Issues getting Manager attribute to fill in on Microsoft AD Spoke Create User.

cgedney
Giga Guru
import-module activedirectory;

<# WriteLog function
Used for debugging
   #>
$Logfile = "C:\ServiceNow\dc1snmid01dev1\agent\scripts\PowerShell\ad_spoke.log"
function WriteLog
{
Param ([string]$LogString)
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
$LogMessage = "$Stamp $LogString"
Add-content $LogFile -value $LogMessage
}
#----------------------

WriteLog "The script is running"

# replacing characters %27 with tick mark (')
$samaccountname = $samaccountname -replace "%27","'";
WriteLog "samaccountname:  $samaccountname"

#Checking to make sure the SamAccountName length is good enough
# must be at least 2 characters and no more than 20
if ($samaccountname.length -lt 2) {
    WriteLog "Input length too small: $samaccountname"
    Write-Host "Input length too small";
    exit;
};

if ($samaccountname.length -gt 20) {
    WriteLog "Input length exceeded $samaccountname"
    Write-Host "Input length exceeded";
    exit;
};
#-----------------------

$GivenName = $GivenName -replace "%27","'";
WriteLog "GivenName:  $GivenName"

$Surname = $Surname -replace "%27","'";
WriteLog "Surname: $Surname"

$DisplayName = $DisplayName -replace "%27","'";
WriteLog "DisplayName: $DisplayName"

$EmailAddress = $EmailAddress -replace "%27","'";
WriteLog "EmailAddress: $EmailAddress"

$UserPrincipalName = $UserPrincipalName -replace "%27","'";
WriteLog "UserPrincipalName: $UserPrincipalName"

$Title = $Title -replace "%27","'";
WriteLog "Title:  $Title"

$Department = $Department -replace "%27","'";
WriteLog "Department: $Department"

$employeeid = $employeeid -replace "%27","'";
WriteLog "employeeID:  $employeeid"

$hrid = $hrid -replace "%27","'";
WriteLog "hrID: $hrid"

$Office = $Office -replace "%27","'";
WriteLog "Office:  $Office"

# Manager is the samaccountname of the manager
$manager = $manager -replace "%27","'";
WriteLog "Manager:  $manager"

#$ManagerDN = (Get-ADUser -Identity $manager).distinguishedName
#WriteLog "Manager DN: $ManagerDN"
#------------------------------

$Password = $Password -replace "%27","'";

if ($Password) {
    $pwrd = $Password  | ConvertTo-SecureString -AsPlainText  -Force
}
#------------------------------

#Hard-coded values
$path = "OU=Users,OU=CFCU-Prod,DC=coastalfcu,DC=org";
$StreetAddress = "1000 St Albans Dr";
$City = "Raleigh";
$State = "NC";
$Country = "US";
$PostalCode = "27609";
$Company = "Coastal Federal Credit Union";
$Description = $Department + " - " + $Title;
WriteLog "Description: $Description"
$enabled = $True;

if ($pwrd) {
    $splat = @{
        SamAccountName = $samaccountname
        AccountPassword = $pwrd
        Name = $DisplayName
        DisplayName = $DisplayName
        GivenName = $GivenName
        Surname = $Surname
        EmailAddress = $EmailAddress
        UserPrincipalName = $UserPrincipalName
        MobilePhone = $MobilePhone
        Title = $Title
        Department = $Department
        Company = $Company
        StreetAddress = $StreetAddress
        City = $City
        State = $State
        PostalCode = $PostalCode
        Country = $Country
        Description = $Description
        EmployeeID = $employeeid
        EmployeeNumber = $hrid
        Office = $Office
        Path = $path
        Credential = $cred
        Server = $computer
        Enabled = $enabled
        ChangePasswordAtLogon = $True
    }
    New-ADUser @splat -PassThru;
}
else {
    $enabled = $False;
    $splat = @{
        SamAccountName = $samaccountname
        Name = $DisplayName
        DisplayName = $DisplayName
        GivenName = $GivenName
        Surname = $Surname
        EmailAddress = $EmailAddress
        UserPrincipalName = $UserPrincipalName
        MobilePhone = $MobilePhone
        Title = $Title
        Department = $Department
        Company = $Company
        StreetAddress = $StreetAddress
        City = $City
        State = $State
        PostalCode = $PostalCode
        Country = $Country
        Description = $Description
        EmployeeID = $employeeid
        EmployeeNumber = $hrid
        Office = $Office
        Path = $path
        Credential = $cred
        Server = $computer
        Enabled = $enabled
        ChangePasswordAtLogon = $True
    }
    New-ADUser @splat -PassThru;
}

#Set the manager
#Set-ADUser -Identity $samaccountname -Manager = $ManagerDN
Get-ADUser -Filter {SamAccountName -eq $samaccountname} -Properties Manager,SamAccountName -SearchBase "DC=coastalfcu,DC=org" | Set-ADUser -Manager $manager

I am still learning Powershell, so excuse my ignorance. I have tried this using the SamAccountName and the Distinguished Name. Nothing seems to work. The user is created in AD, but the manager is blank. What am I doing wrong??? I am writing the values to a log file to make sure that I have values and the Manager comes in as a SamAccountName and that SamAccountName does exist in AD.

And I get the following error in the Subflow:

Directory object not found
HRESULT: [-2146233088]

Stack Trace:    at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForExtendedError(String extendedErrorMessage, Exception innerException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForErrorCode(String message, String errorCode, String extendedErrorMessage, Exception innerException)
at Microsoft.ActiveDi...
1 ACCEPTED SOLUTION

cgedney
Giga Guru

I figured this out finally. I finally got the manager field to show up in the Powershell. I moved it back into the splat and viola it worked.

View solution in original post

2 REPLIES 2

cgedney
Giga Guru

I figured this out finally. I finally got the manager field to show up in the Powershell. I moved it back into the splat and viola it worked.

Rahul29
Tera Contributor

I am using a similar setup however, in my case, a few flags to New-ADUser command are still throwing error related to SecureString or Boolean data type and these options causing errors are : 

-AccountPassword $AccountPassword

-Enabled $True

-ChangePasswordAtLogon $True

Did they work in your case without any error? Or needed a fix?

 

PS: I am using 'Run on MID Server...." remoting type.