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:namerg
ID: 39223679
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null) 

Open in new window

0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 500 total points
ID: 39223682
Try..
Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
     $setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223710
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
In your code it check the samaccountname only once..

The code which I posted has a while loop which does the trick..
0
 

Author Comment

by:namerg
ID: 39223720
Hmm, got the following error:
ERROR: Get-ADUser : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:27 char:22
While ((Get-ADUser <<<<  -Identity $sam -ea SilentlyContinue) -ne $null) {
ERROR:     + CategoryInfo          : ObjectNotFound: (hughesa:ADUser) [Get-ADUser], ADIdentityNotFoundException
ERROR:     + FullyQualifiedErrorId : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.,Microsoft.ActiveDirectory.Management.Commands.GetADUs
ERROR:    er

Open in new window

0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39223813
Hmm.. try changing line 7 to..
While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

Open in new window

0
 

Author Comment

by:namerg
ID: 39223872
Almost, almost...it broke the renaming
I got this:
Rename-ADObject : An attempt was made to add an object to the directory with a name that is already in use
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:59 char:23
ERROR: +           Rename-ADObject <<<<  -Identity $newdn -NewName $CN
ERROR:     + CategoryInfo          : NotSpecified: (CN=morgana2,OU=...=DOMAIN,DC=COM:ADObject) [Rename-ADObject], ADException
ERROR:     + FullyQualifiedErrorId : An attempt was made to add an object to the directory with a name that is already in use,Microsoft.ActiveDirectory.Management.Co
ERROR:    mmands.RenameADObject
ERROR:

Open in new window


CODE:
New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
$dn  = (Get-ADUser $sam).DistinguishedName
       	Move-ADObject -Identity $dn -TargetPath $location
       	$newdn = (Get-ADUser $sam).DistinguishedName
       	$CN = $LastName + ", " + $_."First Name"
      	Rename-ADObject -Identity $newdn -NewName $CN

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223904
An attempt was made to add an object to the directory with a name that is already in use
As of now the code modify the samaccountname.. The error says the object name already exist in the OU.. If you want to add a numeric to the object name then try changing line 5 to..

$CN = $LastName + ", " + $_."First Name"+$Count
0
 

Author Comment

by:namerg
ID: 39223915
hmm, I see.
I cannot have two people with the same full name but different sAMAccountName, right ?
i have to add the number next to the LastName ?
0
 

Author Comment

by:namerg
ID: 39223945
You da man....Namaste.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223947
Add following line just before creating the user and see if it work as expected...
       $LastName = $LastName+$Count

Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	$domain = "@COMPANY.COM"
        $setpass = ConvertTo-SecureString -AsPlainText $password -force
        $LastName = $LastName+$Count
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 

Author Comment

by:namerg
ID: 39223954
Yep. I did this       $CN = $LastName+$Count + ", " + $_."First Name"
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223964
If you add it in the end then it will not reflect in your accounts displayname, sn , UPN etc.. if it is ok with you then you can add it in the end as you mentioned in your last comment...
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223991
Also If you want you can replace

While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

With

While ((Get-ADUser -Filter 'sAMAccountName -eq $sam') -ne $null)

This will specifically look for the sAMAccountName in AD..
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question