Solved

How to control/validate the creation of AD users with same lastname and same first initial on firstname ?

Posted on 2013-06-05
16
678 Views
Last Modified: 2013-06-05
Hello,
Let say in AD, I have the following scenarios:
Scenario 1: (Easier to be controlled)
User in AD:
DaSilva, Neymar, dasilvan
New User to be created:
DaSilva, Nancy, dasilvan1

Scenario 2:
Users in AD
DaSilva, Neymar, dasilvan
DaSilva, Nancy, dasilvan1
New User to be created: (Tricky)
DaSilva, Noreen, dasilvan2

Question, how do i know that the new user to be created I had to add a 2, 3, 4, 5 etc, etc as a suffix ?

Do i have split the user and find out the last digit or last two digits ?

Thanks for your help,
0
Comment
Question by:namerg
  • 9
  • 7
16 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39223384
You can try something like..
$Name = "Subsun"
$SName = $Name
$Count = 0
While ((Get-ADUser -Identity $Name -ea SilentlyContinue) -ne $null)
{
  $Count++
  $Name  = $SName + $Count
}
$Name

Open in new window

0
 

Author Comment

by:namerg
ID: 39223629
Hmm, not working...it worked the fist run but afterwards did not.  
In Master File:
Morgan,Alex,Seattle Sounders,3044
Morgan,Anna, Seattle Sounders,3052
Morgan,Anna, Seattle Sounders,3053
In AD, i have:
Morgan, Alex, morgana,3044
Morgan, Anna, morgana1 (First run creation)
CODE:
 Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
  Catch { }
If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
       	$setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
       		$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
       		if (!($existsSAM)) {
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
			Else {
       			$Count++
       			$sam =  $sam + $Count
       			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
       	}
       	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

The problem is that it wants to create one more time morgana user and add the suffix, it should not.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223649
You have not even used my logic in this script which you posted... So how can you say it's not working.. :-)..

I am in a middle of work.. Give me sometime, I will try to modify the code for you..
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:namerg
ID: 39223679
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null) 

Open in new window

0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 500 total points
ID: 39223682
Try..
Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	   	$domain = "@COMPANY.COM"
     $setpass = ConvertTo-SecureString -AsPlainText $password -force
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223710
Hmm, isn't it this one ?
$existsSAM = ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
In your code it check the samaccountname only once..

The code which I posted has a while loop which does the trick..
0
 

Author Comment

by:namerg
ID: 39223720
Hmm, got the following error:
ERROR: Get-ADUser : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:27 char:22
While ((Get-ADUser <<<<  -Identity $sam -ea SilentlyContinue) -ne $null) {
ERROR:     + CategoryInfo          : ObjectNotFound: (hughesa:ADUser) [Get-ADUser], ADIdentityNotFoundException
ERROR:     + FullyQualifiedErrorId : Cannot find an object with identity: 'hughesa' under: 'DC=domain,DC=com'.,Microsoft.ActiveDirectory.Management.Commands.GetADUs
ERROR:    er

Open in new window

0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39223813
Hmm.. try changing line 7 to..
While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

Open in new window

0
 

Author Comment

by:namerg
ID: 39223872
Almost, almost...it broke the renaming
I got this:
Rename-ADObject : An attempt was made to add an object to the directory with a name that is already in use
ERROR: At C:\scripts\ceridian\Ceridian_Create_AD_Users.ps1:59 char:23
ERROR: +           Rename-ADObject <<<<  -Identity $newdn -NewName $CN
ERROR:     + CategoryInfo          : NotSpecified: (CN=morgana2,OU=...=DOMAIN,DC=COM:ADObject) [Rename-ADObject], ADException
ERROR:     + FullyQualifiedErrorId : An attempt was made to add an object to the directory with a name that is already in use,Microsoft.ActiveDirectory.Management.Co
ERROR:    mmands.RenameADObject
ERROR:

Open in new window


CODE:
New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
$dn  = (Get-ADUser $sam).DistinguishedName
       	Move-ADObject -Identity $dn -TargetPath $location
       	$newdn = (Get-ADUser $sam).DistinguishedName
       	$CN = $LastName + ", " + $_."First Name"
      	Rename-ADObject -Identity $newdn -NewName $CN

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223904
An attempt was made to add an object to the directory with a name that is already in use
As of now the code modify the samaccountname.. The error says the object name already exist in the OU.. If you want to add a numeric to the object name then try changing line 5 to..

$CN = $LastName + ", " + $_."First Name"+$Count
0
 

Author Comment

by:namerg
ID: 39223915
hmm, I see.
I cannot have two people with the same full name but different sAMAccountName, right ?
i have to add the number next to the LastName ?
0
 

Author Comment

by:namerg
ID: 39223945
You da man....Namaste.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223947
Add following line just before creating the user and see if it work as expected...
       $LastName = $LastName+$Count

Import-Csv $MasterFile | ForEach-Object {
 $LastName = $_."Last Name" -replace "\s"
 $sam = $LastName.ToLower() + $_."First Name".substring(0,1).ToLower()
 $ClockNumber = $_."Clock Number"
	$SName = $sam
        $Count = 0
	While ((Get-ADUser -Identity $sam -ea SilentlyContinue) -ne $null)
	{
	  $Count++
	  $sam  = $SName + $Count
	}
	
 Try   {
      $existsCOMPANY = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=upi,DC=upicolo,DC=pvt"
 #     $existsCOMPANY_OU = existsCOMPANY_OU
      $existsNewUsers = Get-ADUser -LDAPFilter "(employeeNumber=$ClockNumber)" -SearchScope Subtree -SearchBase "OU=COMPANY - New Users,DC=upicolo,DC=pvt"
 }
 Catch { }
  If (!($existsCOMPANY) -and !($existsNewUsers)) {
    	$i++
    	$password = Get-RandomPassword
	$domain = "@COMPANY.COM"
        $setpass = ConvertTo-SecureString -AsPlainText $password -force
        $LastName = $LastName+$Count
		Try {
   			New-ADUser $sam -AccountPassword $setpass -OtherAttributes @{userPrincipalName=$sam + $domain; givenName=$_."First Name";sn=$LastName; displayName=$LastName + ", " + $_."First Name"; title=$_."Job Title"; employeeNumber=$_."Clock Number"}
			}
 	Catch { }
	}
	#MORE ABOUT AD USER CREATION
}

Open in new window

0
 

Author Comment

by:namerg
ID: 39223954
Yep. I did this       $CN = $LastName+$Count + ", " + $_."First Name"
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223964
If you add it in the end then it will not reflect in your accounts displayname, sn , UPN etc.. if it is ok with you then you can add it in the end as you mentioned in your last comment...
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39223991
Also If you want you can replace

While ($(try {Get-ADUser -Identity $sam}catch{}) -ne $null)

With

While ((Get-ADUser -Filter 'sAMAccountName -eq $sam') -ne $null)

This will specifically look for the sAMAccountName in AD..
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question