
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-25-2022 06:35 AM
import-module activedirectory;
<# WriteLog function
Used for debugging
#>
$Logfile = "C:\ServiceNow\dc1snmid01dev1\agent\scripts\PowerShell\ad_spoke.log"
function WriteLog
{
Param ([string]$LogString)
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
$LogMessage = "$Stamp $LogString"
Add-content $LogFile -value $LogMessage
}
#----------------------
WriteLog "The script is running"
# replacing characters %27 with tick mark (')
$samaccountname = $samaccountname -replace "%27","'";
WriteLog "samaccountname: $samaccountname"
#Checking to make sure the SamAccountName length is good enough
# must be at least 2 characters and no more than 20
if ($samaccountname.length -lt 2) {
WriteLog "Input length too small: $samaccountname"
Write-Host "Input length too small";
exit;
};
if ($samaccountname.length -gt 20) {
WriteLog "Input length exceeded $samaccountname"
Write-Host "Input length exceeded";
exit;
};
#-----------------------
$GivenName = $GivenName -replace "%27","'";
WriteLog "GivenName: $GivenName"
$Surname = $Surname -replace "%27","'";
WriteLog "Surname: $Surname"
$DisplayName = $DisplayName -replace "%27","'";
WriteLog "DisplayName: $DisplayName"
$EmailAddress = $EmailAddress -replace "%27","'";
WriteLog "EmailAddress: $EmailAddress"
$UserPrincipalName = $UserPrincipalName -replace "%27","'";
WriteLog "UserPrincipalName: $UserPrincipalName"
$Title = $Title -replace "%27","'";
WriteLog "Title: $Title"
$Department = $Department -replace "%27","'";
WriteLog "Department: $Department"
$employeeid = $employeeid -replace "%27","'";
WriteLog "employeeID: $employeeid"
$hrid = $hrid -replace "%27","'";
WriteLog "hrID: $hrid"
$Office = $Office -replace "%27","'";
WriteLog "Office: $Office"
# Manager is the samaccountname of the manager
$manager = $manager -replace "%27","'";
WriteLog "Manager: $manager"
#$ManagerDN = (Get-ADUser -Identity $manager).distinguishedName
#WriteLog "Manager DN: $ManagerDN"
#------------------------------
$Password = $Password -replace "%27","'";
if ($Password) {
$pwrd = $Password | ConvertTo-SecureString -AsPlainText -Force
}
#------------------------------
#Hard-coded values
$path = "OU=Users,OU=CFCU-Prod,DC=coastalfcu,DC=org";
$StreetAddress = "1000 St Albans Dr";
$City = "Raleigh";
$State = "NC";
$Country = "US";
$PostalCode = "27609";
$Company = "Coastal Federal Credit Union";
$Description = $Department + " - " + $Title;
WriteLog "Description: $Description"
$enabled = $True;
if ($pwrd) {
$splat = @{
SamAccountName = $samaccountname
AccountPassword = $pwrd
Name = $DisplayName
DisplayName = $DisplayName
GivenName = $GivenName
Surname = $Surname
EmailAddress = $EmailAddress
UserPrincipalName = $UserPrincipalName
MobilePhone = $MobilePhone
Title = $Title
Department = $Department
Company = $Company
StreetAddress = $StreetAddress
City = $City
State = $State
PostalCode = $PostalCode
Country = $Country
Description = $Description
EmployeeID = $employeeid
EmployeeNumber = $hrid
Office = $Office
Path = $path
Credential = $cred
Server = $computer
Enabled = $enabled
ChangePasswordAtLogon = $True
}
New-ADUser @splat -PassThru;
}
else {
$enabled = $False;
$splat = @{
SamAccountName = $samaccountname
Name = $DisplayName
DisplayName = $DisplayName
GivenName = $GivenName
Surname = $Surname
EmailAddress = $EmailAddress
UserPrincipalName = $UserPrincipalName
MobilePhone = $MobilePhone
Title = $Title
Department = $Department
Company = $Company
StreetAddress = $StreetAddress
City = $City
State = $State
PostalCode = $PostalCode
Country = $Country
Description = $Description
EmployeeID = $employeeid
EmployeeNumber = $hrid
Office = $Office
Path = $path
Credential = $cred
Server = $computer
Enabled = $enabled
ChangePasswordAtLogon = $True
}
New-ADUser @splat -PassThru;
}
#Set the manager
#Set-ADUser -Identity $samaccountname -Manager = $ManagerDN
Get-ADUser -Filter {SamAccountName -eq $samaccountname} -Properties Manager,SamAccountName -SearchBase "DC=coastalfcu,DC=org" | Set-ADUser -Manager $manager
I am still learning Powershell, so excuse my ignorance. I have tried this using the SamAccountName and the Distinguished Name. Nothing seems to work. The user is created in AD, but the manager is blank. What am I doing wrong??? I am writing the values to a log file to make sure that I have values and the Manager comes in as a SamAccountName and that SamAccountName does exist in AD.
And I get the following error in the Subflow:
Directory object not found
HRESULT: [-2146233088]
Stack Trace: at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForExtendedError(String extendedErrorMessage, Exception innerException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForErrorCode(String message, String errorCode, String extendedErrorMessage, Exception innerException)
at Microsoft.ActiveDi...
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 12:17 PM
I figured this out finally. I finally got the manager field to show up in the Powershell. I moved it back into the splat and viola it worked.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 12:17 PM
I figured this out finally. I finally got the manager field to show up in the Powershell. I moved it back into the splat and viola it worked.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2022 09:41 PM
I am using a similar setup however, in my case, a few flags to New-ADUser command are still throwing error related to SecureString or Boolean data type and these options causing errors are :
-AccountPassword $AccountPassword
-Enabled $True
-ChangePasswordAtLogon $True
Did they work in your case without any error? Or needed a fix?
PS: I am using 'Run on MID Server...." remoting type.