Adaxes

Help needed with two domain user creation

0 votes

We recently added another domain to our environment, when we use the script to create users from a CSV file they are all being created in the first domain instead of the proper one.

Ex. User a works for Acme and their username is a123456 and needs to go to the Acme domain for staging.
User b works for Bozo and their username is b123456 and needs to go to the Bozo domain for staging.

We need to know how the script below can trigger where to create the account domain wise based on attribute we setup. Thinking is company attribute. We do have several trigger after creation but they are specific to certain attributes.

Please advise.

Import-Module Adaxes

$csvFilePath = "\\asp-adadaxes.admi.com\D$\\CSV\ImportedUsers.csv" # TODO: modify me
$accountPasswordColumn = "unicodePwd" # TODO: modify me
$sAMAccountNameColumn = "sAMAccountName" # TODO: modify me

$domainName = $Context.GetObjectDomain("%distinguishedName%")
$importedUsers  = Import-Csv -Path $csvFilePath

foreach ($userFromCSV in $importedUsers)
{
    $userObject = @{}
    $accountPassword = $NULL
    $propertiesToClear = @()
    foreach ($property in $userFromCSV.PSObject.Properties)
    {
        $propertyName = $property.Name
        $value = $property.Value

        if($propertyName -ieq $accountPasswordColumn -and !([System.String]::IsNullOrEmpty($value)))
        {
            $accountPassword = ConvertTo-SecureString -AsPlainText $value -Force
            continue
        }
        elseif ($propertyName -ieq $accountPasswordColumn -and [System.String]::IsNullOrEmpty($value))
        {
            continue
        }

        if ([System.String]::IsNullOrEmpty($value))
        {
            $propertiesToClear += $propertyName
            continue
        }

        if ($value -ieq "True" -or $value -ieq "False")
        {
            $value = [System.Boolean]::Parse($value)
        }

        $userObject.Add($propertyName, $value)
    }

    # Check whether the user exists
    $userExists = Get-AdmUser -Identity $userObject.$sAMAccountNameColumn `
        -AdaxesService localhost -ErrorAction SilentlyContinue -Server $domainName

    if ($userExists -eq $NULL)
    {
        # Build user name
        $displayName = $userObject.GivenName + " " + $userObject.SN # TODO: modify me
        $parameters = @{
            "Path" = "%distinguishedName%"
            "Name" = $displayName;
            "Server" = $domainName;
            "AdaxesService" = "localhost"
            "Enabled" = $True
            "OtherAttributes" = $userObject
            "ErrorAction" = "Stop"
        }

        if (!([System.String]::IsNullOrEmpty($accountPassword)))
        {
            $parameters.Add("AccountPassword", $accountPassword)
        }

        # Create a new user account
        try
        {
            New-AdmUser @parameters
        }
        catch
        {
            $Context.LogMessage("An error occurred when creating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
        continue
    }

    # If user exists, update account
    try
    {
        Set-AdmUser -Identity $userExists.DistinguishedName -Replace $userObject `
            -AdaxesService localhost -Server $domainName -ErrorAction Stop
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }

    if ($propertiesToClear.Length -ne 0)
    {
        try
        {
            Set-AdmUser -Identity $userExists.DistinguishedName -Clear $propertiesToClear `
                -AdaxesService localhost -Server $domainName -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
    }

    if ([System.String]::IsNullOrEmpty($accountPassword))
    {
        continue
    }

    try
    {
        Set-AdmAccountPassword -Identity $userExists.DistinguishedName -NewPassword $accountPassword `
            -Reset -Server $domainName -AdaxesService localhost -ErrorAction Stop
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating the password for user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }
}
by (3.2k points)

1 Answer

0 votes
by (289k points)
selected by
Best answer

Hello,

Below is the updated script. In the script:

  • $companyColumn – Specifies the name of the column that contains the company name.
  • $companyInfo – Specifies the relation between company name and the OU where the user must be created.

The script must be executed by a Scheduled Task configured for Domain-DNS Object type. 

Import-Module Adaxes

$csvFilePath = "\\asp-adadaxes.admi.com\D$\\CSV\ImportedUsers.csv" # TODO: modify me
$accountPasswordColumn = "unicodePwd" # TODO: modify me
$sAMAccountNameColumn = "sAMAccountName" # TODO: modify me
$companyColumn = "Company" # TODO: modify me
$companyInfo = @{
    "Acme" = "OU=Users,DC=Acme,DC=com"
    "Bozo" = "OU=Users,DC=Bozo,DC=com"
} # TODO: modify me 

$importedUsers  = Import-Csv -Path $csvFilePath

foreach ($userFromCSV in $importedUsers)
{
    $userObject = @{}
    $accountPassword = $NULL
    $propertiesToClear = @()
    foreach ($property in $userFromCSV.PSObject.Properties)
    {
        $propertyName = $property.Name
        $value = $property.Value

        if($propertyName -ieq $accountPasswordColumn -and !([System.String]::IsNullOrEmpty($value)))
        {
            $accountPassword = ConvertTo-SecureString -AsPlainText $value -Force
            continue
        }
        elseif ($propertyName -ieq $accountPasswordColumn -and [System.String]::IsNullOrEmpty($value))
        {
            continue
        }

        if ([System.String]::IsNullOrEmpty($value))
        {
            $propertiesToClear += $propertyName
            continue
        }

        if ($value -ieq "True" -or $value -ieq "False")
        {
            $value = [System.Boolean]::Parse($value)
        }

        $userObject.Add($propertyName, $value)
    }

    # Check whether the user exists
    $ouDN = $companyInfo[$userFromCSV.$companyColumn]
    $domainName = $Context.GetObjectDomain($ouDN)
    $userExists = Get-AdmUser -Identity $userObject.$sAMAccountNameColumn `
        -AdaxesService localhost -ErrorAction SilentlyContinue -Server $domainName

    if ($userExists -eq $NULL)
    {
        # Build user name
        $displayName = $userObject.GivenName + " " + $userObject.SN # TODO: modify me
        $parameters = @{
            "Path" = $ouDN
            "Name" = $displayName;
            "Server" = $domainName;
            "AdaxesService" = "localhost"
            "Enabled" = $True
            "OtherAttributes" = $userObject
            "ErrorAction" = "Stop"
        }

        if (!([System.String]::IsNullOrEmpty($accountPassword)))
        {
            $parameters.Add("AccountPassword", $accountPassword)
        }

        # Create a new user account
        try
        {
            New-AdmUser @parameters
        }
        catch
        {
            $Context.LogMessage("An error occurred when creating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
        continue
    }

    # If user exists, update account
    try
    {
        Set-AdmUser -Identity $userExists.DistinguishedName -Replace $userObject `
            -AdaxesService localhost -Server $domainName -ErrorAction Stop
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }

    if ($propertiesToClear.Length -ne 0)
    {
        try
        {
            Set-AdmUser -Identity $userExists.DistinguishedName -Clear $propertiesToClear `
                -AdaxesService localhost -Server $domainName -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
    }

    if ([System.String]::IsNullOrEmpty($accountPassword))
    {
        continue
    }

    try
    {
        Set-AdmAccountPassword -Identity $userExists.DistinguishedName -NewPassword $accountPassword `
            -Reset -Server $domainName -AdaxesService localhost -ErrorAction Stop
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating the password for user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }
}
0

thank you, we had to execute for OU object type to work.

by (3.2k points)
0

we are also getting the following type User Logon (Pre 2000) ACME\$04S100-P6MARFBRO44A which should be ACME\a123456 (which is their employee ID with a letter in front of it specific to the company)

by (3.2k points)
0

Hello,

Find the updated script below. In the script, $employeeIDColumn specifies the name of the column that contains Employee IDs of users.

Import-Module Adaxes

$csvFilePath = "\\asp-adadaxes.admi.com\D$\\CSV\ImportedUsers.csv" # TODO: modify me
$accountPasswordColumn = "unicodePwd" # TODO: modify me
$employeeIDColumn = "EmployeeID" # TODO: modify me
$companyColumn = "Company" # TODO: modify me
$companyInfo = @{
    "Acme" = "OU=Users,DC=Acme,DC=com"
    "Bozo" = "OU=Users,DC=Bozo,DC=com"
} # TODO: modify me

$importedUsers  = Import-Csv -Path $csvFilePath

foreach ($userFromCSV in $importedUsers)
{
    $userObject = @{}
    $accountPassword = $NULL
    $propertiesToClear = @()
    foreach ($property in $userFromCSV.PSObject.Properties)
    {
        $propertyName = $property.Name
        $value = $property.Value

        if($propertyName -ieq $accountPasswordColumn -and !([System.String]::IsNullOrEmpty($value)))
        {
            $accountPassword = ConvertTo-SecureString -AsPlainText $value -Force
            continue
        }
        elseif ($propertyName -ieq $accountPasswordColumn -and [System.String]::IsNullOrEmpty($value))
        {
            continue
        }

        if ([System.String]::IsNullOrEmpty($value))
        {
            $propertiesToClear += $propertyName
            continue
        }

        if ($value -ieq "True" -or $value -ieq "False")
        {
            $value = [System.Boolean]::Parse($value)
        }

        $userObject.Add($propertyName, $value)
    }

    # Build Username
    $company = $userFromCSV.$companyColumn
    $sAMAccountName = $company[0] + $userFromCSV.$employeeIDColumn
    $userObject["sAMAccountName"] = $sAMAccountName

    # Check whether the user exists
    $ouDN = $companyInfo[$company]
    $domainName = $Context.GetObjectDomain($ouDN)
    $userExists = Get-AdmUser -Identity $sAMAccountName `
        -AdaxesService localhost -ErrorAction SilentlyContinue -Server $domainName

    if ($userExists -eq $NULL)
    {
        # Build user name
        $displayName = $userObject.GivenName + " " + $userObject.SN # TODO: modify me
        $parameters = @{
            "Path" = $ouDN
            "Name" = $displayName;
            "Server" = $domainName;
            "AdaxesService" = "localhost"
            "Enabled" = $True
            "OtherAttributes" = $userObject
            "ErrorAction" = "Stop"
        }

        if (!([System.String]::IsNullOrEmpty($accountPassword)))
        {
            $parameters.Add("AccountPassword", $accountPassword)
        }

        # Create a new user account
        try
        {
            New-AdmUser @parameters
        }
        catch
        {
            $Context.LogMessage("An error occurred when creating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
        continue
    }

    # If user exists, update account
    try
    {
        Set-AdmUser -Identity $userExists.DistinguishedName -Replace $userObject `
            -AdaxesService localhost -Server $domainName -ErrorAction Stop
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }

    if ($propertiesToClear.Length -ne 0)
    {
        try
        {
            Set-AdmUser -Identity $userExists.DistinguishedName -Clear $propertiesToClear `
                -AdaxesService localhost -Server $domainName -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
    }

    if ([System.String]::IsNullOrEmpty($accountPassword))
    {
        continue
    }

    try
    {
        Set-AdmAccountPassword -Identity $userExists.DistinguishedName -NewPassword $accountPassword `
            -Reset -Server $domainName -AdaxesService localhost -ErrorAction Stop
    }
    catch
    {
        $Context.LogMessage("An error occurred when updating the password for user '$displayName'. Error: " + $_.Exception.Message, "Warning")
    }
}
by (289k points)
0

Excellent we are almost perfect. Can we update the script to make the letter lowercase that is added to the employeeID for the username and we are not getting the User Logon Name filled out just the User Login Name (Pre 2000). We need them to be the same if not specified in the CSV.

by (3.2k points)
0

Hello,

we are not getting the User Logon Name filled out just the User Login Name (Pre 2000). We need them to be the same if not specified in the CSV.

Find the updated script below. 

    Import-Module Adaxes

    $csvFilePath = "\\asp-adadaxes.admi.com\D$\\CSV\ImportedUsers.csv" # TODO: modify me
    $accountPasswordColumn = "unicodePwd" # TODO: modify me
    $employeeIDColumn = "EmployeeID" # TODO: modify me
    $companyColumn = "Company" # TODO: modify me
    $companyInfo = @{
        "Acme" = "OU=Users,DC=Acme,DC=com"
        "Bozo" = "OU=Users,DC=Bozo,DC=com"
    } # TODO: modify me

    $importedUsers  = Import-Csv -Path $csvFilePath

    foreach ($userFromCSV in $importedUsers)
    {
        $userObject = @{}
        $accountPassword = $NULL
        $propertiesToClear = @()
        foreach ($property in $userFromCSV.PSObject.Properties)
        {
            $propertyName = $property.Name
            $value = $property.Value

            if($propertyName -ieq $accountPasswordColumn -and !([System.String]::IsNullOrEmpty($value)))
            {
                $accountPassword = ConvertTo-SecureString -AsPlainText $value -Force
                continue
            }
            elseif ($propertyName -ieq $accountPasswordColumn -and [System.String]::IsNullOrEmpty($value))
            {
                continue
            }

            if ([System.String]::IsNullOrEmpty($value))
            {
                $propertiesToClear += $propertyName
                continue
            }

            if ($value -ieq "True" -or $value -ieq "False")
            {
                $value = [System.Boolean]::Parse($value)
            }

            $userObject.Add($propertyName, $value)
        }

        # Build Username
        $company = $userFromCSV.$companyColumn
        $sAMAccountName = $company.ToLower()[0] + $userFromCSV.$employeeIDColumn
        $userObject["sAMAccountName"] = $sAMAccountName

        # Check whether the user exists
        $ouDN = $companyInfo[$company]
        $domainName = $Context.GetObjectDomain($ouDN)
        $userExists = Get-AdmUser -Identity $sAMAccountName `
            -AdaxesService localhost -ErrorAction SilentlyContinue -Server $domainName

        if ($userExists -eq $NULL)
        {
            # Build user name
            $displayName = $userObject.GivenName + " " + $userObject.SN # TODO: modify me
            $parameters = @{
                "Path" = $ouDN
                "Name" = $displayName;
                "Server" = $domainName;
                "AdaxesService" = "localhost"
                "Enabled" = $True
                "OtherAttributes" = $userObject
                "ErrorAction" = "Stop"
            }

            if (!([System.String]::IsNullOrEmpty($accountPassword)))
            {
                $parameters.Add("AccountPassword", $accountPassword)
            }

            # Create a new user account
            try
            {
                New-AdmUser @parameters
            }
            catch
            {
                $Context.LogMessage("An error occurred when creating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
            }
            continue
        }

        # If user exists, update account
        try
        {
            Set-AdmUser -Identity $userExists.DistinguishedName -Replace $userObject `
                -AdaxesService localhost -Server $domainName -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }

        if ($propertiesToClear.Length -ne 0)
        {
            try
            {
                Set-AdmUser -Identity $userExists.DistinguishedName -Clear $propertiesToClear `
                    -AdaxesService localhost -Server $domainName -ErrorAction Stop
            }
            catch
            {
                $Context.LogMessage("An error occurred when updating user '$displayName'. Error: " + $_.Exception.Message, "Warning")
            }
        }

        if ([System.String]::IsNullOrEmpty($accountPassword))
        {
            continue
        }

        try
        {
            Set-AdmAccountPassword -Identity $userExists.DistinguishedName -NewPassword $accountPassword `
                -Reset -Server $domainName -AdaxesService localhost -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage("An error occurred when updating the password for user '$displayName'. Error: " + $_.Exception.Message, "Warning")
        }
    }

Excellent we are almost perfect. Can we update the script to make the letter lowercase that is added to the employeeID for the username and we are not getting the User Logon Name filled out just the User Login Name (Pre 2000). We need them to be the same if not specified in the CSV.

For this purpose, you need to create a Property Pattern that will match the properties. For information on how do so, have a look at the following tutorial: http://www.adaxes.com/tutorials_Simplif ... llName.htm. On step 2 double-click User Logon Name property and enter %sAMAccountName% into the Generate default value field on step 3. The Activity Scope of the Property pattern should include both domains (Acme and Bozo).

by (289k points)

Related questions

0 votes
1 answer
Help with two servers ( one internal and one in DMZ) with webservers

Hi so if I have the web-interface setup on my internal server where I did the full install but I also have setup a RODC in DMZ how can I "merge" so that the URLS given ... get the offline/unlock that shows up to link and show/work for the web server on the DMZ

asked Nov 4 by ckelley (40 points)
0 votes
1 answer
Email address help needed

Hello Support Team We are looking to change our email address format to first.last@company.com. We have some newer users using the new format but we never backfilled the ... (NOT set to primary) to each account and deal with the possibility of duplicates?

asked Jun 5, 2018 by willy-wally (3.2k points)
0 votes
1 answer
LDAP Filter help needed

Hello, I search an ldap filter to allow me to show managed user and user managed by the managed user (dunno if i'm clear). Let me ... ((manager=%distinguishedName%).distinguishedname))) (|(manager=%distinguishedName%)(manager=$(manager=%distinguishedName%))

asked May 24, 2016 by Alexandre (460 points)
0 votes
1 answer
New user creation with Check boxes

All, I was wondering if there is a way to add check boxes that correspond to custom commands. Ie if I as the administrator want to give another user the ability to create ... to specific groups. All this would be avaliable from the new user form. Thanks, Tony

asked Nov 5, 2015 by cyspry (480 points)
0 votes
1 answer
User Creation with invalid password

We would like to be able to have the web interface error when a new user is created with a password that does not meet our complexity rules. Right now, the user is created ... to have the interface stop the user before submission. Is there a way to do this?

asked Nov 12, 2014 by bsteele (90 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users