?
Solved

New-ADUser Error "The server is unwilling to process the request" OtherAttributes

Posted on 2014-07-22
9
Medium Priority
?
7,980 Views
Last Modified: 2014-07-27
Working on rebuilding my user creation scripts and I am having problems with the New-ADUser commandlet. Here is my code:

# Create User
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'departmentNumber'=$DeptCode; 'PhysicianNumber'=$PhysID; 'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"; 'pager'=$Pager; 'ipPhone'=$Ascom} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window


When this runs I get:
New-ADUser : The server is unwilling to process the request
At I:\scripts\poc\chsadmgmt\CHSADMgmt.ps1:3383 char:21
+         $null = New-ADUser <<<<  -Name $username `
    + CategoryInfo          : NotSpecified: (CN=gqtest,CN=Users,DC=comhs,DC=org:String) [New-ADUser], ADException
    + FullyQualifiedErrorId : The server is unwilling to process the request,Microsoft.ActiveDirectory.Management.Comm
   ands.NewADUser

Open in new window


The problem lies somewhere with the -OtherAttributes tag. If I only try to set a single attribute with -OtherAttributes, the script runs fine, but as soon as I add multiples it bombs with the above error.

Can anybody tell me why this is occurring and how to get around it?
0
Comment
Question by:Cacophony777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
9 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 40212117
I am suspicious about the PhysicianNumber attribute (I never heard of it as a standard AD attribute), can you remove it and try to create user?
0
 
LVL 1

Author Comment

by:Cacophony777
ID: 40212236
Still does not work. We are a hospital system, PhysicianNumber is a custom attribute we have added to our schema. As a further test I just ran the script again with the following code:
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'PhysicianNumber'=$PhysID} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window

This ran code ran fine without issue. As you can see the only difference is that there is only a single item for OtherAttributes.
0
 
LVL 6

Assisted Solution

by:Kevin Stanush
Kevin Stanush earned 750 total points
ID: 40212274
Put in your other values for 'OtherAttributes' one by one until the error happens.  This error is usually the result of asking the directory to update something and it violates a constraint, such as trying to put a character into a numeric field, setting a DN field to a non-existent value, trying to set a too-easy password, things like that.

Check the syntax for updating 'otherattributes' too with more than one value so that the command isn't getting mis-intepreted and thereby getting parsed out wrong.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 750 total points
ID: 40213149
If the PhysicianNumber attribute is available in schema the the command you posted should work.. Can you try adding the -Server parameter to specify a DC name to New-ADUser command? Also make sure that you have correct values in input file to replace the variables or test the command using actual values for example..
# Create User
$null = New-ADUser -Server serverDC01 -Name "username1" `
	-DisplayName "Display Name" `
	-GivenName "First" `
	-Initials "MI" `
	-Surname "Last" `
	-Company "Company" `
	-Department "Dept" `
	-Title "Title" `
	-EmployeeID "121121" `
	-EmployeeNumber "21" `
	-Office "Office" `
	-OfficePhone "12112121212" `
	-MobilePhone "011" `
	-OtherAttributes @{'departmentNumber'="112121"; 'PhysicianNumber'="1212121"; 'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"; 'pager'="1212"; 'ipPhone'="121212"} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

Open in new window

0
 
LVL 6

Expert Comment

by:Kevin Stanush
ID: 40213391
Also, verify that one of your values is not too long for the attribute, as that can also trigger this error.  Like Subsun said, test with actual known values to see if the command syntax is all well, then substitute your values.
0
 
LVL 1

Accepted Solution

by:
Cacophony777 earned 0 total points
ID: 40217427
So, I've figured it out. The problem is that unlike the rest of the parameters of the New-ADUser cmdlet, the OtherAttributes parameter does not like empty variables, so I fixed my script with some simple if statements:
$null = New-ADUser -Name $username `
	-UserPrincipalName $upn `
	-DisplayName $DisplayName `
	-GivenName $First `
	-Initials $MI `
	-Surname $Last `
	-Company $Company `
	-Department $Dept `
	-Title $Title `
	-EmployeeID $EmpID `
	-EmployeeNumber $JobCode `
	-Office $Office `
	-OfficePhone $OfficePhone `
	-MobilePhone $Mobile `
	-OtherAttributes @{'extensionAttribute2'="1"; 'comment'="INTERACTIVE ACCOUNT"} `
	-EmailAddress "EmailUnknown@iSupport.invalid" # Dummy address replaced later if Exchange mailbox needed

If ($DeptCode -ne "") {
	Set-ADUser -Identity $username -Add @{'departmentNumber'=$DeptCode}
}
If ($PhysID -ne "") {
	Set-ADUser -Identity $username -Add @{'PhysicianNumber'=$PhysID}
}
If ($Pager -ne "") {
	Set-ADUser -Identity $username -Add @{'pager'=$Pager}
}
If ($Ascom -ne "") {
	Set-ADUser -Identity $username -Add @{'ipPhone'=$Ascom}
}

Open in new window

Thanks everyone for all your pointers - some of them definitely did help point me in the right direction to figure out the issue! Sometimes just bouncing the problem off some others helps get the wheels churning in the right direction :-)
0
 
LVL 1

Author Comment

by:Cacophony777
ID: 40217463
I've requested that this question be closed as follows:

Accepted answer: 0 points for Cacophony777's comment #a40217427

for the following reason:

Figured it out on my own...
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40217464
In my comment #a40213149 I did recommend you to check the input file and make sure that you have correct values to replace the variables or test the command using actual values.. So, I think it deserve assist points for pointing to the right direction..:-)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question