Reputation: 5
Powershell : User Creation Script
I have a script that works good overall, but one of the parameters doesn't show as it should.
Script :
# Create user account in AD. After execution, you will ask to set the password.
New-ADUser `
-Name "John Travolta" `
-GivenName "John" `
-Surname "Travolta" `
-UserPrincipalName "JohnT"`
-DisplayName "John Travolta" `
-AccountPassword (Read-Host -AsSecureString "Input User Password") `
-ChangePasswordAtLogon $True `
-Company "CLASS" `
-Title "Actor" `
-State "ON" `
-City "Kitchener" `
-Description "Bold dude from face off" `
-EmployeeNumber "4" `
-Department "Paramount Cinema" `
-Country "CA" `
-PostalCode "N2B G5T" `
-SamAccountName "JohnT"`
-MobilePhone "519-7218652"`
-Enabled $True
#Add user to the specific OU.
$MOVEOU = Move-ADObject -Identity "CN=John Travolta,CN=Users,DC=class,DC=com" -TargetPath "OU=paramount cinema,DC=class,DC=com"
if ($moveou -eq "error") {
Write-Host "Move ADObject failed" -ForegroundColor DarkRed
}
else {
Write-Host "Move ADObject completed" -ForegroundColor Cyan
}
#Add user to the specific group
$MoveToGroup = Add-ADGroupMember -Identity SG-ParamountCinema -Members JohnT
if ($movetogroup -eq "error") {
Write-Host "Add ADGroupMember Failed" -ForegroundColor DarkRed
}
else {
Write-Host "Add ADGroupMember completed" -ForegroundColor Cyan
}
The result is good but, in case of an error it doesn't show the "Failed" in dark red, only the success one.
Please Help, thank you!
Upvotes: 0
Views: 82
Answers (1)
Reputation: 7057
By default, if successful Add-ADGroupmember doesn't produce any output. Assigning nothing to $MoveToGroup will therefore never equal "error". This is probably the same for Move-ADObject. Regardless of output, this is the wrong way to handle errors. You should take a look at about_Try_Catch_Finally, but here's how it might look:
Try {
$MoveToGroup = Add-ADGroupMember -Identity SG-ParamountCinema -Members JohnT -ErrorAction Stop -passThru
Write-Host "Add ADGroupMember completed" -ForegroundColor Cyan
}
Catch {
Write-Host "Add ADGroupMember Failed" -ForegroundColor DarkRed
}
Notice the addition of -passThru. While you do not need to assign any output to a variable for error handling, I don't know if the group object is needed elsewhere. Generally -passThru instructs a cmdlet to emit the object it worked on. So if the $MoveToGroup variable is needed elsewhere etc...
Generally using backticks to continue a line is frowned on. Instead try splatting. That might look something like:
$Params = @{
Name = "John Travolta"
GivenName = "John"
Surname = "Travolta"
UserPrincipalName = "JohnT"
DisplayName = "John Travolta"
AccountPassword = (Read-Host -AsSecureString "Input User Password")
ChangePasswordAtLogon = $True
Company = "CLASS"
Title = "Actor"
State = "ON"
City = "Kitchener"
Description = "Bold dude from face off"
EmployeeNumber = "4"
Department = "Paramount Cinema"
Country = "CA"
PostalCode = "N2B G5T"
SamAccountName = "JohnT"
MobilePhone = "519-7218652"
Enabled = $True
Path = "OU=paramount cinema,DC=class,DC=com"
}
New-ADUser @Params
Also, you don't need to move the ADUser after the fact. Simply use the -Path parameter in the New-ADUser command. Create it right where you intend it to be.
Upvotes: 1
Related Questions
- Powershell creating bulk users with a script
- Powershell user creation script
- automating New-ADuser Script
- Create New User via PowerShell
- Creating users with Powershell
- PowerShell Account Creation Scripting
- PowerShell Script to add newuser
- Create Active Directory Users PowerShell Script
- Active Directory PowerShell creating users
- Powershell new User creation