powershell script help

Drafting a script to use when creating new AD user accounts.  I'm stumped on the part where I'd like to Read-HosT = "Choose the mailing location for user, MI/MS/MO/OK"

Then based on which state abbreviation is chosen the followup command would be:

Set-ADUser -identity $newusername -streetAddress "blah blah" -city "blah" -state "blah", etc, etc

Obviously the variables of the addresses would be different based on the choice.  I'm having a hard time searching for examples of such.


#Script to create a new domain user.  
#Oct 2013 Ben Hart
Function CopyFrom {
$groupBool = Read-Host "Copy group membership from existing user? Y/N. Default is N"
	if ($groupBool.tolower() -eq "y"){
	$usercopyfrom = Read-Host "Enter the user account to copy"
	return (Get-ADUser $usercopyfrom -Properties memberof).Memberof
	}
}

$newusername = Read-Host "Please enter the new username"
$firstname = Read-Host "Please enter the persons first name"
$surname = Read-Host "Please enter the persons last name"
$newuser = Read-Host "Please enter the new persons name Last, First"
#$fullname = $surname , $firstname 
$newuserdescription = Read-Host "Please enter the new users Title"
$groups = CopyFrom
#create new domain account copying the specified
New-ADUser -SamAccountName $newusername -Name $newuser -DisplayName $newuser -Description $newuserdescription -Surname $surname -GivenName $firstname -UserPrincipalName $newuser@DIFC.Root01.org
"New user created"
Foreach ($g in $groups){
	Add-ADGroupMember $g $newusername
	}
Set-ADUser -Identity $newusername -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893"
Enable-Adaccount -Identity $newusername 

Open in new window


Also as a tertiary request, I'd like to remove the line asking for the users last name, first name.  I know there's a way to combine the variables of $surname and $firstname AND including a comma between but I cannot figure it out.
LVL 14
Ben HartAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ben HartAuthor Commented:
Stumbled across something.. would this potentially work?

$location = Read-Host "Pick your state.  MI/MS/OK/MO"
if {$location -eq "MI") {$MI ; exit}
if {$location -eq "MS") {$MS ; exit}
if {$location -eq "OK") {$OK ; exit}
if {$location -eq "MO") {$MO ; exit}
else { "No location picked, defaulting to MI") {$MI ; exit}
$MI = Set-ADUser -Identity $username -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893"
$MS = Set-ADUser -Identity $username -StreetAddress "1055 Mendell Davis Dr." -City "Jackson" -State "MS" -PostalCode "39272"
$MO = Set-ADUser -Identity $username -StreetAddress 

Open in new window

0
footechCommented:
The above isn't too far off, but it wouldn't work as is.
I would use an If..ElseIf structure.  You could also use a switch statement.  There are a variety of ways that you could set what you need depending on each condition.  You could run the Set-ADUser cmdlet as shown below, you could set a variable equal to a string containing the Set-ADUser command and then later use Invoke-Expression to run it, or you could set variables for the address components like address and city and then later call Set-ADUser using those variables.
$location = Read-Host "Pick your state.  MI/MS/OK/MO"
If ($location -eq "MI")
{ Set-ADUser -Identity $username -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893" }
ElseIf ($location -eq "MS")
{ Set-ADUser -Identity $username -StreetAddress "1055 Mendell Davis Dr." -City "Jackson" -State "MS" -PostalCode "39272" }
ElseIf ($location -eq "OK")
{ Set-ADUser -Identity $username -StreetAddress "..." }
ElseIf ($location -eq "MO")
{ Set-ADUser -Identity $username -StreetAddress "..." }
Else { "No location picked, defaulting to MI"
    Set-ADUser -Identity $username -StreetAddress "525 S. Coldwater Rd." -City "Weidman" -State "MI" -PostalCode "48893"
}

Open in new window

0
Ben HartAuthor Commented:
That's working VERY well.  Awesome thanks.

Got another question if I may, running this via teh CLI I'm getting some weirdness with the setting of the password.

C:\!IT>powershell -command C:\!IT\new-user.ps1
Please enter the new username: gg
User does not exist
Please enter the persons first name: hh
Please enter the persons last name: ff
Please enter the new users Title: bnb hhjjh
Copy group membership from existing user? Y/N. Default is N: n
New user created, waiting 10 seconds...
Please enter the current password for 'CN=ff hh,CN=Users,DC=DIFC,DC=root01,DC=o
g'
Password: *********
Set-ADAccountPassword : The specified network password is not correct
At C:\!IT\new-user.ps1:28 char:1
+ Set-ADAccountPassword -Identity $newusername -NewPassword
(ConvertTo-SecureStrin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : InvalidData: (gg:ADAccount) [Set-ADAccountPasswo
   rd], ADInvalidPasswordException
    + FullyQualifiedErrorId : ActiveDirectoryServer:86,Microsoft.ActiveDirecto
   ry.Management.Commands.SetADAccountPassword

Password changed to P@word1, waiting 10 seconds...
set-aduser : The password does not meet the length, complexity, or history
requirement of the domain.
At C:\!IT\new-user.ps1:33 char:1
+ set-aduser -Identity $newusername -Enabled $true
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (gg:ADUser) [Set-ADUser], ADPasswor
   dComplexityException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1325,Microsoft.ActiveDirec
   tory.Management.Commands.SetADUser

Pick your state.  MI/MS/OK/MO: MS
New account created, remember to move it from the Users OU into the correct one
under People
Press any key to continue

C:\!IT>pause
Press any key to continue . . .

Open in new window


The code for that password part is:

#create new domain account copying the specified
New-ADUser -SamAccountName $newusername -Name $newuser -DisplayName $newuser -Description $newuserdescription -title $newuserdescription -Surname $surname -GivenName $firstname -UserPrincipalName $newusername@DIFC.Root01.org
"New user created, waiting 10 seconds..."
Start-Sleep -Seconds 10
#Setting account password to P@$$word1
Set-ADAccountPassword -Identity $newusername -NewPassword (ConvertTo-SecureString -AsPlainText "P@$$word1" -Force)

Open in new window


Cant figure out why it's prompting me to specify a password.  And when I do, whatever I put is wrong.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

footechCommented:
Unless you use the -oldPassword parameter as well, then you have to use the -reset switch parameter.
0
Ben HartAuthor Commented:
So it'd be:

set-aduser -identity "username" -oldpassword "P@$$word1" -newpassword (convertto-securestring -asplaintext "P@$$word1" -force)

?
0
footechCommented:
Set-ADAccountPassword -Identity $newusername -NewPassword (ConvertTo-SecureString -AsPlainText "P@$$word1" -Force) -reset

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.