Solved

How to control/validate the creation of AD users with same lastname and same first initial on firstname ?

Posted on 2013-06-05
16
673 Views
Last Modified: 2013-06-05
Hello,
Let say in AD, I have the following scenarios:
Scenario 1: (Easier to be controlled)
User in AD:
DaSilva, Neymar, dasilvan
New User to be created:
DaSilva, Nancy, dasilvan1

Scenario 2:
Users in AD
DaSilva, Neymar, dasilvan
DaSilva, Nancy, dasilvan1
New User to be created: (Tricky)
DaSilva, Noreen, dasilvan2

Question, how do i know that the new user to be created I had to add a 2, 3, 4, 5 etc, etc as a suffix ?

Do i have split the user and find out the last digit or last two digits ?

Thanks for your help,
0
Comment
Question by:namerg
  • 9
  • 7
16 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39223384
You can try something like..
$Name = "Subsun"
$SName = $Name
$Count = 0
While ((Get-ADUser -Identity $Name -ea SilentlyContinue) -ne $null)
{
  $Count++
  $Name  = $SName + $Count
}
$Name

Open in new window

0
 

Author Comment

by:namerg
ID: 39223629
Hmm, not working...it worked the fist run but afterwards did not.  
In Master File:
Morgan,Alex,Seattle Sounders,3044
Morgan,Anna, Seattle Sounders,3052
Morgan,Anna, Seattle Sounders,3053
In AD, i have:
Morgan, Alex, morgana,3044
Morgan, Anna, morgana1 (First run creation)
CODE:
 Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
  Catch { }
If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
       	$setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
       		$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
       		if (!($existsSAM)) {
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
			Else {
       			$Count++
       			$sam =  $sam + $Count
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
       	}
       	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

The problem is that it wants to create one more time morgana user and add the suffix, it should not.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223649
You have not even used my logic in this script which you posted... So how can you say it's not working.. :-)..

I am in a middle of work.. Give me sometime, I will try to modify the code for you..
0
 

Author Comment

by:namerg
ID: 39223679
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null) 

Open in new window

0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 500 total points
ID: 39223682
Try..
Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
     $setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223710
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
In your code it check the samaccountname only once..

The code which I posted has a while loop which does the trick..
0
 

Author Comment

by:namerg
ID: 39223720
Hmm, got the following error:
ERROR: Get-ADUser : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:27 char:22
While ((Get-ADUser <<<<  -Identity $sam -ea SilentlyContinue) -ne $null) {
ERROR:     + CategoryInfo          : ObjectNotFound: (hughesa:ADUser) [Get-ADUser], ADIdentityNotFoundException
ERROR:     + FullyQualifiedErrorId : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.,Microsoft.ActiveDirectory.Management.Commands.GetADUs
ERROR:    er

Open in new window

0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39223813
Hmm.. try changing line 7 to..
While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:namerg
ID: 39223872
Almost, almost...it broke the renaming
I got this:
Rename-ADObject : An attempt was made to add an object to the directory with a name that is already in use
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:59 char:23
ERROR: +           Rename-ADObject <<<<  -Identity $newdn -NewName $CN
ERROR:     + CategoryInfo          : NotSpecified: (CN=morgana2,OU=...=DOMAIN,DC=COM:ADObject) [Rename-ADObject], ADException
ERROR:     + FullyQualifiedErrorId : An attempt was made to add an object to the directory with a name that is already in use,Microsoft.ActiveDirectory.Management.Co
ERROR:    mmands.RenameADObject
ERROR:

Open in new window


CODE:
New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
$dn  = (Get-ADUser $sam).DistinguishedName
       	Move-ADObject -Identity $dn -TargetPath $location
       	$newdn = (Get-ADUser $sam).DistinguishedName
       	$CN = $LastName + ", " + $_."First Name"
      	Rename-ADObject -Identity $newdn -NewName $CN

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223904
An attempt was made to add an object to the directory with a name that is already in use
As of now the code modify the samaccountname.. The error says the object name already exist in the OU.. If you want to add a numeric to the object name then try changing line 5 to..

$CN = $LastName + ", " + $_."First Name"+$Count
0
 

Author Comment

by:namerg
ID: 39223915
hmm, I see.
I cannot have two people with the same full name but different sAMAccountName, right ?
i have to add the number next to the LastName ?
0
 

Author Comment

by:namerg
ID: 39223945
You da man....Namaste.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223947
Add following line just before creating the user and see if it work as expected...
       $LastName = $LastName+$Count

Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	$domain = "@COMPANY.COM"
        $setpass = ConvertTo-SecureString -AsPlainText $password -force
        $LastName = $LastName+$Count
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 

Author Comment

by:namerg
ID: 39223954
Yep. I did this       $CN = $LastName+$Count + ", " + $_."First Name"
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223964
If you add it in the end then it will not reflect in your accounts displayname, sn , UPN etc.. if it is ok with you then you can add it in the end as you mentioned in your last comment...
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223991
Also If you want you can replace

While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

With

While ((Get-ADUser -Filter 'sAMAccountName -eq $sam') -ne $null)

This will specifically look for the sAMAccountName in AD..
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now