Create AD Account and Mailbox by Powershell

Dear all,

I have a question about creating AD user and mailbox:

  • Background:

There're 4 sites in my organization, and 2 DCs in each site. Exchange servers are in site A, the AD administrators work in sites B & C. I wrote a powershell script to help them creating AD users and mailboxes. Parts of the code are listed:

$DC = $env:LOGONSERVER -replace "\\"
New-ADUser @newUser -OtherAttributes @{ pager = $EmployeeID } -Server $DC -ErrorAction Stop
Enable-Mailbox -Identity $samAccountName -Alias $samAccountName -Database $msdb -DomainController $DC
  • My question:

 Sometimes the mailbox cannot be created, and I get the error: Cannot find an object with identity: 'Sandy.Lorena' under: 'DC=ms,DC=com'

I want to create an AD user, make some settings, and then create a mailbox for this AD user. How should I do if I want to prevent the above error?

Thank you in advance.

July 30th, 2015 12:27am

Hi ChenryLee,

i'm not shore if this will help you, but you can try it:

Enable Exchange to view all forest.

Set-ADServerSettings -ViewEntireForest $true

Best Regards

Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 6:01am

Hi SSorin,

Thank you. I checked this cmdlet, Organization/Server Management permission is needed.

Considering security strategies, the AD administrators are only allowed to grant minimum permissions.

I used to think about another cmdlet New-Mailbox, but I don't know if it works without exceptions.

July 30th, 2015 6:13am

it should work, what kind of exceptions du you main?
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 7:02am

Hi ChenryLee,

You are almost getting there when you said "New-Mailbox".

You are getting the errors because of the DCs across sites are not yet replicated when you are running the commands separately.

There are many ways to resolve this.

1. Use New-Mailbox to create the user account and mailbox at a single go, if it works for you. Then user Set-ADuser cmdlet to make the remaining configurations if required.

2. Use fixed domain controller $DC with both the New-ADUser and Enable-Mailbox

3. Wait for 15min-1hrs depending upon replication time between both cmdlets.

4. Using Set-ADServerSettings we can specify the preferred server for the current session with the -PreferredServer switch.

July 30th, 2015 7:44am

I am not definitely sure whether the cmdlet works, still afraid failure of creating mailbox. :(
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 7:50am

I would suggest to create mailbox and it will automatically create a AD account using below link.

https://technet.microsoft.com/en-us/magazine/ff381465.aspx


July 30th, 2015 10:24am

Hi ChenryLee,

If you follow what I said earlier and give a wait time between the separate commands it will not fail.

Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2015 1:56am

Hi Satyajit321,

I want to use cmdlet New-Mailbox instead of New-ADUser, and now I have some problems.

Before, I create a hash table, which defines user attributes:

$newUser = @{
Name = $Name
SamAccountName = $samAccountName
Description = $title
GivenName = $GivenName
surName = $Surname
DisplayName = $Name
Title = $title
Company = $company
Department = $Dept
Office = $Office
EmployeeID = $EmployeeID
MobilePhone = $mobile
UserPrincipalName = $samAccountName + "@ms.com"
ScriptPath = $scriptpath
Manager = $manager
Path = $OU
Enabled = $true
ChangePasswordAtLogon = $true
AccountPassword = (ConvertTo-SecureString $password -AsPlainText -Force)
}

And I create the user by cmdlet:

New-ADUser @newUser

Now can I still use the hash table? If OK, which attributes should I define?

Now my new script is like this:

$newUser = @{
Name = $Name
SamAccountName = $samAccountName
Alias = $samAccountName
Database = $mbxdb
FirstName = $GivenName
LastName = $LastName
DisplayName = $Name
Office = $Office
UserPrincipalName = $samAccountName + "@ms.com"
OrganizationalUnit = $OU
AccountDisabled = $false
ResetPasswordOnNextLogon = $true
Password = (ConvertTo-SecureString $pw -AsPlainText -Force)
}

But cmdlet as below doesn't work:

New-Mailbox @newUser
How should I do if I want to create accounts in similar way? Thank you.
August 5th, 2015 8:53am

Hi Satyajit321,

I have one more question.

If I create AD user and mailbox via cmdlet New-Mailbox, and then I have to set AD user attributes. Is it possible that "User xxx cannot be found" when I set them? Thank you.

BTW, Create AD account, wait for half an hour and then create mailbox, it is not possible at the present.

Free Windows Admin Tool Kit Click here and download it now
August 5th, 2015 8:59am

Hi ChenryLee,

Please refer to the article here to find the supported attributes(Syntax, parameters), not all that you have in the hash table would be supported.

As per the earlier said reasons, it is always possible to get the error if you use 2 separate cmdlets in whichever order.

Normally in my experience, I have managed to pull off something similar to this using Start-Sleep of 1-5 minutes in between.

August 6th, 2015 1:03am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics