Solved

New-ADUser Error "The server is unwilling to process the request" OtherAttributes

Posted on 2014-07-22
9
7,302 Views
Last Modified: 2014-07-27
Working on rebuilding my user creation scripts and I am having problems with the New-ADUser commandlet. Here is my code:

# Create User
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'departmentNumber'=$DeptCode; 'PhysicianNumber'=$PhysID; 'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"; 'pager'=$Pager; 'ipPhone'=$Ascom} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window


When this runs I get:
New-ADUser : The server is unwilling to process the request
At I:\scripts\poc\chsadmgmt\CHSADMgmt.ps1:3383 char:21
+         $null = New-ADUser <<<<  -Name $username `
    + CategoryInfo          : NotSpecified: (CN=gqtest,CN=Users,DC=comhs,DC=org:String) [New-ADUser], ADException
    + FullyQualifiedErrorId : The server is unwilling to process the request,Microsoft.ActiveDirectory.Management.Comm
   ands.NewADUser

Open in new window


The problem lies somewhere with the -OtherAttributes tag. If I only try to set a single attribute with -OtherAttributes, the script runs fine, but as soon as I add multiples it bombs with the above error.

Can anybody tell me why this is occurring and how to get around it?
0
Comment
Question by:Cacophony777
  • 3
  • 3
  • 2
9 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 40212117
I am suspicious about the PhysicianNumber attribute (I never heard of it as a standard AD attribute), can you remove it and try to create user?
0
 
LVL 1

Author Comment

by:Cacophony777
ID: 40212236
Still does not work. We are a hospital system, PhysicianNumber is a custom attribute we have added to our schema. As a further test I just ran the script again with the following code:
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'PhysicianNumber'=$PhysID} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window

This ran code ran fine without issue. As you can see the only difference is that there is only a single item for OtherAttributes.
0
 
LVL 5

Assisted Solution

by:Kevin Stanush
Kevin Stanush earned 250 total points
ID: 40212274
Put in your other values for 'OtherAttributes' one by one until the error happens.  This error is usually the result of asking the directory to update something and it violates a constraint, such as trying to put a character into a numeric field, setting a DN field to a non-existent value, trying to set a too-easy password, things like that.

Check the syntax for updating 'otherattributes' too with more than one value so that the command isn't getting mis-intepreted and thereby getting parsed out wrong.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 250 total points
ID: 40213149
If the PhysicianNumber attribute is available in schema the the command you posted should work.. Can you try adding the -Server parameter to specify a DC name to New-ADUser command? Also make sure that you have correct values in input file to replace the variables or test the command using actual values for example..
# Create User
$null = New-ADUser -Server serverDC01 -Name "username1" `
	-DisplayName "Display Name" `
	-GivenName "First" `
	-Initials "MI" `
	-Surname "Last" `
	-Company "Company" `
	-Department "Dept" `
	-Title "Title" `
	-EmployeeID "121121" `
	-EmployeeNumber "21" `
	-Office "Office" `
	-OfficePhone "12112121212" `
	-MobilePhone "011" `
	-OtherAttributes @{'departmentNumber'="112121"; 'PhysicianNumber'="1212121"; 'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"; 'pager'="1212"; 'ipPhone'="121212"} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window

0
 
LVL 5

Expert Comment

by:Kevin Stanush
ID: 40213391
Also, verify that one of your values is not too long for the attribute, as that can also trigger this error.  Like Subsun said, test with actual known values to see if the command syntax is all well, then substitute your values.
0
 
LVL 1

Accepted Solution

by:
Cacophony777 earned 0 total points
ID: 40217427
So, I've figured it out. The problem is that unlike the rest of the parameters of the New-ADUser cmdlet, the OtherAttributes parameter does not like empty variables, so I fixed my script with some simple if statements:
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

If ($DeptCode -ne "") {
	Set-ADUser -Identity $username -Add @{'departmentNumber'=$DeptCode}
}
If ($PhysID -ne "") {
	Set-ADUser -Identity $username -Add @{'PhysicianNumber'=$PhysID}
}
If ($Pager -ne "") {
	Set-ADUser -Identity $username -Add @{'pager'=$Pager}
}
If ($Ascom -ne "") {
	Set-ADUser -Identity $username -Add @{'ipPhone'=$Ascom}
}

Open in new window

Thanks everyone for all your pointers - some of them definitely did help point me in the right direction to figure out the issue! Sometimes just bouncing the problem off some others helps get the wheels churning in the right direction :-)
0
 
LVL 1

Author Comment

by:Cacophony777
ID: 40217463
I've requested that this question be closed as follows:

Accepted answer: 0 points for Cacophony777's comment #a40217427

for the following reason:

Figured it out on my own...
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40217464
In my comment #a40213149 I did recommend you to check the input file and make sure that you have correct values to replace the variables or test the command using actual values.. So, I think it deserve assist points for pointing to the right direction..:-)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question