From 798a19a36e0335387c8489f507cb568a8205d720 Mon Sep 17 00:00:00 2001 From: Kyle Date: Sun, 13 Apr 2025 01:44:48 +0800 Subject: [PATCH] Resolved users not creating properly, fixed up script details --- New-ADUser.ps1 | 508 +++++++++++++++++++++---------------------------- 1 file changed, 213 insertions(+), 295 deletions(-) diff --git a/New-ADUser.ps1 b/New-ADUser.ps1 index d146082..5f440c0 100644 --- a/New-ADUser.ps1 +++ b/New-ADUser.ps1 @@ -1,11 +1,17 @@ <# .SYNOPSIS - Creates new AD users with email attributes and copy functionality. + Creates or copies AD users with complete error handling .DESCRIPTION - Enhanced version with mailNickname and proxyAddresses support. + A script that can create a new user account from scratch, or copy an existing user for their security groups. + Has built-in error tolerant handling and recommendations, will continue where possible and report any issues. + Script will automatically add 'mailnickname' and 'proxyAddresses' to attribute editor. .NOTES - Version : 2.1 + Author : Kyle Pope + AI + Created : 13/04/25 + Version : 1.0.7 Requires : PowerShell with Active Directory module + File Name : New-ADUser.ps1 + #> # Import Active Directory module @@ -19,13 +25,13 @@ catch { function Show-Menu { param ( - [string]$Title = 'AD User Creation Options' + [string]$Title = 'AD User Management' ) Clear-Host Write-Host "================ $Title ================" Write-Host "" - Write-Host "1: Create a new user from scratch" - Write-Host "2: Copy settings from existing user" + Write-Host "1: Create new user" + Write-Host "2: Copy existing user" Write-Host "" Write-Host "Q: Quit" Write-Host "" @@ -57,8 +63,7 @@ function Get-ValidPassword { do { $password = Read-Host "Enter password (min 8 chars, complex)" -AsSecureString $passwordText = [Runtime.InteropServices.Marshal]::PtrToStringAuto( - [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) - ) + [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)) if ($passwordText.Length -lt 8) { Write-Host "Password must be at least 8 characters" -ForegroundColor Red @@ -84,6 +89,103 @@ function Get-ValidPassword { return $password } +function Test-ADUserExists { + param ( + [string]$Username, + [int]$RetryCount = 3, + [int]$DelaySeconds = 2 + ) + + for ($i = 1; $i -le $RetryCount; $i++) { + try { + $user = Get-ADUser -Identity $Username -ErrorAction Stop + return $user + } + catch { + if ($i -lt $RetryCount) { + Write-Host "User not found yet, retrying in $DelaySeconds seconds... (Attempt $i of $RetryCount)" -ForegroundColor Yellow + Start-Sleep -Seconds $DelaySeconds + } + } + } + return $null +} + +function Set-UserEmailAttributes { + param ( + [string]$Username, + [string]$EmailAddress, + [string]$Domain + ) + + $errors = @() + + # Set mailNickname if available + try { + Set-ADUser -Identity $Username -Replace @{mailNickname=$Username} -ErrorAction Stop + Write-Host "Successfully set mailNickname: $Username" -ForegroundColor Green + } + catch { + $errors += "mailNickname: $($_.Exception.Message)" + Write-Host "Warning: Could not set mailNickname - $($_.Exception.Message)" -ForegroundColor Yellow + } + + # Set proxyAddresses (primary SMTP address) + try { + $proxyAddress = "SMTP:$EmailAddress" + Set-ADUser -Identity $Username -Add @{proxyAddresses=$proxyAddress} -ErrorAction Stop + Write-Host "Successfully set proxyAddresses: $proxyAddress" -ForegroundColor Green + } + catch { + $errors += "proxyAddresses: $($_.Exception.Message)" + Write-Host "Warning: Could not set proxyAddresses - $($_.Exception.Message)" -ForegroundColor Yellow + } + + return $errors +} + +function Show-FinalUserDetails { + param ( + [string]$Username, + [array]$AttributeErrors + ) + + try { + $finalUser = Get-ADUser -Identity $Username -Properties * -ErrorAction SilentlyContinue + if ($finalUser) { + Write-Host "`nFinal User Details:" -ForegroundColor Cyan + $finalUser | Select-Object Name, SamAccountName, UserPrincipalName, + mailNickname, proxyAddresses, EmailAddress, + DistinguishedName, Enabled | Format-List + + if ($AttributeErrors) { + Write-Host "`nAttribute Setting Errors:" -ForegroundColor Yellow + $AttributeErrors | ForEach-Object { + Write-Host " - $_" -ForegroundColor Yellow + } + } + } + else { + Write-Host "`nNote: Could not retrieve final user details (replication in progress)" -ForegroundColor Yellow + if ($AttributeErrors) { + Write-Host "`nAttribute Setting Errors:" -ForegroundColor Yellow + $AttributeErrors | ForEach-Object { + Write-Host " - $_" -ForegroundColor Yellow + } + } + } + } + catch { + Write-Host "`nNote: Could not retrieve complete user details - $($_.Exception.Message)" -ForegroundColor Yellow + if ($AttributeErrors) { + Write-Host "`nAttribute Setting Errors:" -ForegroundColor Yellow + $AttributeErrors | ForEach-Object { + Write-Host " - $_" -ForegroundColor Yellow + } + } + } +} + function CreateNewUser { param ( [string]$Domain @@ -103,12 +205,11 @@ function CreateNewUser { $ou = Read-Host "Enter OU distinguished name (e.g., OU=Users,DC=domain,DC=com) or leave blank for default" $password = Get-ValidPassword + $emailAddress = "$username@$Domain" + $attributeErrors = @() try { - # Build email attributes - $emailAddress = "$username@$Domain" - - # Base parameters that will always work + # Base parameters $newUserParams = @{ GivenName = $firstName Surname = $lastName @@ -123,139 +224,130 @@ function CreateNewUser { ErrorAction = 'Stop' } + # Set OU path if (-not [string]::IsNullOrWhiteSpace($ou)) { $newUserParams['Path'] = $ou + Write-Host "Creating user in specified OU: $ou" -ForegroundColor Cyan } else { - $newUserParams['Path'] = "CN=Users," + (Get-ADDomain).DistinguishedName - } - - # Try to add mailNickname if available (with error handling) - try { - $newUserParams['mailNickname'] = $username - Write-Host "Attempting to set mailNickname: $username" -ForegroundColor Cyan - } - catch { - Write-Host "Warning: Could not set mailNickname attribute" -ForegroundColor Yellow - Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow - Write-Host "User will be created without mailNickname (can be added later)" -ForegroundColor Yellow - } - - # Try to add proxyAddresses if available (with error handling) - try { - $newUserParams['proxyAddresses'] = "SMTP:$emailAddress" - Write-Host "Attempting to set proxyAddresses: SMTP:$emailAddress" -ForegroundColor Cyan - } - catch { - Write-Host "Warning: Could not set proxyAddresses attribute" -ForegroundColor Yellow - Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow - } - - Write-Host "`nCreating user with these confirmed attributes:" -ForegroundColor Cyan - $newUserParams.GetEnumerator() | Where-Object { $_.Key -ne 'AccountPassword' } | ForEach-Object { - Write-Host "$($_.Key): $($_.Value)" + $defaultOU = "CN=Users," + (Get-ADDomain).DistinguishedName + $newUserParams['Path'] = $defaultOU + Write-Host "Using default Users container: $defaultOU" -ForegroundColor Cyan } + # Create the user + Write-Host "Creating user with basic attributes..." -ForegroundColor Cyan New-ADUser @newUserParams - Write-Host "User $username created successfully!" -ForegroundColor Green - # Clear the plaintext password from memory + # Verify creation with retry logic + $createdUser = Test-ADUserExists -Username $username + if (-not $createdUser) { + Write-Host "WARNING: Cannot verify user immediately (replication delay?)" -ForegroundColor Yellow + Write-Host "The user was created but may not be immediately visible." -ForegroundColor Yellow + Write-Host "Please check again in a few minutes." -ForegroundColor Yellow + } + else { + Write-Host "SUCCESS: User verified with DN: $($createdUser.DistinguishedName)" -ForegroundColor Green + } + + # Set email attributes after creation + if ($username -and $emailAddress) { + Write-Host "`nSetting email attributes..." -ForegroundColor Cyan + $attributeErrors = Set-UserEmailAttributes -Username $username -EmailAddress $emailAddress -Domain $Domain + } + + # Show final details with any errors + Show-FinalUserDetails -Username $username -AttributeErrors $attributeErrors + + # Clean up password [Runtime.InteropServices.Marshal]::ZeroFreeBSTR( - [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) - ) + [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)) - # Option to add to groups - $addGroups = Read-Host "Would you like to add the user to any groups? (Y/N)" + # Group membership + $addGroups = Read-Host "`nAdd user to groups? (Y/N)" if ($addGroups -eq 'Y' -or $addGroups -eq 'y') { $groups = Read-Host "Enter group names (comma separated)" - $groupArray = $groups -split ',' - - foreach ($group in $groupArray) { + foreach ($group in ($groups -split ',').Trim()) { try { - Add-ADGroupMember -Identity $group.Trim() -Members $username -ErrorAction Stop - Write-Host "Added to $group successfully." -ForegroundColor Green + Add-ADGroupMember -Identity $group -Members $username -ErrorAction Stop + Write-Host "Added to $group successfully" -ForegroundColor Green } catch { - Write-Host "Error adding to group $group : $_" -ForegroundColor Red + Write-Host "Failed to add to $group : $_" -ForegroundColor Red } } } } catch { - Write-Host "Error creating user: $($_.Exception.Message)" -ForegroundColor Red + Write-Host "ERROR: $($_.Exception.Message)" -ForegroundColor Red if ($_.Exception.Message -like "*Access is denied*") { - Write-Host "`nTROUBLESHOOTING TIPS:" -ForegroundColor Yellow - Write-Host "1. Run PowerShell as Administrator" -ForegroundColor Yellow - Write-Host "2. Verify you have permissions to create users in: $($newUserParams['Path'])" -ForegroundColor Yellow - Write-Host "3. Try a simpler OU path (e.g., CN=Users)" -ForegroundColor Yellow - } - elseif ($_.Exception.Message -like "*mailNickname*" -or $_.Exception.Message -like "*proxyAddresses*") { - Write-Host "`nNOTE: Some attributes not available in this environment" -ForegroundColor Yellow - Write-Host "The user was created successfully without these attributes" -ForegroundColor Green - Write-Host "You can add them later if needed" -ForegroundColor Yellow + Write-Host "`nTROUBLESHOOTING:" -ForegroundColor Yellow + Write-Host "1. Run as Administrator" -ForegroundColor Yellow + Write-Host "2. Verify permissions on target OU" -ForegroundColor Yellow + Write-Host "3. Try simpler OU path" -ForegroundColor Yellow } } + + Write-Host "`nScript completed. Press Enter to continue..." -ForegroundColor Gray + $null = Read-Host } -function Copy-ExistingUser { +function CopyExistingUser { param ( [string]$Domain ) - $sourceUsername = Read-Host "Enter username of the user you want to copy" + $sourceUsername = Read-Host "Enter username to copy" try { $sourceUser = Get-ADUser -Identity $sourceUsername -Properties * -ErrorAction Stop - Write-Host "`nCopying settings from: $($sourceUser.Name)" -ForegroundColor Cyan - Write-Host "Current OU: $($sourceUser.DistinguishedName)`n" -ForegroundColor Cyan + Write-Host "`nCopying from: $($sourceUser.Name)" -ForegroundColor Cyan + Write-Host "Current location: $($sourceUser.DistinguishedName)" -ForegroundColor Cyan - # Get the parent OU from the source user's DN + # Get parent OU $sourceOU = $sourceUser.DistinguishedName -replace '^CN=[^,]+,','' - Write-Host "Source user's OU: $sourceOU" -ForegroundColor Cyan - $firstName = Read-Host "Enter new user's first name [$($sourceUser.GivenName)]" + $firstName = Read-Host "First name [$($sourceUser.GivenName)]" if ([string]::IsNullOrWhiteSpace($firstName)) { $firstName = $sourceUser.GivenName } - $lastName = Read-Host "Enter new user's last name [$($sourceUser.Surname)]" + $lastName = Read-Host "Last name [$($sourceUser.Surname)]" if ([string]::IsNullOrWhiteSpace($lastName)) { $lastName = $sourceUser.Surname } - $username = Read-Host "Enter new username (leave blank to auto-generate)" - + $username = Read-Host "New username (blank to auto-generate)" if ([string]::IsNullOrWhiteSpace($username)) { $username = ($firstName.Substring(0,1) + $lastName).ToLower() Write-Host "Auto-generated username: $username" -ForegroundColor Yellow } $displayName = "$firstName $lastName" + $emailAddress = "$username@$Domain" + $attributeErrors = @() - # Offer choice to use source OU or specify new one - $ouChoice = Read-Host "Use same OU as source user? [$sourceOU] (Y/N)" + # OU Selection + $ouChoice = Read-Host "Use source OU? [$sourceOU] (Y/N)" if ($ouChoice -eq 'Y' -or $ouChoice -eq 'y') { $ou = $sourceOU } else { - $ou = Read-Host "Enter new OU distinguished name (e.g., OU=Users,DC=domain,DC=com)" + $ou = Read-Host "Enter target OU DN" } - # Validate OU exists + # Validate OU try { $null = Get-ADObject -Identity $ou -ErrorAction Stop + Write-Host "Validated target OU: $ou" -ForegroundColor Cyan } catch { - Write-Host "Invalid OU specified: $ou" -ForegroundColor Red - Write-Host "Defaulting to source user's OU: $sourceOU" -ForegroundColor Yellow + Write-Host "Invalid OU, using source OU instead" -ForegroundColor Yellow $ou = $sourceOU } $password = Get-ValidPassword try { - # Build fresh email attributes for new user - $emailAddress = "$username@$Domain" - - # Base parameters that will always work + # Base parameters $newUserParams = @{ GivenName = $firstName Surname = $lastName @@ -272,48 +364,45 @@ function Copy-ExistingUser { } # Copy organizational attributes if they exist - if ($sourceUser.Company) { $newUserParams['Company'] = $sourceUser.Company } - if ($sourceUser.Department) { $newUserParams['Department'] = $sourceUser.Department } - if ($sourceUser.Title) { $newUserParams['Title'] = $sourceUser.Title } - if ($sourceUser.Office) { $newUserParams['Office'] = $sourceUser.Office } - if ($sourceUser.StreetAddress) { $newUserParams['StreetAddress'] = $sourceUser.StreetAddress } - if ($sourceUser.City) { $newUserParams['City'] = $sourceUser.City } - if ($sourceUser.State) { $newUserParams['State'] = $sourceUser.State } - if ($sourceUser.PostalCode) { $newUserParams['PostalCode'] = $sourceUser.PostalCode } - if ($sourceUser.Country) { $newUserParams['Country'] = $sourceUser.Country } - if ($sourceUser.OfficePhone) { $newUserParams['OfficePhone'] = $sourceUser.OfficePhone } + $attributesToCopy = @('Company','Department','Title','Office', + 'StreetAddress','City','State','PostalCode', + 'Country','OfficePhone') - # Try to add mailNickname if available - try { - $newUserParams['mailNickname'] = $username - Write-Host "Attempting to set mailNickname: $username" -ForegroundColor Cyan - } - catch { - Write-Host "Warning: Could not set mailNickname attribute" -ForegroundColor Yellow - } - - # Try to add proxyAddresses if available - try { - $newUserParams['proxyAddresses'] = "SMTP:$emailAddress" - Write-Host "Attempting to set proxyAddresses: SMTP:$emailAddress" -ForegroundColor Cyan - } - catch { - Write-Host "Warning: Could not set proxyAddresses attribute" -ForegroundColor Yellow - } - - Write-Host "`nCreating user with these confirmed attributes:" -ForegroundColor Cyan - $newUserParams.GetEnumerator() | Where-Object { $_.Key -ne 'AccountPassword' } | ForEach-Object { - Write-Host "$($_.Key): $($_.Value)" + foreach ($attr in $attributesToCopy) { + if ($sourceUser.$attr) { + $newUserParams[$attr] = $sourceUser.$attr + } } + Write-Host "Creating user with basic attributes..." -ForegroundColor Cyan New-ADUser @newUserParams - Write-Host "User $username created successfully in $ou!" -ForegroundColor Green + # Verify creation with retry logic + $createdUser = Test-ADUserExists -Username $username + if (-not $createdUser) { + Write-Host "WARNING: Cannot verify user immediately (replication delay?)" -ForegroundColor Yellow + Write-Host "The user was created but may not be immediately visible." -ForegroundColor Yellow + Write-Host "Please check again in a few minutes." -ForegroundColor Yellow + } + else { + Write-Host "SUCCESS: User verified with DN: $($createdUser.DistinguishedName)" -ForegroundColor Green + } + + # Set email attributes after creation + if ($username -and $emailAddress) { + Write-Host "`nSetting email attributes..." -ForegroundColor Cyan + $attributeErrors = Set-UserEmailAttributes -Username $username -EmailAddress $emailAddress -Domain $Domain + } + + # Show final details with any errors + Show-FinalUserDetails -Username $username -AttributeErrors $attributeErrors + + # Clean up password [Runtime.InteropServices.Marshal]::ZeroFreeBSTR( [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)) - # Copy group memberships (excluding Domain Users) - $copyGroups = Read-Host "Would you like to copy group memberships? (Y/N)" + # Copy groups + $copyGroups = Read-Host "`nCopy group memberships? (Y/N)" if ($copyGroups -eq 'Y' -or $copyGroups -eq 'y') { $groups = Get-ADPrincipalGroupMembership -Identity $sourceUsername | Where-Object { $_.Name -ne "Domain Users" } @@ -322,200 +411,31 @@ function Copy-ExistingUser { foreach ($group in $groups) { try { Add-ADGroupMember -Identity $group -Members $username -ErrorAction Stop - Write-Host "Added to $($group.Name) successfully." -ForegroundColor Green + Write-Host "Added to $($group.Name)" -ForegroundColor Green } catch { - Write-Host "Error adding to group $($group.Name) : $_" -ForegroundColor Red + Write-Host "Failed to add to $($group.Name) : $_" -ForegroundColor Red } } } else { - Write-Host "No additional groups to copy." -ForegroundColor Yellow + Write-Host "No additional groups to copy" -ForegroundColor Yellow } } } catch { - Write-Host "Error creating user: $($_.Exception.Message)" -ForegroundColor Red - - if ($_.Exception.Message -like "*parent is not on the list of possible superiors*") { - Write-Host "`nTROUBLESHOOTING TIPS:" -ForegroundColor Yellow - Write-Host "1. You don't have permission to create users in: $ou" -ForegroundColor Yellow - Write-Host "2. Try creating in the default Users container instead" -ForegroundColor Yellow - Write-Host "3. Run PowerShell as Domain Administrator" -ForegroundColor Yellow - } - elseif ($_.Exception.Message -like "*mailNickname*" -or $_.Exception.Message -like "*proxyAddresses*") { - Write-Host "`nNOTE: Some attributes not available in this environment" -ForegroundColor Yellow - Write-Host "The user was created successfully without these attributes" -ForegroundColor Green - } + Write-Host "ERROR: $($_.Exception.Message)" -ForegroundColor Red } } catch { Write-Host "Error accessing source user: $_" -ForegroundColor Red } + + Write-Host "`nScript completed. Press Enter to continue..." -ForegroundColor Gray + $null = Read-Host } -function CopyExistingUser { - param ( - [string]$Domain - ) - - $sourceUsername = Read-Host "Enter username of the user you want to copy" - - try { - $sourceUser = Get-ADUser -Identity $sourceUsername -Properties * -ErrorAction Stop - - Write-Host "`nCopying settings from: $($sourceUser.Name)" -ForegroundColor Cyan - Write-Host "Current OU: $($sourceUser.DistinguishedName)`n" -ForegroundColor Cyan - - # Get the parent OU from the source user's DN - $sourceOU = $sourceUser.DistinguishedName -replace '^CN=[^,]+,','' - Write-Host "Source user's OU: $sourceOU" -ForegroundColor Cyan - - $firstName = Read-Host "Enter new user's first name [$($sourceUser.GivenName)]" - if ([string]::IsNullOrWhiteSpace($firstName)) { $firstName = $sourceUser.GivenName } - - $lastName = Read-Host "Enter new user's last name [$($sourceUser.Surname)]" - if ([string]::IsNullOrWhiteSpace($lastName)) { $lastName = $sourceUser.Surname } - - $username = Read-Host "Enter new username (leave blank to auto-generate)" - - if ([string]::IsNullOrWhiteSpace($username)) { - $username = ($firstName.Substring(0,1) + $lastName).ToLower() - Write-Host "Auto-generated username: $username" -ForegroundColor Yellow - } - - $displayName = "$firstName $lastName" - - # Offer choice to use source OU or specify new one - $ouChoice = Read-Host "Use same OU as source user? [$sourceOU] (Y/N)" - if ($ouChoice -eq 'Y' -or $ouChoice -eq 'y') { - $ou = $sourceOU - } - else { - $ou = Read-Host "Enter new OU distinguished name (e.g., OU=Users,DC=domain,DC=com)" - } - - # Validate OU exists - try { - $null = Get-ADObject -Identity $ou -ErrorAction Stop - } - catch { - Write-Host "Invalid OU specified: $ou" -ForegroundColor Red - Write-Host "Defaulting to source user's OU: $sourceOU" -ForegroundColor Yellow - $ou = $sourceOU - } - - $password = Get-ValidPassword - - try { - # Build fresh email attributes for new user - $emailAddress = "$username@$Domain" - $proxyAddresses = "SMTP:$emailAddress" # Only the new primary address - - Write-Host "`nSetting email attributes:" -ForegroundColor Cyan - Write-Host "EmailAddress: $emailAddress" - Write-Host "proxyAddresses: $proxyAddresses`n" - - # Base parameters that will always work - $newUserParams = @{ - GivenName = $firstName - Surname = $lastName - Name = $displayName - DisplayName = $displayName - SamAccountName = $username - UserPrincipalName = $emailAddress - AccountPassword = $password - Enabled = $true - ChangePasswordAtLogon = $true - Path = $ou - # Copy these organizational attributes - Company = $sourceUser.Company - Department = $sourceUser.Department - Title = $sourceUser.Title - Office = $sourceUser.Office - # Set email address - EmailAddress = $emailAddress - ErrorAction = 'Stop' - } - - # Try to add mailNickname if available (with error handling) - try { - $newUserParams['mailNickname'] = $username - Write-Host "Attempting to set mailNickname: $username" -ForegroundColor Cyan - } - catch { - Write-Host "Warning: Could not set mailNickname attribute" -ForegroundColor Yellow - Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow - Write-Host "User will be created without mailNickname (can be added later)" -ForegroundColor Yellow - } - - # Try to add proxyAddresses if available (with error handling) - try { - $newUserParams['proxyAddresses'] = $proxyAddresses - } - catch { - Write-Host "Warning: Could not set proxyAddresses attribute" -ForegroundColor Yellow - Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow - } - - # Copy address fields only if they exist on source - if ($sourceUser.StreetAddress) { $newUserParams['StreetAddress'] = $sourceUser.StreetAddress } - if ($sourceUser.City) { $newUserParams['City'] = $sourceUser.City } - if ($sourceUser.State) { $newUserParams['State'] = $sourceUser.State } - if ($sourceUser.PostalCode) { $newUserParams['PostalCode'] = $sourceUser.PostalCode } - if ($sourceUser.Country) { $newUserParams['Country'] = $sourceUser.Country } - if ($sourceUser.OfficePhone) { $newUserParams['OfficePhone'] = $sourceUser.OfficePhone } - - # Create the user with whatever attributes we can set - New-ADUser @newUserParams - Write-Host "User $username created successfully in $ou!" -ForegroundColor Green - - [Runtime.InteropServices.Marshal]::ZeroFreeBSTR( - [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)) - - # Copy group memberships (excluding Domain Users) - $copyGroups = Read-Host "Would you like to copy group memberships? (Y/N)" - if ($copyGroups -eq 'Y' -or $copyGroups -eq 'y') { - $groups = Get-ADPrincipalGroupMembership -Identity $sourceUsername | - Where-Object { $_.Name -ne "Domain Users" } - - if ($groups) { - foreach ($group in $groups) { - try { - Add-ADGroupMember -Identity $group -Members $username -ErrorAction Stop - Write-Host "Added to $($group.Name) successfully." -ForegroundColor Green - } - catch { - Write-Host "Error adding to group $($group.Name) : $_" -ForegroundColor Red - } - } - } - else { - Write-Host "No additional groups to copy." -ForegroundColor Yellow - } - } - } - catch { - Write-Host "Error creating user: $($_.Exception.Message)" -ForegroundColor Red - - if ($_.Exception.Message -like "*parent is not on the list of possible superiors*") { - Write-Host "`nTROUBLESHOOTING TIPS:" -ForegroundColor Yellow - Write-Host "1. You don't have permission to create users in: $ou" -ForegroundColor Yellow - Write-Host "2. Try creating in the default Users container instead" -ForegroundColor Yellow - Write-Host "3. Run PowerShell as Domain Administrator" -ForegroundColor Yellow - } - elseif ($_.Exception.Message -like "*mailNickname*") { - Write-Host "`nNOTE: mailNickname attribute not available in this environment" -ForegroundColor Yellow - Write-Host "The user was created successfully without this attribute" -ForegroundColor Green - } - } - } - catch { - Write-Host "Error accessing source user: $_" -ForegroundColor Red - } -} - -# Main script execution +# Main execution do { Show-Menu $selection = Read-Host "Please make a selection" @@ -524,18 +444,16 @@ do { '1' { $domain = Get-DomainSelection CreateNewUser -Domain $domain - pause } '2' { $domain = Get-DomainSelection CopyExistingUser -Domain $domain - pause } 'Q' { exit } default { - Write-Host "Invalid selection. Please try again." -ForegroundColor Red + Write-Host "Invalid selection" -ForegroundColor Red pause } }