I've been trying to edit/complete a powershell script for my district which will be used to create user accounts for several thousand students. We currently have students in active directory with a firstname.lastname naming convention. The script I had used would create students using this - but when it ran into an existing account it simply would spit out the name that was a duplicate rather than doing anything about it. I would rather the script run and if an existing firstname.lastname is encountered to create a firstname.middleinitial.lastname user account. The current script also limits the samAccountName characters so they're not too long. All this information is pulled from a CSV file and used for the variables.
What is happening now is that new users are created - but if a firstname.lastname already exists - properties of new users sharing attributes of that name are input INTO the existing account which makes... odd AD user attributes. After all this - how can I get this script to search through AD and if a firstname.lastname samAccountName is encountered to leave it alone and generate a new firstname.middleinitial.lastname user account?
try { $students = Import-Csv "$csvfile" } catch { Write-Host We have a problem with the CSV file. exit } ################# # Load AD module# ################# If (Get-Module -ListAvailable | Where-Object{$_.Name -eq "ActiveDirectory"}){ Import-Module ActiveDirectory } else { Write-host ActiveDirectory Module not available exit } ##################### #Create the accounts# ##################### write-host Creating Student Accounts foreach ($student in $students){ $fname = $student."Student First Name" #Edit this to match your CSV if your header is not exactly Firstname $lname = $student."Student Last Name" #Edit this to match your CSV if your header is not exactly Lastname $minitial = $student."Student Middle Initial" #Edit this to match your CSV if your header is not exactly Middle Initial $Fullname = $fname + " " + $minitial + " " + $lname $altFullname = $fname + " " + $minitial + " " + $lname $gradyr = $student."Grad Year" #Edit this to match your CSV if your header is not exactly Graduation Year $bday = $student."Birthdate" #Edit this to match your CSV if your header is not exactly Birthdate $id = $student."Student ID" #Edit this to match your CSV If your header is not Student ID $studesc = $id + " " + $bday $username = $fname + "." + $lname if ($username.length -gt 20) { $username = $username.substring(0,20) } #shorten username to 20 characters for sAMAccountName if ($studesc.length -gt 21) { $studesc = $studesc.substring(0,21) } #shorten description to not include time $emailadd = $username + $stuemail $principalname = $username + "@" + $domain $altprincipalname = $altusername + "@" + $domain $homedir = $stuhomedir1 + "\" + $username $altusername = $fname + "." + $minitial + "." + $lname if ($altusername.length -gt 20) { $username = $username.substring(0,20) } #shorten username to 20 characters for sAMAccountName $altemailadd = $altusername + $stuemail $building = $student."Grade" #Edit this to match your CSV If your header is not exactly Current Building Write-host $Fullname $username $password #need to check if samaccountname is already taken. If so notify admin. Have to check the shortened 20 character as well as the longer one. Try { $exists = Get-ADUser -LDAPFilter "(samaccountname=$username)" -Properties * If (!$exists) { $createNew = $true } ElseIf ($exists -and ($exists.description.trim() -eq $id)) { $createNew = $false $updateUser = Get-ADUser -LDAPFilter "(sAMAccountName=$username)" -Properties * #Set-ADUser -Identity $updateUser -CannotChangePassword $true } ElseIf (($exists) -And ($exists.description.trim() -ne $id)) { $dupeExists = Get-ADUser -LDAPFilter "(samaccountname=$altusername)" if (!$dupeExists) { $createNew = $true $username = $altusername $emailadd = $altemailadd #$principalname = $altprincipalname } } } Catch { } If($createNew) { #$i++ # Set all variables according to the table names in the Excel # sheet / import CSV. The names can differ in every project, but # if the names change, make sure to change it below as well. 2001-06-16 $setpass = ConvertTo-SecureString -AsPlainText $password -force New-ADUser ` -sAMAccountName $username ` -givenName $fname ` -Surname $lname ` -Initials $minitial ` -UserPrincipalName $principalname ` -DisplayName $fullname ` -name $fullname ` -homeDrive "m:" ` -homeDirectory $homedir ` -scriptPath "logon.bat" ` -EmailAddress $emailadd ` -Description $studesc ` -ChangePasswordAtLogon $true ` -AccountPassword (ConvertTo-SecureString "$password" -AsPlainText -force) ` -Enabled $true ` -Path "ou=$gradyr,$stuou" ` start-sleep -Milliseconds 15 continue } }