Link to home
Start Free TrialLog in
Avatar of Ben Hart
Ben HartFlag for United States of America

asked on

Powershell - Script weirdness

So I have the code below, generated a couple years back with help from the EE community.  However it's acting weird.. I'm trying to convert this into an EXE for distribution to the rest of the IT department.  If I run the code from within the ISE it performs exactly as it should... completing 100% successfully.
However if I run the converted (ps2exe.ps1) executable it completes successfully but never populates a few specific attributes: streetaddress, city, zip and scriptpath.  Also if I call the new_user.ps1 from a Powershell window (opened as admin) it does the exact same thing.  Performs all functions except the streetaddress, city, zip and scriptpath.


#Create-NewADUserO365.ps1
#3/3/15 Benjamin Hart, Unified Brands, Inc
#Created with Powershell ISE
#This powershell script will create a domain user object using a format of lastname, firstname, a SAM of first initial + last name
#It will also populate displayname, a default password, office and both proxyaddresses, the primary as used in your org and the 
#Dover required O365 one.  It will also verify the primary proxy address is not already used.
#With set-aduser you can alter almost any attribute of the user.

$theOU = read-host "Enter the OU name"
$Surname = read-Host "Enter the surname"
$GivenName = read-host "Enter first name"
$DisplayName = "$Surname, $GivenName"
$Password = "December1"
$name = $GivenName.substring(0,1)+$Surname
$proxyaddress = read-host "Enter the proxy address in full"


Import-Module activedirectory
import-module servermanager



	#Edit the SearchBase to match your organization
	$myOU = Get-AdOrganizationalUnit -Filter "Name -eq '$theOU'" -Searchbase 'OU=People,DC=Domain,DC=Root01,DC=org'
	
#Below verifies the Proxyaddress is not already present	
Get-ADuser  -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress}
	$found=Get-ADuser  -filter * -Properties ProxyAddresses|
     Where-Object{
        $_.proxyaddresses | 
             Where-Object{ $_ -eq $ProxyAddress }}

while (Get-ADuser  -filter * -Properties ProxyAddresses|?{$_.proxyaddresses -contains $proxyaddress})
{
  $proxyaddress = read-host "$proxyaddress is already in use, please try another one"
}
Write-Host "$proxyaddress is not used yet."

#Edit your locations if you choose to use this part
Switch ($Office)  {
    "Michigan" {
        $Street = "123 Main st"
        $City = "Weidman"
        $State = "Michigan"
        $Zip = "48898"
        $scriptpath = "\\difc\netlogon\milogin1.bat"
}
    "Mississippi"  {
        $Street = "123 Main st"
        $City = "Jackson"
        $State = "Mississippi"
        $Zip = "39272"
        $scriptpath = "\\difc\netlogon\adlogin.bat"
        }
    "Oklahoma"  {
        $Street = "123 Main st"
        $City = "Pryor"
        $State = "Oklahoma"
        $Zip = "74361"
        $scriptpath = "\\difc\netlogon\oklogin.bat"
        }
    "Georgia"  {
        $Street = "123 Main st"
        $City = "Conyers"
        $State = "Georgia"
        $Zip = "30013"
}
}
#Edit the below to match your domain(s)
$DoverProxyAddress = "$($givenname.substring(0,1))$surname-$("unifiedbrands")-$("net")@company.mail.onmicrosoft.com"
$Description = read-host "Enter persons description"
$jobtitle = read-host "Enter the Job Title"
#Edit the below to match your locations
$office = read-host "Enter the user's location, Michigan, Mississippi, Georgia, Oklahoma or Remote"
$department = read-host "Enter the users Department"

New-ADUser -path $myOU -samaccountname $name -name $displayname -DisplayName $DisplayName -Surname $Surname -givenname $givenname -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -force) -enabled:$false
set-aduser $name -emailaddress $proxyaddress -Description $Description -Title $jobtitle -Office $office -UserPrincipalName $proxyaddress -Department $department -Company "Company, Inc"
set-aduser $name -StreetAddress $Street -city $city -state $state -PostalCode $zip
set-aduser $name -ScriptPath $scriptpath 
Set-ADUser $name -Replace @{employeeType="EMPLOYEE"}
set-aduser $name -add @{proxyaddresses = ("SMTP:")+"$proxyaddress"}
set-aduser $name -add @{ProxyAddresses = ("smtp:")+"$doverproxyaddress"}

 	
get-aduser $name 

Open in new window

Avatar of Ben Hart
Ben Hart
Flag of United States of America image

ASKER

Oh to help clarify too, I've used the same domain account running the script in both formats. The account used has domain admin rights.
Avatar of FOX
For lines 79 and 80 you want the command to run against the samaccountname .  You have the command running against your $name variable which consists of your first name and last name.  If you run the command in powershell by itself inputting a first and last name it will not work.  If you run the command in powershell using the username or samaccountname it will edit the properties of the city, street, and postalcode.
Maybe in line 16 you want to add  $samaccountname = read-host "Enter the username"
Then in lines 79 and 80 you put set-aduser $samaccountname

Try that
Disregard.  I just realized your $name variable is the samaccountname
Heh I was just about to comment lol.  Yeah I am specifying our Samaccountname in the New-Aduser line (77).
I believe I've seen some issues when modifying attributes right after the account is created (though it might have been creating a mailbox).  Put a Start-Sleep for a few seconds right after line 77 and see if it fixes it.  If so you can play with the time to see what the minimum is.
I added 15 and 30 second sleep-times.  The info still didn't appear.  But since you mentioned that Foo, it happens when I run the code within ISE.. I have to give ADUC about 30-45 seconds before everything populates. This exe business though.. I need to get this ps1 into a more usable format by helpdesk level folks, besides that I don't want them having the source.
Ben, are these Office 365 users?
Sort of.. it's Exchange Online DirSYnc'ing from on-premise AD. We do not create users in 365.
The command may be different then.  For lines 79 and 80, try set-user $username

ref link:
https://community.office365.com/en-us/f/613/t/200717
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Foxluv - With DirSynced users, just about everything is done on the on-premise AD.  You won't use Exchange cmdlets here.
Thanks guys, Foo I separated out all the set-aduser cmdlets to help in troubleshooting. What grinds me gears in this scenario is that subsequent changes are applied, like setting the employeetype and the proxyaddresses work.. but street/city/zip which is BEFORE the employeetype is not set.  This is bugging me to no end.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It appears that putting it all into the New-ADUser command worked.  I don't really have an explanation for the issue, but I would suspect it's something to do with timing.
Bad thing is.. it WAS working prior to me trying to create an EXE then I discovered the fault.
Footech provided the help pointing to combining all the set-aduser cmdlets into the new-aduser but I also re-org'd the array which helped it run w/o error after converting to EXE.