#Create-NewADUserO365.ps1
#3/3/15 Benjamin Hart, Unified Brands, Inc
#Created with Powershell ISE
#This powershell script will create a domain user object using a format of lastname, firstname, a SAM of first initial + last name
#It will also populate displayname, a default password, office and both proxyaddresses, the primary as used in your org and the
#Dover required O365 one. It will also verify the primary proxy address is not already used.
#With set-aduser you can alter almost any attribute of the user.
$theOU = read-host "Enter the OU name"
$Surname = read-Host "Enter the surname"
$GivenName = read-host "Enter first name"
$DisplayName = "$Surname, $GivenName"
$Password = "P@$$word1"
$name = $GivenName.substring(0,1)+$Surname
$proxyaddress = read-host "Enter the email address in full"
Import-Module activedirectory
# import-module servermanager
#Edit the SearchBase to match your organization
$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
[b][u]while (Get-ADuser -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress})
{
$proxyaddress = read-host "$proxyaddress is already in use, please try another one"
}
Write-Host "$proxyaddress is not used yet."[/u][/b]
#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"
#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"
#Edit your locations if you choose to use this part
Switch ($Office) {
"Michigan" {
$Street = "525 South Coldwater Rd."
$City = "Weidman"
$State = "Michigan"
$Zip = "48898"
$scriptpath = "\\domain\netlogon\milogin1.bat"
}
"Mississippi" {
$Street = "1055 Mendell Davis Dr."
$City = "Jackson"
$State = "Mississippi"
$Zip = "39272"
$scriptpath = "\\domain\netlogon\adlogin.bat"
}
"Oklahoma" {
$Street = "4650 54th Street Maip Building 601"
$City = "Pryor"
$State = "Oklahoma"
$Zip = "74361"
$scriptpath = "\\domain\netlogon\oklogin.bat"
}
"Georgia" {
$Street = "2016 Gees Mill Rd. NE"
$City = "Conyers"
$State = "Georgia"
$Zip = "30013"
}
}
$department = read-host "Enter the users Department"
New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"
set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}
get-aduser $name
pause
Enter the OU name: Engineering
Enter the surname: Smith
Enter first name: Michelle
Enter the email address in full: msmith@unifiedbrands.net
msmith@unifiedbrands.net is not used yet.
Enter persons description: Design Engineer
Enter the Job Title: Design Engineer
Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote: M
ichigan
Enter the users Department: Engineering
set-aduser : Insufficient access rights to perform the operation
At D:\Users\bhart.DIFC\Dropbox\Scripts\Create-NewADUserO365.ps1:76 char:1
+ set-aduser $name -emailaddress $proxyaddress -Description $Description
-Title $j ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : NotSpecified: (MSmith:ADUser) [Set-ADUser], ADEx
ception
+ FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirec
tory.Management.Commands.SetADUser
DistinguishedName : CN=Smith\, Mike,OU=Technical
Services,OU=Employees,OU=People,DC=DIFC,DC=root01,DC=org
Enabled : True
GivenName : Mike
Name : Smith, Mike
ObjectClass : user
ObjectGUID : 07e0e821-15df-42b4-b556-65b812b1cbd6
SamAccountName : msmith
SID : S-1-5-21-3552876221-1377390008-3480628798-6865
Surname : Smith
UserPrincipalName : msmith@unifiedbrands.net
Press Enter to continue...:
That's not correct Jeremy.. the script creates the user just fine as I used it this morning to create a different new user account.I never said it wouldn't.
The one in question didn't fail on creation becaue of a matching proxyaddress but because of a username conflict.This is exactly my point. The proxyaddress is not a good check because you didn't check to see if the SAMAccountName (username), UPN, or DN conflicts. Those have to be unique and the proxy address check won't tell you that.
Insufficient access rights to perform the operationThis does mean there's a permissions issue. If it was a conflict you would get:
The specified account already exists
PS C:\> d:
PS D:\users\bhart.difc\desktop> cd ..
PS D:\users\bhart.difc> cd dropbox
PS D:\users\bhart.difc\dropbox> cd scripts
PS D:\users\bhart.difc\dropbox\scripts> .\Create_New_AD_user_O365.ps1
Enter the OU name: Engineering
Enter the surname: Smith
Enter first name: Michelle
Enter the proxy address in full: msmith@unifiedbrands.net
msmith@unifiedbrands.net is not used yet.
Enter persons description: Design Engineer
Enter the Job Title: Design Engineer
Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote: Michigan
Enter the users Department: Engineering
New-ADUser : The specified account already exists
At D:\users\bhart.difc\dropbox\scripts\Create_New_AD_user_O365.ps1:77 char:1
+ New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $Di ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceExists: (CN=Smith\, Mich...C=root01,DC=org:String) [New-ADUser], ADIdentityAlrea
dyExistsException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1316,Microsoft.ActiveDirectory.Management.Commands.NewADUser
DistinguishedName : CN=Smith\, Mike,OU=Technical Services,OU=Employees,OU=People,DC=DIFC,DC=root01,DC=org
Enabled : True
GivenName : Mike
Name : Smith, Mike
ObjectClass : user
ObjectGUID : 07e0e821-15df-42b4-b556-65b812b1cbd6
SamAccountName : msmith
SID : S-1-5-21-3552876221-1377390008-3480628798-6865
Surname : Smith
UserPrincipalName : msmith@unifiedbrands.net
function Gather-UniqueInfo {
$Surname = read-Host "Enter the surname"
$GivenName = read-host "Enter first name"
$DisplayName = "$Surname, $GivenName"
$proxyaddress = read-host "Enter the email address in full"
$name = $GivenName.substring(0,1)+$Surname
If(Get-ADUser -Filter {userprincipalname -eq $proxyaddress}){
Write-Host "$proxyaddress already exists. Please enter another address"
Gather-UniqueInfo
}
}
Gather-UniqueInfo
$theOU = read-host "Enter the OU name"
$Password = 'P@$$word1'
Import-Module activedirectory
# import-module servermanager
#Edit the SearchBase to match your organization
$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
[b][u]while (Get-ADuser -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress})
{
$proxyaddress = read-host "$proxyaddress is already in use, please try another one"
}
Write-Host "$proxyaddress is not used yet."[/u][/b]
#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"
#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"
#Edit your locations if you choose to use this part
Switch ($Office) {
"Michigan" {
$Street = "525 South Coldwater Rd."
$City = "Weidman"
$State = "Michigan"
$Zip = "48898"
$scriptpath = "\\domain\netlogon\milogin1.bat"
}
"Mississippi" {
$Street = "1055 Mendell Davis Dr."
$City = "Jackson"
$State = "Mississippi"
$Zip = "39272"
$scriptpath = "\\domain\netlogon\adlogin.bat"
}
"Oklahoma" {
$Street = "4650 54th Street Maip Building 601"
$City = "Pryor"
$State = "Oklahoma"
$Zip = "74361"
$scriptpath = "\\domain\netlogon\oklogin.bat"
}
"Georgia" {
$Street = "2016 Gees Mill Rd. NE"
$City = "Conyers"
$State = "Georgia"
$Zip = "30013"
}
}
$department = read-host "Enter the users Department"
New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"
set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}
get-aduser $name
pause
Can you post the error?