Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.
Powershell - Code help request
I have an existing posh script that's been working now I thought for a year. However one step of it appears to be working but is not.. that's what Im wanting help with.
SO here's the script:
The bold and underlined section is what is not working. It should be checking to see if an smtp address is already in use, if so not letting me continue on, however yesterday was the first tie I had cause to create a domain user who would match an existing smtp address, but the script told me everything was fine and let me continue on. It wasn't until the end where the New-Aduser came into play where it actually generated an error.
SO here's the script:
#Create-NewADUserO365.ps1
#3/3/15 Benjamin Hart, Unified Brands, Inc
#Created with Powershell ISE
#This powershell script will create a domain user object using a format of lastname, firstname, a SAM of first initial + last name
#It will also populate displayname, a default password, office and both proxyaddresses, the primary as used in your org and the
#Dover required O365 one. It will also verify the primary proxy address is not already used.
#With set-aduser you can alter almost any attribute of the user.
$theOU = read-host "Enter the OU name"
$Surname = read-Host "Enter the surname"
$GivenName = read-host "Enter first name"
$DisplayName = "$Surname, $GivenName"
$Password = "P@$$word1"
$name = $GivenName.substring(0,1)+$Surname
$proxyaddress = read-host "Enter the email address in full"
Import-Module activedirectory
# import-module servermanager
#Edit the SearchBase to match your organization
$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
[b][u]while (Get-ADuser -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress})
{
$proxyaddress = read-host "$proxyaddress is already in use, please try another one"
}
Write-Host "$proxyaddress is not used yet."[/u][/b]
#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"
#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"
#Edit your locations if you choose to use this part
Switch ($Office) {
"Michigan" {
$Street = "525 South Coldwater Rd."
$City = "Weidman"
$State = "Michigan"
$Zip = "48898"
$scriptpath = "\\domain\netlogon\milogin1.bat"
}
"Mississippi" {
$Street = "1055 Mendell Davis Dr."
$City = "Jackson"
$State = "Mississippi"
$Zip = "39272"
$scriptpath = "\\domain\netlogon\adlogin.bat"
}
"Oklahoma" {
$Street = "4650 54th Street Maip Building 601"
$City = "Pryor"
$State = "Oklahoma"
$Zip = "74361"
$scriptpath = "\\domain\netlogon\oklogin.bat"
}
"Georgia" {
$Street = "2016 Gees Mill Rd. NE"
$City = "Conyers"
$State = "Georgia"
$Zip = "30013"
}
}
$department = read-host "Enter the users Department"
New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"
set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}
get-aduser $name
pause
The bold and underlined section is what is not working. It should be checking to see if an smtp address is already in use, if so not letting me continue on, however yesterday was the first tie I had cause to create a domain user who would match an existing smtp address, but the script told me everything was fine and let me continue on. It wasn't until the end where the New-Aduser came into play where it actually generated an error.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
One thing is that you're comparing proxy addresses and not samaccount, UPN, or DN. The New-ADUser is failing because of another conflict, not the proxy address. Also, you're only checking email addresses on user accounts. Do any other objects have email addresses that need to be checked? (not that this would cause an error when creating the user)
Can you post the error?
Can you post the error?
That's not correct Jeremy.. the script creates the user just fine as I used it this morning to create a different new user account. The one in question didn't fail on creation becaue of a matching proxyaddress but because of a username conflict. Msmith already exists, but that underlined section of code is supposed to let me know he already exists and not let me create another Msmith.
Of course I know Im missing code to actually halt the script.. but my idea back then was if it tells me $proxyaddress Already Exists then I can stop the script from running and change the values I enter.
Of course I know Im missing code to actually halt the script.. but my idea back then was if it tells me $proxyaddress Already Exists then I can stop the script from running and change the values I enter.
Here's what happenes on the conflict user.
I assume it says I don't have sufficient access rights to create a new domain user account with an identical upn to an existing one.
Enter the OU name: Engineering
Enter the surname: Smith
Enter first name: Michelle
Enter the email address in full: msmith@unifiedbrands.net
msmith@unifiedbrands.net is not used yet.
Enter persons description: Design Engineer
Enter the Job Title: Design Engineer
Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote: M
ichigan
Enter the users Department: Engineering
set-aduser : Insufficient access rights to perform the operation
At D:\Users\bhart.DIFC\Dropbox\Scripts\Create-NewADUserO365.ps1:76 char:1
+ set-aduser $name -emailaddress $proxyaddress -Description $Description
-Title $j ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : NotSpecified: (MSmith:ADUser) [Set-ADUser], ADEx
ception
+ FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirec
tory.Management.Commands.SetADUser
DistinguishedName : CN=Smith\, Mike,OU=Technical
Services,OU=Employees,OU=People,DC=DIFC,DC=root01,DC=org
Enabled : True
GivenName : Mike
Name : Smith, Mike
ObjectClass : user
ObjectGUID : 07e0e821-15df-42b4-b556-65b812b1cbd6
SamAccountName : msmith
SID : S-1-5-21-3552876221-1377390008-3480628798-6865
Surname : Smith
UserPrincipalName : msmith@unifiedbrands.net
Press Enter to continue...:
I assume it says I don't have sufficient access rights to create a new domain user account with an identical upn to an existing one.
That's not correct Jeremy.. the script creates the user just fine as I used it this morning to create a different new user account.I never said it wouldn't.
The one in question didn't fail on creation becaue of a matching proxyaddress but because of a username conflict.This is exactly my point. The proxyaddress is not a good check because you didn't check to see if the SAMAccountName (username), UPN, or DN conflicts. Those have to be unique and the proxy address check won't tell you that.
That's my main goal though.. I must not have any identical proxyaddresses in our O365 tenant. So checking the UPN really doesn't help me unless I check both the UPN and the proxyaddress. Honestly I'd like for it just to say "Hey there's an existing proxyaddress with this value.. change it" In changing the proxyaddress in our domain means also changing the UPN as well.
Insufficient access rights to perform the operationThis does mean there's a permissions issue. If it was a conflict you would get:
The specified account already exists
OK IDK WTH is going on here lately but my account has delegated rights to the People ou to create user accounts. But I just ran it as domain admin and yes I get the account already exists. Like I said IDk what's going on here because I literally created a new account this same way I've been using for a year now. UGh.
So yeah back to my original question.. The script is still ignoring the fact that this proxyaddress already exists.
So yeah back to my original question.. The script is still ignoring the fact that this proxyaddress already exists.
PS C:\> d:
PS D:\users\bhart.difc\desktop> cd ..
PS D:\users\bhart.difc> cd dropbox
PS D:\users\bhart.difc\dropbox> cd scripts
PS D:\users\bhart.difc\dropbox\scripts> .\Create_New_AD_user_O365.ps1
Enter the OU name: Engineering
Enter the surname: Smith
Enter first name: Michelle
Enter the proxy address in full: msmith@unifiedbrands.net
msmith@unifiedbrands.net is not used yet.
Enter persons description: Design Engineer
Enter the Job Title: Design Engineer
Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote: Michigan
Enter the users Department: Engineering
New-ADUser : The specified account already exists
At D:\users\bhart.difc\dropbox\scripts\Create_New_AD_user_O365.ps1:77 char:1
+ New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $Di ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceExists: (CN=Smith\, Mich...C=root01,DC=org:String) [New-ADUser], ADIdentityAlrea
dyExistsException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1316,Microsoft.ActiveDirectory.Management.Commands.NewADUser
DistinguishedName : CN=Smith\, Mike,OU=Technical Services,OU=Employees,OU=People,DC=DIFC,DC=root01,DC=org
Enabled : True
GivenName : Mike
Name : Smith, Mike
ObjectClass : user
ObjectGUID : 07e0e821-15df-42b4-b556-65b812b1cbd6
SamAccountName : msmith
SID : S-1-5-21-3552876221-1377390008-3480628798-6865
Surname : Smith
UserPrincipalName : msmith@unifiedbrands.net
OK, maybe this.
function Gather-UniqueInfo {
$Surname = read-Host "Enter the surname"
$GivenName = read-host "Enter first name"
$DisplayName = "$Surname, $GivenName"
$proxyaddress = read-host "Enter the email address in full"
$name = $GivenName.substring(0,1)+$Surname
If(Get-ADUser -Filter {userprincipalname -eq $proxyaddress}){
Write-Host "$proxyaddress already exists. Please enter another address"
Gather-UniqueInfo
}
}
Gather-UniqueInfo
$theOU = read-host "Enter the OU name"
$Password = 'P@$$word1'
Import-Module activedirectory
# import-module servermanager
#Edit the SearchBase to match your organization
$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
[b][u]while (Get-ADuser -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress})
{
$proxyaddress = read-host "$proxyaddress is already in use, please try another one"
}
Write-Host "$proxyaddress is not used yet."[/u][/b]
#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"
#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"
#Edit your locations if you choose to use this part
Switch ($Office) {
"Michigan" {
$Street = "525 South Coldwater Rd."
$City = "Weidman"
$State = "Michigan"
$Zip = "48898"
$scriptpath = "\\domain\netlogon\milogin1.bat"
}
"Mississippi" {
$Street = "1055 Mendell Davis Dr."
$City = "Jackson"
$State = "Mississippi"
$Zip = "39272"
$scriptpath = "\\domain\netlogon\adlogin.bat"
}
"Oklahoma" {
$Street = "4650 54th Street Maip Building 601"
$City = "Pryor"
$State = "Oklahoma"
$Zip = "74361"
$scriptpath = "\\domain\netlogon\oklogin.bat"
}
"Georgia" {
$Street = "2016 Gees Mill Rd. NE"
$City = "Conyers"
$State = "Georgia"
$Zip = "30013"
}
}
$department = read-host "Enter the users Department"
New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"
set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}
get-aduser $name
pause
Oops, forgot to clean up somethings:
function Gather-UniqueInfo {
$Surname = read-Host "Enter the surname"
$GivenName = read-host "Enter first name"
$DisplayName = "$Surname, $GivenName"
$proxyaddress = read-host "Enter the email address in full"
$name = $GivenName.substring(0,1)+$Surname
If(Get-ADUser -Filter {userprincipalname -eq $proxyaddress}){
Write-Host "$proxyaddress already exists. Please enter different info"
Gather-UniqueInfo
}
}
Gather-UniqueInfo
$theOU = read-host "Enter the OU name"
$Password = 'P@$$word1'
Import-Module activedirectory
# import-module servermanager
#Edit the SearchBase to match your organization
$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=DIFC,DC=Root01,DC=org'
#Edit the below to match your domain(s)
$DoverProxyAddress = "$("smtp:")$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@dover.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"
#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"
#Edit your locations if you choose to use this part
Switch ($Office) {
"Michigan" {
$Street = "525 South Coldwater Rd."
$City = "Weidman"
$State = "Michigan"
$Zip = "48898"
$scriptpath = "\\domain\netlogon\milogin1.bat"
}
"Mississippi" {
$Street = "1055 Mendell Davis Dr."
$City = "Jackson"
$State = "Mississippi"
$Zip = "39272"
$scriptpath = "\\domain\netlogon\adlogin.bat"
}
"Oklahoma" {
$Street = "4650 54th Street Maip Building 601"
$City = "Pryor"
$State = "Oklahoma"
$Zip = "74361"
$scriptpath = "\\domain\netlogon\oklogin.bat"
}
"Georgia" {
$Street = "2016 Gees Mill Rd. NE"
$City = "Conyers"
$State = "Georgia"
$Zip = "30013"
}
}
$department = read-host "Enter the users Department"
New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -StreetAddress $Street -city $city -state $state -PostalCode $zip -UserPrincipalName $proxyaddress -ScriptPath $scriptpath -Department $department -Company "Unified Brands, Inc" -Country "US"
set-aduser $name -add @{proxyaddresses = "$("SMTP:")$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = "$doverproxyaddress"}
get-aduser $name
pause
The issue with your check of the proxyAddresses is that those are not exactly in an email address format like "user@domain.com". Instead they are like "SMTP:user@domain.com". So your -contains comparison is never going to match. You could try this.
Get-ADuser -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains "smtp:$proxyaddress"}
Premium Content
You need an Expert Office subscription to comment.Start Free Trial