Powershell - Code help request

Ben Hart
Ben Hart used Ask the Experts™
on
I have an existing posh script that's been working now I thought for a year.  However one step of it appears to be working but is not.. that's what Im wanting help with.

SO here's the script:

#Create-NewADUserO365.ps1
#3/3/15 Benjamin Hart, Unified Brands, Inc
#Created with Powershell ISE
#This powershell script will create a domain user object using a format of lastname, firstname, a SAM of first initial + last name
#It will also populate displayname, a default password, office and both proxyaddresses, the primary as used in your org and the 
#Dover required O365 one.  It will also verify the primary proxy address is not already used.
#With set-aduser you can alter almost any attribute of the user.

$theOU = read-host "Enter the OU name"
$Surname = read-Host "Enter the surname"
$GivenName = read-host "Enter first name"
$DisplayName = "$Surname, $GivenName"
$Password = "P@$$word1"
$name = $GivenName.substring(0,1)+$Surname
$proxyaddress = read-host "Enter the email address in full"


Import-Module activedirectory
# import-module servermanager



	#Edit the SearchBase to match your organization
	$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
	

[b][u]while (Get-ADuser  -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress})
{
  $proxyaddress = read-host "$proxyaddress is already in use, please try another one"
}
Write-Host "$proxyaddress is not used yet."[/u][/b]


#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"

#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"

#Edit your locations if you choose to use this part
Switch ($Office)  {
    "Michigan" {
        $Street = "525 South Coldwater Rd."
        $City = "Weidman"
        $State = "Michigan"
        $Zip = "48898"
        $scriptpath = "\\domain\netlogon\milogin1.bat"
}
    "Mississippi"  {
        $Street = "1055 Mendell Davis Dr."
        $City = "Jackson"
        $State = "Mississippi"
        $Zip = "39272"
        $scriptpath = "\\domain\netlogon\adlogin.bat"
        }
    "Oklahoma"  {
        $Street = "4650 54th Street Maip Building 601"
        $City = "Pryor"
        $State = "Oklahoma"
        $Zip = "74361"
        $scriptpath = "\\domain\netlogon\oklogin.bat"
        }
    "Georgia"  {
        $Street = "2016 Gees Mill Rd. NE"
        $City = "Conyers"
        $State = "Georgia"
        $Zip = "30013"
}
}

$department = read-host "Enter the users Department"

New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"

set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}

 	
get-aduser $name 


pause

Open in new window


The bold and underlined section is what is not working.  It should be checking to see if an smtp address is already in use, if so not letting me continue on, however yesterday was the first tie I had cause to create a domain user who would match an existing smtp address, but the script told me everything was fine and let me continue on.  It wasn't until the end where the New-Aduser came into play where it actually generated an error.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
One thing is that you're comparing proxy addresses and not samaccount, UPN, or DN. The New-ADUser is failing because of another conflict, not the proxy address. Also, you're only checking email addresses on user accounts. Do any other objects have email addresses that need to be checked? (not that this would cause an error when creating the user)

Can you post the error?

Author

Commented:
That's not correct Jeremy.. the script creates the user just fine as I used it this morning to create a different new user account.  The one in question didn't fail on creation becaue of a matching proxyaddress but because of a username conflict.  Msmith already exists, but that underlined section of code is supposed to let me know he already exists and not let me create another Msmith.
Of course I know Im missing code to actually halt the script.. but my idea back then was if it tells me $proxyaddress Already Exists then I can stop the script from running and change the values I enter.

Author

Commented:
Here's what happenes on the conflict user.

Enter the OU name: Engineering
Enter the surname: Smith
Enter first name: Michelle
Enter the email address in full: msmith@unifiedbrands.net
msmith@unifiedbrands.net is not used yet.
Enter persons description: Design Engineer
Enter the Job Title: Design Engineer
Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote: M
ichigan
Enter the users Department: Engineering

set-aduser : Insufficient access rights to perform the operation
At D:\Users\bhart.DIFC\Dropbox\Scripts\Create-NewADUserO365.ps1:76 char:1
+ set-aduser $name -emailaddress $proxyaddress -Description $Description
-Title $j ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : NotSpecified: (MSmith:ADUser) [Set-ADUser], ADEx
   ception
    + FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirec
   tory.Management.Commands.SetADUser



DistinguishedName : CN=Smith\, Mike,OU=Technical
                    Services,OU=Employees,OU=People,DC=DIFC,DC=root01,DC=org
Enabled           : True
GivenName         : Mike
Name              : Smith, Mike
ObjectClass       : user
ObjectGUID        : 07e0e821-15df-42b4-b556-65b812b1cbd6
SamAccountName    : msmith
SID               : S-1-5-21-3552876221-1377390008-3480628798-6865
Surname           : Smith
UserPrincipalName : msmith@unifiedbrands.net

Press Enter to continue...:

Open in new window


I assume it says I don't have sufficient access rights to create a new domain user account with an identical upn to an existing one.
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
That's not correct Jeremy.. the script creates the user just fine as I used it this morning to create a different new user account.
I never said it wouldn't.

The one in question didn't fail on creation becaue of a matching proxyaddress but because of a username conflict.
This is exactly my point. The proxyaddress is not a good check because you didn't check to see if the SAMAccountName (username), UPN, or DN conflicts. Those have to be unique and the proxy address check won't tell you that.

Author

Commented:
That's my main goal though.. I must not have any identical proxyaddresses in our O365 tenant.  So checking the UPN really doesn't help me unless I check both the UPN and the proxyaddress.  Honestly I'd like for it just to say "Hey there's an existing proxyaddress with this value.. change it"  In changing the proxyaddress in our domain means also changing the UPN as well.
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
Insufficient access rights to perform the operation
This does mean there's a permissions issue. If it was a conflict you would get:
The specified account already exists

Author

Commented:
OK IDK WTH is going on here lately but my account has delegated rights to the People ou to create user accounts.  But I just ran it as domain admin and yes I get the account already exists.  Like I said IDk what's going on here because I literally created a new account this same way I've been using for a year now.  UGh.

So yeah back to my original question.. The script is still ignoring the fact that this proxyaddress already exists.

PS C:\> d:
PS D:\users\bhart.difc\desktop> cd ..
PS D:\users\bhart.difc> cd dropbox
PS D:\users\bhart.difc\dropbox> cd scripts
PS D:\users\bhart.difc\dropbox\scripts> .\Create_New_AD_user_O365.ps1
Enter the OU name: Engineering
Enter the surname: Smith
Enter first name: Michelle
Enter the proxy address in full: msmith@unifiedbrands.net
msmith@unifiedbrands.net is not used yet.
Enter persons description: Design Engineer
Enter the Job Title: Design Engineer
Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote: Michigan
Enter the users Department: Engineering
New-ADUser : The specified account already exists
At D:\users\bhart.difc\dropbox\scripts\Create_New_AD_user_O365.ps1:77 char:1
+ New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $Di ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceExists: (CN=Smith\, Mich...C=root01,DC=org:String) [New-ADUser], ADIdentityAlrea
   dyExistsException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1316,Microsoft.ActiveDirectory.Management.Commands.NewADUser



DistinguishedName : CN=Smith\, Mike,OU=Technical Services,OU=Employees,OU=People,DC=DIFC,DC=root01,DC=org
Enabled           : True
GivenName         : Mike
Name              : Smith, Mike
ObjectClass       : user
ObjectGUID        : 07e0e821-15df-42b4-b556-65b812b1cbd6
SamAccountName    : msmith
SID               : S-1-5-21-3552876221-1377390008-3480628798-6865
Surname           : Smith
UserPrincipalName : msmith@unifiedbrands.net

Open in new window

Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
OK, maybe this.

function Gather-UniqueInfo {
    $Surname = read-Host "Enter the surname"
    $GivenName = read-host "Enter first name"
    $DisplayName = "$Surname, $GivenName"
    $proxyaddress = read-host "Enter the email address in full"
    $name = $GivenName.substring(0,1)+$Surname
    If(Get-ADUser -Filter {userprincipalname -eq $proxyaddress}){
        Write-Host "$proxyaddress already exists. Please enter another address"
        Gather-UniqueInfo
        }
    }


Gather-UniqueInfo
$theOU = read-host "Enter the OU name"
$Password = 'P@$$word1'


Import-Module activedirectory
# import-module servermanager



	#Edit the SearchBase to match your organization
	$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
	

[b][u]while (Get-ADuser  -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress})
{
  $proxyaddress = read-host "$proxyaddress is already in use, please try another one"
}
Write-Host "$proxyaddress is not used yet."[/u][/b]


#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"

#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"

#Edit your locations if you choose to use this part
Switch ($Office)  {
    "Michigan" {
        $Street = "525 South Coldwater Rd."
        $City = "Weidman"
        $State = "Michigan"
        $Zip = "48898"
        $scriptpath = "\\domain\netlogon\milogin1.bat"
}
    "Mississippi"  {
        $Street = "1055 Mendell Davis Dr."
        $City = "Jackson"
        $State = "Mississippi"
        $Zip = "39272"
        $scriptpath = "\\domain\netlogon\adlogin.bat"
        }
    "Oklahoma"  {
        $Street = "4650 54th Street Maip Building 601"
        $City = "Pryor"
        $State = "Oklahoma"
        $Zip = "74361"
        $scriptpath = "\\domain\netlogon\oklogin.bat"
        }
    "Georgia"  {
        $Street = "2016 Gees Mill Rd. NE"
        $City = "Conyers"
        $State = "Georgia"
        $Zip = "30013"
}
}

$department = read-host "Enter the users Department"

New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"

set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}

 	
get-aduser $name 


pause

Open in new window

Jeremy WeisingerSenior Network Consultant / Engineer
Commented:
Oops, forgot to clean up somethings:
function Gather-UniqueInfo {
    $Surname = read-Host "Enter the surname"
    $GivenName = read-host "Enter first name"
    $DisplayName = "$Surname, $GivenName"
    $proxyaddress = read-host "Enter the email address in full"
    $name = $GivenName.substring(0,1)+$Surname
    If(Get-ADUser -Filter {userprincipalname -eq $proxyaddress}){
        Write-Host "$proxyaddress already exists. Please enter different info"
        Gather-UniqueInfo
        }
    }


Gather-UniqueInfo
$theOU = read-host "Enter the OU name"
$Password = 'P@$$word1'


Import-Module activedirectory
# import-module servermanager



	#Edit the SearchBase to match your organization
	$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
	


#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"

#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"

#Edit your locations if you choose to use this part
Switch ($Office)  {
    "Michigan" {
        $Street = "525 South Coldwater Rd."
        $City = "Weidman"
        $State = "Michigan"
        $Zip = "48898"
        $scriptpath = "\\domain\netlogon\milogin1.bat"
}
    "Mississippi"  {
        $Street = "1055 Mendell Davis Dr."
        $City = "Jackson"
        $State = "Mississippi"
        $Zip = "39272"
        $scriptpath = "\\domain\netlogon\adlogin.bat"
        }
    "Oklahoma"  {
        $Street = "4650 54th Street Maip Building 601"
        $City = "Pryor"
        $State = "Oklahoma"
        $Zip = "74361"
        $scriptpath = "\\domain\netlogon\oklogin.bat"
        }
    "Georgia"  {
        $Street = "2016 Gees Mill Rd. NE"
        $City = "Conyers"
        $State = "Georgia"
        $Zip = "30013"
}
}

$department = read-host "Enter the users Department"

New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"

set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}

 	
get-aduser $name 


pause

Open in new window

Top Expert 2014
Commented:
The issue with your check of the proxyAddresses is that those are not exactly in an email address format like "user@domain.com".  Instead they are like "SMTP:user@domain.com".  So your -contains comparison is never going to match.  You could try this.
Get-ADuser  -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains "smtp:$proxyaddress"}

Open in new window

Author

Commented:
Sweet.. both ideas work.  Thanks a bunch fellas.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial