Solved

New-ADUser Error "The server is unwilling to process the request" OtherAttributes

Posted on 2014-07-22
9
6,451 Views
Last Modified: 2014-07-27
Working on rebuilding my user creation scripts and I am having problems with the New-ADUser commandlet. Here is my code:

# Create User
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'departmentNumber'=$DeptCode; 'PhysicianNumber'=$PhysID; 'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"; 'pager'=$Pager; 'ipPhone'=$Ascom} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window


When this runs I get:
New-ADUser : The server is unwilling to process the request
At I:\scripts\poc\chsadmgmt\CHSADMgmt.ps1:3383 char:21
+         $null = New-ADUser <<<<  -Name $username `
    + CategoryInfo          : NotSpecified: (CN=gqtest,CN=Users,DC=comhs,DC=org:String) [New-ADUser], ADException
    + FullyQualifiedErrorId : The server is unwilling to process the request,Microsoft.ActiveDirectory.Management.Comm
   ands.NewADUser

Open in new window


The problem lies somewhere with the -OtherAttributes tag. If I only try to set a single attribute with -OtherAttributes, the script runs fine, but as soon as I add multiples it bombs with the above error.

Can anybody tell me why this is occurring and how to get around it?
0
Comment
Question by:Cacophony777
  • 3
  • 3
  • 2
9 Comments
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
I am suspicious about the PhysicianNumber attribute (I never heard of it as a standard AD attribute), can you remove it and try to create user?
0
 
LVL 1

Author Comment

by:Cacophony777
Comment Utility
Still does not work. We are a hospital system, PhysicianNumber is a custom attribute we have added to our schema. As a further test I just ran the script again with the following code:
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'PhysicianNumber'=$PhysID} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window

This ran code ran fine without issue. As you can see the only difference is that there is only a single item for OtherAttributes.
0
 
LVL 3

Assisted Solution

by:Kevin Stanush
Kevin Stanush earned 250 total points
Comment Utility
Put in your other values for 'OtherAttributes' one by one until the error happens.  This error is usually the result of asking the directory to update something and it violates a constraint, such as trying to put a character into a numeric field, setting a DN field to a non-existent value, trying to set a too-easy password, things like that.

Check the syntax for updating 'otherattributes' too with more than one value so that the command isn't getting mis-intepreted and thereby getting parsed out wrong.
0
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 250 total points
Comment Utility
If the PhysicianNumber attribute is available in schema the the command you posted should work.. Can you try adding the -Server parameter to specify a DC name to New-ADUser command? Also make sure that you have correct values in input file to replace the variables or test the command using actual values for example..
# Create User
$null = New-ADUser -Server serverDC01 -Name "username1" `
	-DisplayName "Display Name" `
	-GivenName "First" `
	-Initials "MI" `
	-Surname "Last" `
	-Company "Company" `
	-Department "Dept" `
	-Title "Title" `
	-EmployeeID "121121" `
	-EmployeeNumber "21" `
	-Office "Office" `
	-OfficePhone "12112121212" `
	-MobilePhone "011" `
	-OtherAttributes @{'departmentNumber'="112121"; 'PhysicianNumber'="1212121"; 'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"; 'pager'="1212"; 'ipPhone'="121212"} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window

0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 3

Expert Comment

by:Kevin Stanush
Comment Utility
Also, verify that one of your values is not too long for the attribute, as that can also trigger this error.  Like Subsun said, test with actual known values to see if the command syntax is all well, then substitute your values.
0
 
LVL 1

Accepted Solution

by:
Cacophony777 earned 0 total points
Comment Utility
So, I've figured it out. The problem is that unlike the rest of the parameters of the New-ADUser cmdlet, the OtherAttributes parameter does not like empty variables, so I fixed my script with some simple if statements:
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

If ($DeptCode -ne "") {
	Set-ADUser -Identity $username -Add @{'departmentNumber'=$DeptCode}
}
If ($PhysID -ne "") {
	Set-ADUser -Identity $username -Add @{'PhysicianNumber'=$PhysID}
}
If ($Pager -ne "") {
	Set-ADUser -Identity $username -Add @{'pager'=$Pager}
}
If ($Ascom -ne "") {
	Set-ADUser -Identity $username -Add @{'ipPhone'=$Ascom}
}

Open in new window

Thanks everyone for all your pointers - some of them definitely did help point me in the right direction to figure out the issue! Sometimes just bouncing the problem off some others helps get the wheels churning in the right direction :-)
0
 
LVL 1

Author Comment

by:Cacophony777
Comment Utility
I've requested that this question be closed as follows:

Accepted answer: 0 points for Cacophony777's comment #a40217427

for the following reason:

Figured it out on my own...
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
In my comment #a40213149 I did recommend you to check the input file and make sure that you have correct values to replace the variables or test the command using actual values.. So, I think it deserve assist points for pointing to the right direction..:-)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now