powershell script help

Posted on 2013-10-16
Medium Priority
Last Modified: 2013-10-17
Drafting a script to use when creating new AD user accounts.  I'm stumped on the part where I'd like to Read-HosT = "Choose the mailing location for user, MI/MS/MO/OK"

Then based on which state abbreviation is chosen the followup command would be:

Set-ADUser -identity $newusername -streetAddress "blah blah" -city "blah" -state "blah", etc, etc

Obviously the variables of the addresses would be different based on the choice.  I'm having a hard time searching for examples of such.

#Script to create a new domain user.  
#Oct 2013 Ben Hart
Function CopyFrom {
$groupBool = Read-Host "Copy group membership from existing user? Y/N. Default is N"
	if ($groupBool.tolower() -eq "y"){
	$usercopyfrom = Read-Host "Enter the user account to copy"
	return (Get-ADUser $usercopyfrom -Properties memberof).Memberof

$newusername = Read-Host "Please enter the new username"
$firstname = Read-Host "Please enter the persons first name"
$surname = Read-Host "Please enter the persons last name"
$newuser = Read-Host "Please enter the new persons name Last, First"
#$fullname = $surname , $firstname 
$newuserdescription = Read-Host "Please enter the new users Title"
$groups = CopyFrom
#create new domain account copying the specified
New-ADUser -SamAccountName $newusername -Name $newuser -DisplayName $newuser -Description $newuserdescription -Surname $surname -GivenName $firstname -UserPrincipalName $newuser@DIFC.Root01.org
"New user created"
Foreach ($g in $groups){
	Add-ADGroupMember $g $newusername
Set-ADUser -Identity $newusername -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893"
Enable-Adaccount -Identity $newusername 

Open in new window

Also as a tertiary request, I'd like to remove the line asking for the users last name, first name.  I know there's a way to combine the variables of $surname and $firstname AND including a comma between but I cannot figure it out.
Question by:Ben Hart
  • 3
  • 3
LVL 14

Author Comment

by:Ben Hart
ID: 39576513
Stumbled across something.. would this potentially work?

$location = Read-Host "Pick your state.  MI/MS/OK/MO"
if {$location -eq "MI") {$MI ; exit}
if {$location -eq "MS") {$MS ; exit}
if {$location -eq "OK") {$OK ; exit}
if {$location -eq "MO") {$MO ; exit}
else { "No location picked, defaulting to MI") {$MI ; exit}
$MI = Set-ADUser -Identity $username -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893"
$MS = Set-ADUser -Identity $username -StreetAddress "1055 Mendell Davis Dr." -City "Jackson" -State "MS" -PostalCode "39272"
$MO = Set-ADUser -Identity $username -StreetAddress 

Open in new window

LVL 42

Assisted Solution

footech earned 2000 total points
ID: 39576971
The above isn't too far off, but it wouldn't work as is.
I would use an If..ElseIf structure.  You could also use a switch statement.  There are a variety of ways that you could set what you need depending on each condition.  You could run the Set-ADUser cmdlet as shown below, you could set a variable equal to a string containing the Set-ADUser command and then later use Invoke-Expression to run it, or you could set variables for the address components like address and city and then later call Set-ADUser using those variables.
$location = Read-Host "Pick your state.  MI/MS/OK/MO"
If ($location -eq "MI")
{ Set-ADUser -Identity $username -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893" }
ElseIf ($location -eq "MS")
{ Set-ADUser -Identity $username -StreetAddress "1055 Mendell Davis Dr." -City "Jackson" -State "MS" -PostalCode "39272" }
ElseIf ($location -eq "OK")
{ Set-ADUser -Identity $username -StreetAddress "..." }
ElseIf ($location -eq "MO")
{ Set-ADUser -Identity $username -StreetAddress "..." }
Else { "No location picked, defaulting to MI"
    Set-ADUser -Identity $username -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893"

Open in new window

LVL 14

Author Comment

by:Ben Hart
ID: 39577215
That's working VERY well.  Awesome thanks.

Got another question if I may, running this via teh CLI I'm getting some weirdness with the setting of the password.

C:\!IT>powershell -command C:\!IT\new-user.ps1
Please enter the new username: gg
User does not exist
Please enter the persons first name: hh
Please enter the persons last name: ff
Please enter the new users Title: bnb hhjjh
Copy group membership from existing user? Y/N. Default is N: n
New user created, waiting 10 seconds...
Please enter the current password for 'CN=ff hh,CN=Users,DC=DIFC,DC=root01,DC=o
Password: *********
Set-ADAccountPassword : The specified network password is not correct
At C:\!IT\new-user.ps1:28 char:1
+ Set-ADAccountPassword -Identity $newusername -NewPassword
(ConvertTo-SecureStrin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (gg:ADAccount) [Set-ADAccountPasswo
   rd], ADInvalidPasswordException
    + FullyQualifiedErrorId : ActiveDirectoryServer:86,Microsoft.ActiveDirecto

Password changed to P@word1, waiting 10 seconds...
set-aduser : The password does not meet the length, complexity, or history
requirement of the domain.
At C:\!IT\new-user.ps1:33 char:1
+ set-aduser -Identity $newusername -Enabled $true
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (gg:ADUser) [Set-ADUser], ADPasswor
    + FullyQualifiedErrorId : ActiveDirectoryServer:1325,Microsoft.ActiveDirec

Pick your state.  MI/MS/OK/MO: MS
New account created, remember to move it from the Users OU into the correct one
under People
Press any key to continue

Press any key to continue . . .

Open in new window

The code for that password part is:

#create new domain account copying the specified
New-ADUser -SamAccountName $newusername -Name $newuser -DisplayName $newuser -Description $newuserdescription -title $newuserdescription -Surname $surname -GivenName $firstname -UserPrincipalName $newusername@DIFC.Root01.org
"New user created, waiting 10 seconds..."
Start-Sleep -Seconds 10
#Setting account password to P@$$word1
Set-ADAccountPassword -Identity $newusername -NewPassword (ConvertTo-SecureString -AsPlainText "P@$$word1" -Force)

Open in new window

Cant figure out why it's prompting me to specify a password.  And when I do, whatever I put is wrong.
Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

LVL 42

Expert Comment

ID: 39577366
Unless you use the -oldPassword parameter as well, then you have to use the -reset switch parameter.
LVL 14

Author Comment

by:Ben Hart
ID: 39577801
So it'd be:

set-aduser -identity "username" -oldpassword "P@$$word1" -newpassword (convertto-securestring -asplaintext "P@$$word1" -force)

LVL 42

Accepted Solution

footech earned 2000 total points
ID: 39577852
Set-ADAccountPassword -Identity $newusername -NewPassword (ConvertTo-SecureString -AsPlainText "P@$$word1" -Force) -reset

Open in new window


Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question