0 votes

Hi Adaxes,

I'm struggling to create an AD user in Adaxes via PowerShell, here's part of the script I have, the user information is coming from a REST API query

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the Organizational Unit
$parent = $admService.OpenObject("Adaxes://OU=New Starters,OU=Users,DC=domain,DC=com",
    $NULL, $NULL, 0)

$manager = ""
$manager = $result.ReportsToEmployeeId.DisplayValue.Trim().ToString()
$manager = get-admuser -filter {employeeID -eq $manager}

$Context.LogMessage("Name: $($result.FirstName.DisplayValue).$($result.LastName.DisplayValue)", "Information")
$Context.LogMessage("Company: $($result.Company.DisplayValue)", "Information")
$Context.LogMessage("Department: $($result.Department.DisplayValue)", "Information")
$Context.LogMessage("DisplayName: $($result.FirstName.DisplayValue) $($result.LastName.DisplayValue)", "Information")
$Context.LogMessage("EmployeeID: $($result.EmployeeId.DisplayValue)", "Information")
$Context.LogMessage("GivenName: $($result.FirstName.DisplayValue)", "Information")
$Context.LogMessage("Manager: $($manager.UserPrincipalName)", "Information")
$Context.LogMessage("Office: $($result.Location.DisplayValue)", "Information")
$Context.LogMessage("EmployeeType: $($result.EmployeeType.DisplayValue)", "Information")
$Context.LogMessage("SamAccountName: $($result.FirstName.DisplayValue).$($result.LastName.DisplayValue)", "Information")
$Context.LogMessage("Title: $($result.JobRole.DisplayValue)", "Information")
$Context.LogMessage("UserPrincipalName: $($result.FirstName.DisplayValue).$($result.LastName.DisplayValue)@Quantadt.com", "Information")
$Context.LogMessage("Email: $($result.EmailId.DisplayValue)", "Information")
$Context.LogMessage("", "Information")

# Create a new user object (PowerShell)
New-AdmUser -Name "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())" `
-Company "$($result.Company.DisplayValue)" `
-Department "$($result.Department.DisplayValue)" `
-DisplayName "$($result.FirstName.DisplayValue) $($result.LastName.DisplayValue)" `
-EmployeeID "$($result.EmployeeId.DisplayValue)" `
-GivenName "$($result.FirstName.DisplayValue)" `
-Manager $manager `
-Office "$($result.Location.DisplayValue)" `
-OtherAttributes @{'EmployeeType'="$($result.EmployeeType.DisplayValue)"} `
-Path "OU=New Starters,OU=QFSUsers,DC=uk,DC=quantafs" `
-Surname "$($result.LastName.DisplayValue)" `
-Title "$($result.JobRole.DisplayValue)" `
-SamAccountName "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())" `
-UserPrincipalName "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())@Quantadt.com"


# Create a new user object (ADSI)
$user = $parent.Create("user", "$($result.FirstName.DisplayValue.Trim().ToString()) $($result.LastName.DisplayValue.Trim().ToString())")
$user.Put("Company", "$($result.Company.DisplayValue)")
$user.Put("DisplayName", "$($result.FirstName.DisplayValue) $($result.LastName.DisplayValue)")
$user.Put("EmployeeID", "$($result.EmployeeID.DisplayValue)")
$user.Put("givenName", "$($result.FirstName.DisplayValue)")
$user.Put("Manager", "$($manager.DistinguishedName)")
$user.Put("Office", "$($result.Location.DisplayValue)")
$user.Put("EmployeeType", "$($result.EmployeeType.DisplayValue)")
$user.Put("sn", "$($result.LastName.DisplayValue)")
$user.Put("sAMAccountName", "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())")
$user.Put("Title", "$($result.JobRole.DisplayValue)")
$user.Put("UserPrincipalName", "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())@Quantadt.com")

# Save the user account to the directory
$user.SetInfo()

Here's the output I get from the logs

Name: Joe.Bloggs
Company: Example
Department: Example Department
DisplayName: Joe Bloggs
EmployeeID: 12345
GivenName: Joe
Manager: jane.bloggs@example.com
Office: Headquarters
EmployeeType: Employee
SamAccountName: Joe.Bloggs
Title: Manager
UserPrincipalName: joe.bloggs@example.com
Email: joebloggs@outlook.com

An error occurred when creating user 'Joe Bloggs'. Error: Exception calling "SetInfo" with "0" argument(s): "DN 'Joe Bloggs,OU=New Starters,OU=Users,DC=domain,DC=com' is invalid."

I also tried removing all the information being provided by the API by just running the below and that gave the same error:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the Organizational Unit
$parent = $admService.OpenObject("Adaxes://OU=New Starters,OU=Users,DC=domain,DC=com",
    $NULL, $NULL, 0
 # Create a new user object (ADSI)
$user = $parent.Create("user", "Joe Bloggs")

I've checked the OU and there's no property patterns applied (was thinking there were some requirements)

by (260 points)

1 Answer

0 votes
by (289k points)

Hello Richard,

The issue occurs because you are specifying the second parameter of the Create method incorrectly. It must be an RDN of the user (e.g. CN=John Smith), not just their name. For the script to work, replace this line in your script

$user = $parent.Create("user", "$($result.FirstName.DisplayValue.Trim().ToString()) $($result.LastName.DisplayValue.Trim().ToString())")

with the following one:

$user = $parent.Create("user", "CN=$($result.FirstName.DisplayValue.Trim().ToString()) $($result.LastName.DisplayValue.Trim().ToString())")

As we can see, the script is executed in Adaxes. In such cases, you do not need to load the assembly and connect to Adaxes service. The following article should be helpful: https://adaxes.com/sdk/ServerSideScripting.

0

Thanks for you help, makes sense. I've replaced that line and removed the initial connection to the Adaxes service as suggested but I now get the following:

An error occurred when creating user 'Joe Bloggs'. Error: Exception calling "SetInfo" with "0" argument(s): "The parameter is incorrect. (Server: domain.com)"

I've replaced our actual domain name with domain.com, the domain specified in the actual error is correct.

0

Hello Richard,

The error occurs because one of the property values passed for user creation is incorrect. It looks to be the value of the Manager property. Make sure that you pass a valid distinguished name to it.

Also, your script seems to create the same user twice. You need to keep the part using the Create method or the one using the New-AdmUser cmdlet.

0

Thanks for your help again,

Looks like the issue was the $user.Put("Office", "$($result.Location.DisplayValue)") the Office attribute name is physicalDeliveryOfficeName, I had just assumed the attribute name based on the New-AdmUser cmdlet.

Related questions

0 votes
1 answer

For creating a computer object, we want to check if the entered CN is already used in our AD. And for that we want to use a powershell script. An other dot ... powershell script should be start before creating the computer object, right? Thanks for your help.

asked Jun 4 by KEME (80 points)
0 votes
1 answer

I would like to set the Hire Date of a user to the CustomAttributeDate2. Using your script to create users from a csv file. I have tried "Hire Date" = " ... for me to get that data into the customAttribute in adaxes? Add something to the script.

asked Jan 10, 2023 by mightycabal (1.0k points)
0 votes
1 answer

This script description says it can find the manager via FullName Distinguished name or Display name. Wondering if we can change it to use employeeID or SamAccountName.

asked Oct 24, 2022 by mightycabal (1.0k points)
0 votes
1 answer

I am experimenting with the new REST api. From our HR system, we will be receiving a user's manager represented as their email address. We will pass that (manager email ... an email address for the manager of a new hire? Any advice and details appreciated.

asked Mar 5, 2021 by techg (320 points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (290 points)
3,549 questions
3,240 answers
8,232 comments
547,814 users