Adaxes

Unique username and UPN with character limit

0 votes

Hello,

I hope someone can help me with a specific script. I have tried to put 2 or 3 together that I have found on here but not having much luck.

I am looking to have a unique username with a 10 character limit (of first name initial + surname), if not unique to add a number at the end.

I was then looking to have a unique UPN (firstname.lastname@domain.com), if not unique to add a number at the end.

Is someone able to help me put this together please?

I have come across this - https://www.adaxes.com/questions/436/check-for-duplicate-upn, but it doesn't seesm to be quite what I'm after.

Any help would be appreciated.

by (40 points)

1 Answer

+1 vote
by (289k points)

Hello,

You can use the Username has a length limitation script from the following article in our script repository: https://www.adaxes.com/script-repository/automatically-add-a-digit-to-the-username-if-it-is-not-unique-s298.htm. It works exactly the way you need.

0

Hey thank you for this, sorry yes this is one of the ones I tried to follow.

The issue is that it sets the UPN to the unique username.

I need it to have a unique firstname.last@domain.com (Joe.Bloggs1@domain.com).

The above is fine for the pre W2000 username, but not the UPN unfortunately.

That second part is the bit I'm mainly struggling on currently

by (40 points)
0

Hello,

Thank you for clarifying. For us to update the script to meet your needs, please, specify the following:

  1. Should the prefix part of UPN also be limited in length?
  2. If the initial prefix (FirstName.LastName) is not unique, should the script add a digit to the prefix until UPN is unique? If not, what should the script do to make UPN unique?
by (289k points)
0

Hey,

No limit to the UPN, just full first name. and last name.

And yes to your second question, simply add a digit until UPN is unique.

Import-Module Adaxes

$emailsuffix = "domain.co.uk"
$maximumLength = 10

$firstname = "%firstname%"
$surname = "%surname%"

function IsUserNameUnique($username)
{
   $user = Get-AdmUser $username -erroraction silentlycontinue
   return $user -eq $Null
}

# Get the username
$username = $Context.GetModifiedPropertyValue("samAccountName")

# Check user name Length
if ($username.Length -gt $maximumLength)
{
    $username = $username.SubString(0 , $maximumLength)
}
elseif (IsUserNameUnique($username))
{
    # Username is unique
    return
}

# If the username is not unique, generate a unique one
$uniqueUsername = $username
for ($i = 1; $True; $i++)
{
    if (IsUserNameUnique($uniqueUsername))
    {
        break
    }

    $difference = $maximumLength - $username.Length - $i.ToString().Length
    if ($difference -lt 0)
    {
        $username = $username.Substring(0, $username.Length + $difference)
    }

    if ([System.String]::IsNullOrEmpty($username))
    {
        $Context.Cancel("Unable to generate a unique username, because the number length exceeds the maximum length of the username")
        return
    }

    $uniqueUsername = $username + $i;
}

# Update User Logon Name (pre-Windows 2000)
$Context.SetModifiedPropertyValue("samAccountName", $uniqueUsername)

Function GetUserPrincipalname {



        $result = "$($firstname).$($surname)@$($emailsuffix)"  
        $int = 2
        $output = Get-ADUser -filter "UserPrincipalName -eq '$result'"
        $tmpresult = $result

        Do {
                $output = Get-ADUser -filter "UserPrincipalName -eq '$tmpresult'"

                if ($output -eq $Null) {
                    $result = $($tmpresult)
                } else {
                    $result = "$($firstname).$($surname)$($int)@$($emailsuffix)"
                    $tmpresult = $($result)
                    $int = $int + 1
                }
            }
        Until ($output -eq $Null)


    Return $result
}
# Update User Logon Name

$userLogonName = GetUserPrincipalname
$Context.SetModifiedPropertyValue("userPrincipalName", $userLogonName)
    $Context.LogMessage("The name has been changed to " + $objectName `
      + ".", "Information")
by (40 points)
edited by
+1

Hello,

Thank you for the confirmation. Find the updated script below. In the script:

  • $maximumLength - Specifies the maximum length of the username.
  • $upnPrefix - Specifies a template for generating the UPN prefix. You can use value references in the template. In your case, it should be "%firstname%.%lastname%"
Import-Module Adaxes

$maximumLength = 8 # TODO: modify me
$upnPrefix = "%firstname%.%lastname%" # TODO: modify me

function IsUserValueUnique($filter)
{
   $user = Get-AdmUser -LdapFilter $filter -erroraction silentlycontinue
   return $user -eq $Null
}

# Get the username
$username = $Context.GetModifiedPropertyValue("samAccountName")

# Check user name Length
if ($username.Length -gt $maximumLength)
{
    $username = $username.SubString(0 , $maximumLength)
}

# User Logon Name (pre-Windows 2000)
$uniqueUsername = $username
for ($i = 1; $True; $i++)
{
    if (IsUserValueUnique "(sAMAccountName=$uniqueUsername)")
    {
        break
    }

    $difference = $maximumLength - $username.Length - $i.ToString().Length
    if ($difference -lt 0)
    {
        $username = $username.Substring(0, $username.Length + $difference)
    }

    if ([System.String]::IsNullOrEmpty($username))
    {
        $Context.Cancel("Unable to generate a unique username, because the number length exceeds the maximum length of the username")
        return
    }

    $uniqueUsername = $username + $i;
}

# User Logon Name
$upnSuffix = $Context.GetObjectDomain("%distinguishedName%")
$uniqueUPN = "$upnPrefix@$upnSuffix"
for ($i = 1; $True; $i++)
{
    if (IsUserValueUnique "(userPrincipalName=$uniqueUPN)")
    {
        break
    }

    $uniqueUPN = "$upnPrefix$i@$upnSuffix"
}

# Update User Logon Name (pre-Windows 2000)
$Context.SetModifiedPropertyValue("samAccountName", $uniqueUsername)

# Update User Logon Name
$Context.SetModifiedPropertyValue("userPrincipalName", $uniqueUPN)
$Context.LogMessage("The username has been changed to " + $uniqueUPN `
  + ".", "Information")
by (289k points)
0

I can't thank you enough, I kept editing my post as the more I looked at it the more problems I noticed. But still couldn't get it to work.

Your code works beautifully, the only thing is that the UPN suffix seems to be defaulting to the incorrect one.

I have specified it at the start of the code as follows: $upnSuffix = "domain.com"

But it doesn't seem to make a difference, am I missing something?

by (40 points)
0

Sorry I've just seen that it is specified further down, I have just changed that part to meet our requirements. Thanks again :)

by (40 points)
How can this be adapted to account for a UPN with the same name just in a different case?
asked Jul 13, 2022 by (870 points)

Related questions

0 votes
1 answer
User Pattern - Limit User Logon Name to 8 character

Due to some of the systems we have, we must limit our logon names to 8 characters. When I set the Value Length to Maximum 8, the result when creating a new account ... get a popup "Invalid Value Length". Is there a way to autopopulate with only 8 characters?

asked Mar 18, 2013 by Kikaida (1.1k points)
0 votes
0 answers
How to launch Adaxes with username and password from command line from, for example, Thycotic Secret Server?

Trying to configure a custom launcher in Thycotic Secret Server that will launch Adaxes on the user's local machine with the username and password passed as parameters. Has anyone made this work?

asked May 20, 2022 by amillard (20 points)
0 votes
1 answer
Unique username

Hi, I am looking for a solution which checks if the username ist unique with the following requirements: If [first letter of first name].[last name] is not possible as username ... letter of first name].[last name]2 I' am looking forward to a hint. Thanks

asked Feb 6, 2023 by boris (530 points)
0 votes
0 answers
Unique username accross all managed domains

Has anyone ever had the business requirement that the usernames of new users be unique across all of the managed domains in the environment? It is easy enough to run a ... the run as service account understand to look further into the other domains as well?

asked Jul 22, 2016 by strikk (360 points)
0 votes
1 answer
Unique Username by removing a letter

Hello, Currently we are using the script from another topic to add a number to the username counting up until it finds a unique name. However, we need the username to still ... changed to " + $userLogonName ` + ".", "Information") Thanks for the assistance.

asked Feb 9, 2016 by jhair (520 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users