rohskiddo/NewADUser
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: rohskiddo:243a6ad2d21d9b7efd8c495f496cc040e5de308c
Branches Tags
rohskiddo:main
..
compare: rohskiddo:f5a40e296a47408b98d94029faea8679bed75575
Branches Tags
rohskiddo:main

No commits in common. "243a6ad2d21d9b7efd8c495f496cc040e5de308c" and "f5a40e296a47408b98d94029faea8679bed75575" have entirely different histories.
243a6ad2d2 ... f5a40e296a

1 changed files with 295 additions and 213 deletions
Show Stats Expand all files Collapse all files

508
New-ADUser.ps1
View File

@ -1,17 +1,11 @@
<#
.SYNOPSIS
Creates or copies AD users with complete error handling
Creates new AD users with email attributes and copy functionality.
.DESCRIPTION
A script that can create a new user account from scratch, or copy an existing user for their security groups.
Has built-in error tolerant handling and recommendations, will continue where possible and report any issues.
Script will automatically add 'mailnickname' and 'proxyAddresses' to attribute editor.
Enhanced version with mailNickname and proxyAddresses support.
.NOTES
Author : Kyle Pope + AI
Created : 13/04/25
Version : 1.0.7
Version : 2.1
Requires : PowerShell with Active Directory module
File Name : New-ADUser.ps1
#>
# Import Active Directory module
@ -25,13 +19,13 @@ catch {
function Show-Menu {
param (
[string]$Title = 'AD User Management'
[string]$Title = 'AD User Creation Options'
)
Clear-Host
Write-Host "================ $Title ================"
Write-Host ""
Write-Host "1: Create new user"
Write-Host "2: Copy existing user"
Write-Host "1: Create a new user from scratch"
Write-Host "2: Copy settings from existing user"
Write-Host ""
Write-Host "Q: Quit"
Write-Host ""
@ -63,7 +57,8 @@ function Get-ValidPassword {
do {
$password = Read-Host "Enter password (min 8 chars, complex)" -AsSecureString
$passwordText = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
)
if ($passwordText.Length -lt 8) {
Write-Host "Password must be at least 8 characters" -ForegroundColor Red
@ -89,103 +84,6 @@ function Get-ValidPassword {
return $password
}
function Test-ADUserExists {
param (
[string]$Username,
[int]$RetryCount = 3,
[int]$DelaySeconds = 2
)
for ($i = 1; $i -le $RetryCount; $i++) {
try {
$user = Get-ADUser -Identity $Username -ErrorAction Stop
return $user
}
catch {
if ($i -lt $RetryCount) {
Write-Host "User not found yet, retrying in $DelaySeconds seconds... (Attempt $i of $RetryCount)" -ForegroundColor Yellow
Start-Sleep -Seconds $DelaySeconds
}
}
}
return $null
}
function Set-UserEmailAttributes {
param (
[string]$Username,
[string]$EmailAddress,
[string]$Domain
)
$errors = @()
# Set mailNickname if available
try {
Set-ADUser -Identity $Username -Replace @{mailNickname=$Username} -ErrorAction Stop
Write-Host "Successfully set mailNickname: $Username" -ForegroundColor Green
}
catch {
$errors += "mailNickname: $($_.Exception.Message)"
Write-Host "Warning: Could not set mailNickname - $($_.Exception.Message)" -ForegroundColor Yellow
}
# Set proxyAddresses (primary SMTP address)
try {
$proxyAddress = "SMTP:$EmailAddress"
Set-ADUser -Identity $Username -Add @{proxyAddresses=$proxyAddress} -ErrorAction Stop
Write-Host "Successfully set proxyAddresses: $proxyAddress" -ForegroundColor Green
}
catch {
$errors += "proxyAddresses: $($_.Exception.Message)"
Write-Host "Warning: Could not set proxyAddresses - $($_.Exception.Message)" -ForegroundColor Yellow
}
return $errors
}
function Show-FinalUserDetails {
param (
[string]$Username,
[array]$AttributeErrors
)
try {
$finalUser = Get-ADUser -Identity $Username -Properties * -ErrorAction SilentlyContinue
if ($finalUser) {
Write-Host "`nFinal User Details:" -ForegroundColor Cyan
$finalUser | Select-Object Name, SamAccountName, UserPrincipalName,
mailNickname, proxyAddresses, EmailAddress,
DistinguishedName, Enabled | Format-List
if ($AttributeErrors) {
Write-Host "`nAttribute Setting Errors:" -ForegroundColor Yellow
$AttributeErrors | ForEach-Object {
Write-Host " - $_" -ForegroundColor Yellow
}
}
}
else {
Write-Host "`nNote: Could not retrieve final user details (replication in progress)" -ForegroundColor Yellow
if ($AttributeErrors) {
Write-Host "`nAttribute Setting Errors:" -ForegroundColor Yellow
$AttributeErrors | ForEach-Object {
Write-Host " - $_" -ForegroundColor Yellow
}
}
}
}
catch {
Write-Host "`nNote: Could not retrieve complete user details - $($_.Exception.Message)" -ForegroundColor Yellow
if ($AttributeErrors) {
Write-Host "`nAttribute Setting Errors:" -ForegroundColor Yellow
$AttributeErrors | ForEach-Object {
Write-Host " - $_" -ForegroundColor Yellow
}
}
}
}
function CreateNewUser {
param (
[string]$Domain
@ -205,11 +103,12 @@ function CreateNewUser {
$ou = Read-Host "Enter OU distinguished name (e.g., OU=Users,DC=domain,DC=com) or leave blank for default"
$password = Get-ValidPassword
$emailAddress = "$username@$Domain"
$attributeErrors = @()
try {
# Base parameters
# Build email attributes
$emailAddress = "$username@$Domain"
# Base parameters that will always work
$newUserParams = @{
GivenName = $firstName
Surname = $lastName
@ -224,130 +123,139 @@ function CreateNewUser {
ErrorAction = 'Stop'
}
# Set OU path
if (-not [string]::IsNullOrWhiteSpace($ou)) {
$newUserParams['Path'] = $ou
Write-Host "Creating user in specified OU: $ou" -ForegroundColor Cyan
}
else {
$defaultOU = "CN=Users," + (Get-ADDomain).DistinguishedName
$newUserParams['Path'] = $defaultOU
Write-Host "Using default Users container: $defaultOU" -ForegroundColor Cyan
$newUserParams['Path'] = "CN=Users," + (Get-ADDomain).DistinguishedName
}
# Try to add mailNickname if available (with error handling)
try {
$newUserParams['mailNickname'] = $username
Write-Host "Attempting to set mailNickname: $username" -ForegroundColor Cyan
}
catch {
Write-Host "Warning: Could not set mailNickname attribute" -ForegroundColor Yellow
Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow
Write-Host "User will be created without mailNickname (can be added later)" -ForegroundColor Yellow
}
# Try to add proxyAddresses if available (with error handling)
try {
$newUserParams['proxyAddresses'] = "SMTP:$emailAddress"
Write-Host "Attempting to set proxyAddresses: SMTP:$emailAddress" -ForegroundColor Cyan
}
catch {
Write-Host "Warning: Could not set proxyAddresses attribute" -ForegroundColor Yellow
Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow
}
Write-Host "`nCreating user with these confirmed attributes:" -ForegroundColor Cyan
$newUserParams.GetEnumerator() | Where-Object { $_.Key -ne 'AccountPassword' } | ForEach-Object {
Write-Host "$($_.Key): $($_.Value)"
}
# Create the user
Write-Host "Creating user with basic attributes..." -ForegroundColor Cyan
New-ADUser @newUserParams
Write-Host "User $username created successfully!" -ForegroundColor Green
# Verify creation with retry logic
$createdUser = Test-ADUserExists -Username $username
if (-not $createdUser) {
Write-Host "WARNING: Cannot verify user immediately (replication delay?)" -ForegroundColor Yellow
Write-Host "The user was created but may not be immediately visible." -ForegroundColor Yellow
Write-Host "Please check again in a few minutes." -ForegroundColor Yellow
}
else {
Write-Host "SUCCESS: User verified with DN: $($createdUser.DistinguishedName)" -ForegroundColor Green
}
# Set email attributes after creation
if ($username -and $emailAddress) {
Write-Host "`nSetting email attributes..." -ForegroundColor Cyan
$attributeErrors = Set-UserEmailAttributes -Username $username -EmailAddress $emailAddress -Domain $Domain
}
# Show final details with any errors
Show-FinalUserDetails -Username $username -AttributeErrors $attributeErrors
# Clean up password
# Clear the plaintext password from memory
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
)
# Group membership
$addGroups = Read-Host "`nAdd user to groups? (Y/N)"
# Option to add to groups
$addGroups = Read-Host "Would you like to add the user to any groups? (Y/N)"
if ($addGroups -eq 'Y' -or $addGroups -eq 'y') {
$groups = Read-Host "Enter group names (comma separated)"
foreach ($group in ($groups -split ',').Trim()) {
$groupArray = $groups -split ','
foreach ($group in $groupArray) {
try {
Add-ADGroupMember -Identity $group -Members $username -ErrorAction Stop
Write-Host "Added to $group successfully" -ForegroundColor Green
Add-ADGroupMember -Identity $group.Trim() -Members $username -ErrorAction Stop
Write-Host "Added to $group successfully." -ForegroundColor Green
}
catch {
Write-Host "Failed to add to $group : $_" -ForegroundColor Red
Write-Host "Error adding to group $group : $_" -ForegroundColor Red
}
}
}
}
catch {
Write-Host "ERROR: $($_.Exception.Message)" -ForegroundColor Red
Write-Host "Error creating user: $($_.Exception.Message)" -ForegroundColor Red
if ($_.Exception.Message -like "*Access is denied*") {
Write-Host "`nTROUBLESHOOTING:" -ForegroundColor Yellow
Write-Host "1. Run as Administrator" -ForegroundColor Yellow
Write-Host "2. Verify permissions on target OU" -ForegroundColor Yellow
Write-Host "3. Try simpler OU path" -ForegroundColor Yellow
Write-Host "`nTROUBLESHOOTING TIPS:" -ForegroundColor Yellow
Write-Host "1. Run PowerShell as Administrator" -ForegroundColor Yellow
Write-Host "2. Verify you have permissions to create users in: $($newUserParams['Path'])" -ForegroundColor Yellow
Write-Host "3. Try a simpler OU path (e.g., CN=Users)" -ForegroundColor Yellow
}
elseif ($_.Exception.Message -like "*mailNickname*" -or $_.Exception.Message -like "*proxyAddresses*") {
Write-Host "`nNOTE: Some attributes not available in this environment" -ForegroundColor Yellow
Write-Host "The user was created successfully without these attributes" -ForegroundColor Green
Write-Host "You can add them later if needed" -ForegroundColor Yellow
}
}
Write-Host "`nScript completed. Press Enter to continue..." -ForegroundColor Gray
$null = Read-Host
}
function CopyExistingUser {
function Copy-ExistingUser {
param (
[string]$Domain
)
$sourceUsername = Read-Host "Enter username to copy"
$sourceUsername = Read-Host "Enter username of the user you want to copy"
try {
$sourceUser = Get-ADUser -Identity $sourceUsername -Properties * -ErrorAction Stop
Write-Host "`nCopying from: $($sourceUser.Name)" -ForegroundColor Cyan
Write-Host "Current location: $($sourceUser.DistinguishedName)" -ForegroundColor Cyan
Write-Host "`nCopying settings from: $($sourceUser.Name)" -ForegroundColor Cyan
Write-Host "Current OU: $($sourceUser.DistinguishedName)`n" -ForegroundColor Cyan
# Get parent OU
# Get the parent OU from the source user's DN
$sourceOU = $sourceUser.DistinguishedName -replace '^CN=[^,]+,',''
Write-Host "Source user's OU: $sourceOU" -ForegroundColor Cyan
$firstName = Read-Host "First name [$($sourceUser.GivenName)]"
$firstName = Read-Host "Enter new user's first name [$($sourceUser.GivenName)]"
if ([string]::IsNullOrWhiteSpace($firstName)) { $firstName = $sourceUser.GivenName }
$lastName = Read-Host "Last name [$($sourceUser.Surname)]"
$lastName = Read-Host "Enter new user's last name [$($sourceUser.Surname)]"
if ([string]::IsNullOrWhiteSpace($lastName)) { $lastName = $sourceUser.Surname }
$username = Read-Host "New username (blank to auto-generate)"
$username = Read-Host "Enter new username (leave blank to auto-generate)"
if ([string]::IsNullOrWhiteSpace($username)) {
$username = ($firstName.Substring(0,1) + $lastName).ToLower()
Write-Host "Auto-generated username: $username" -ForegroundColor Yellow
}
$displayName = "$firstName $lastName"
$emailAddress = "$username@$Domain"
$attributeErrors = @()
# OU Selection
$ouChoice = Read-Host "Use source OU? [$sourceOU] (Y/N)"
# Offer choice to use source OU or specify new one
$ouChoice = Read-Host "Use same OU as source user? [$sourceOU] (Y/N)"
if ($ouChoice -eq 'Y' -or $ouChoice -eq 'y') {
$ou = $sourceOU
}
else {
$ou = Read-Host "Enter target OU DN"
$ou = Read-Host "Enter new OU distinguished name (e.g., OU=Users,DC=domain,DC=com)"
}
# Validate OU
# Validate OU exists
try {
$null = Get-ADObject -Identity $ou -ErrorAction Stop
Write-Host "Validated target OU: $ou" -ForegroundColor Cyan
}
catch {
Write-Host "Invalid OU, using source OU instead" -ForegroundColor Yellow
Write-Host "Invalid OU specified: $ou" -ForegroundColor Red
Write-Host "Defaulting to source user's OU: $sourceOU" -ForegroundColor Yellow
$ou = $sourceOU
}
$password = Get-ValidPassword
try {
# Base parameters
# Build fresh email attributes for new user
$emailAddress = "$username@$Domain"
# Base parameters that will always work
$newUserParams = @{
GivenName = $firstName
Surname = $lastName
@ -364,45 +272,48 @@ function CopyExistingUser {
}
# Copy organizational attributes if they exist
$attributesToCopy = @('Company','Department','Title','Office',
'StreetAddress','City','State','PostalCode',
'Country','OfficePhone')
if ($sourceUser.Company) { $newUserParams['Company'] = $sourceUser.Company }
if ($sourceUser.Department) { $newUserParams['Department'] = $sourceUser.Department }
if ($sourceUser.Title) { $newUserParams['Title'] = $sourceUser.Title }
if ($sourceUser.Office) { $newUserParams['Office'] = $sourceUser.Office }
if ($sourceUser.StreetAddress) { $newUserParams['StreetAddress'] = $sourceUser.StreetAddress }
if ($sourceUser.City) { $newUserParams['City'] = $sourceUser.City }
if ($sourceUser.State) { $newUserParams['State'] = $sourceUser.State }
if ($sourceUser.PostalCode) { $newUserParams['PostalCode'] = $sourceUser.PostalCode }
if ($sourceUser.Country) { $newUserParams['Country'] = $sourceUser.Country }
if ($sourceUser.OfficePhone) { $newUserParams['OfficePhone'] = $sourceUser.OfficePhone }
foreach ($attr in $attributesToCopy) {
if ($sourceUser.$attr) {
$newUserParams[$attr] = $sourceUser.$attr
}
# Try to add mailNickname if available
try {
$newUserParams['mailNickname'] = $username
Write-Host "Attempting to set mailNickname: $username" -ForegroundColor Cyan
}
catch {
Write-Host "Warning: Could not set mailNickname attribute" -ForegroundColor Yellow
}
# Try to add proxyAddresses if available
try {
$newUserParams['proxyAddresses'] = "SMTP:$emailAddress"
Write-Host "Attempting to set proxyAddresses: SMTP:$emailAddress" -ForegroundColor Cyan
}
catch {
Write-Host "Warning: Could not set proxyAddresses attribute" -ForegroundColor Yellow
}
Write-Host "`nCreating user with these confirmed attributes:" -ForegroundColor Cyan
$newUserParams.GetEnumerator() | Where-Object { $_.Key -ne 'AccountPassword' } | ForEach-Object {
Write-Host "$($_.Key): $($_.Value)"
}
Write-Host "Creating user with basic attributes..." -ForegroundColor Cyan
New-ADUser @newUserParams
Write-Host "User $username created successfully in $ou!" -ForegroundColor Green
# Verify creation with retry logic
$createdUser = Test-ADUserExists -Username $username
if (-not $createdUser) {
Write-Host "WARNING: Cannot verify user immediately (replication delay?)" -ForegroundColor Yellow
Write-Host "The user was created but may not be immediately visible." -ForegroundColor Yellow
Write-Host "Please check again in a few minutes." -ForegroundColor Yellow
}
else {
Write-Host "SUCCESS: User verified with DN: $($createdUser.DistinguishedName)" -ForegroundColor Green
}
# Set email attributes after creation
if ($username -and $emailAddress) {
Write-Host "`nSetting email attributes..." -ForegroundColor Cyan
$attributeErrors = Set-UserEmailAttributes -Username $username -EmailAddress $emailAddress -Domain $Domain
}
# Show final details with any errors
Show-FinalUserDetails -Username $username -AttributeErrors $attributeErrors
# Clean up password
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
# Copy groups
$copyGroups = Read-Host "`nCopy group memberships? (Y/N)"
# Copy group memberships (excluding Domain Users)
$copyGroups = Read-Host "Would you like to copy group memberships? (Y/N)"
if ($copyGroups -eq 'Y' -or $copyGroups -eq 'y') {
$groups = Get-ADPrincipalGroupMembership -Identity $sourceUsername |
Where-Object { $_.Name -ne "Domain Users" }
@ -411,31 +322,200 @@ function CopyExistingUser {
foreach ($group in $groups) {
try {
Add-ADGroupMember -Identity $group -Members $username -ErrorAction Stop
Write-Host "Added to $($group.Name)" -ForegroundColor Green
Write-Host "Added to $($group.Name) successfully." -ForegroundColor Green
}
catch {
Write-Host "Failed to add to $($group.Name) : $_" -ForegroundColor Red
Write-Host "Error adding to group $($group.Name) : $_" -ForegroundColor Red
}
}
}
else {
Write-Host "No additional groups to copy" -ForegroundColor Yellow
Write-Host "No additional groups to copy." -ForegroundColor Yellow
}
}
}
catch {
Write-Host "ERROR: $($_.Exception.Message)" -ForegroundColor Red
Write-Host "Error creating user: $($_.Exception.Message)" -ForegroundColor Red
if ($_.Exception.Message -like "*parent is not on the list of possible superiors*") {
Write-Host "`nTROUBLESHOOTING TIPS:" -ForegroundColor Yellow
Write-Host "1. You don't have permission to create users in: $ou" -ForegroundColor Yellow
Write-Host "2. Try creating in the default Users container instead" -ForegroundColor Yellow
Write-Host "3. Run PowerShell as Domain Administrator" -ForegroundColor Yellow
}
elseif ($_.Exception.Message -like "*mailNickname*" -or $_.Exception.Message -like "*proxyAddresses*") {
Write-Host "`nNOTE: Some attributes not available in this environment" -ForegroundColor Yellow
Write-Host "The user was created successfully without these attributes" -ForegroundColor Green
}
}
}
catch {
Write-Host "Error accessing source user: $_" -ForegroundColor Red
}
Write-Host "`nScript completed. Press Enter to continue..." -ForegroundColor Gray
$null = Read-Host
}
# Main execution
function CopyExistingUser {
param (
[string]$Domain
)
$sourceUsername = Read-Host "Enter username of the user you want to copy"
try {
$sourceUser = Get-ADUser -Identity $sourceUsername -Properties * -ErrorAction Stop
Write-Host "`nCopying settings from: $($sourceUser.Name)" -ForegroundColor Cyan
Write-Host "Current OU: $($sourceUser.DistinguishedName)`n" -ForegroundColor Cyan
# Get the parent OU from the source user's DN
$sourceOU = $sourceUser.DistinguishedName -replace '^CN=[^,]+,',''
Write-Host "Source user's OU: $sourceOU" -ForegroundColor Cyan
$firstName = Read-Host "Enter new user's first name [$($sourceUser.GivenName)]"
if ([string]::IsNullOrWhiteSpace($firstName)) { $firstName = $sourceUser.GivenName }
$lastName = Read-Host "Enter new user's last name [$($sourceUser.Surname)]"
if ([string]::IsNullOrWhiteSpace($lastName)) { $lastName = $sourceUser.Surname }
$username = Read-Host "Enter new username (leave blank to auto-generate)"
if ([string]::IsNullOrWhiteSpace($username)) {
$username = ($firstName.Substring(0,1) + $lastName).ToLower()
Write-Host "Auto-generated username: $username" -ForegroundColor Yellow
}
$displayName = "$firstName $lastName"
# Offer choice to use source OU or specify new one
$ouChoice = Read-Host "Use same OU as source user? [$sourceOU] (Y/N)"
if ($ouChoice -eq 'Y' -or $ouChoice -eq 'y') {
$ou = $sourceOU
}
else {
$ou = Read-Host "Enter new OU distinguished name (e.g., OU=Users,DC=domain,DC=com)"
}
# Validate OU exists
try {
$null = Get-ADObject -Identity $ou -ErrorAction Stop
}
catch {
Write-Host "Invalid OU specified: $ou" -ForegroundColor Red
Write-Host "Defaulting to source user's OU: $sourceOU" -ForegroundColor Yellow
$ou = $sourceOU
}
$password = Get-ValidPassword
try {
# Build fresh email attributes for new user
$emailAddress = "$username@$Domain"
$proxyAddresses = "SMTP:$emailAddress" # Only the new primary address
Write-Host "`nSetting email attributes:" -ForegroundColor Cyan
Write-Host "EmailAddress: $emailAddress"
Write-Host "proxyAddresses: $proxyAddresses`n"
# Base parameters that will always work
$newUserParams = @{
GivenName = $firstName
Surname = $lastName
Name = $displayName
DisplayName = $displayName
SamAccountName = $username
UserPrincipalName = $emailAddress
AccountPassword = $password
Enabled = $true
ChangePasswordAtLogon = $true
Path = $ou
# Copy these organizational attributes
Company = $sourceUser.Company
Department = $sourceUser.Department
Title = $sourceUser.Title
Office = $sourceUser.Office
# Set email address
EmailAddress = $emailAddress
ErrorAction = 'Stop'
}
# Try to add mailNickname if available (with error handling)
try {
$newUserParams['mailNickname'] = $username
Write-Host "Attempting to set mailNickname: $username" -ForegroundColor Cyan
}
catch {
Write-Host "Warning: Could not set mailNickname attribute" -ForegroundColor Yellow
Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow
Write-Host "User will be created without mailNickname (can be added later)" -ForegroundColor Yellow
}
# Try to add proxyAddresses if available (with error handling)
try {
$newUserParams['proxyAddresses'] = $proxyAddresses
}
catch {
Write-Host "Warning: Could not set proxyAddresses attribute" -ForegroundColor Yellow
Write-Host "This attribute may not exist in your test environment" -ForegroundColor Yellow
}
# Copy address fields only if they exist on source
if ($sourceUser.StreetAddress) { $newUserParams['StreetAddress'] = $sourceUser.StreetAddress }
if ($sourceUser.City) { $newUserParams['City'] = $sourceUser.City }
if ($sourceUser.State) { $newUserParams['State'] = $sourceUser.State }
if ($sourceUser.PostalCode) { $newUserParams['PostalCode'] = $sourceUser.PostalCode }
if ($sourceUser.Country) { $newUserParams['Country'] = $sourceUser.Country }
if ($sourceUser.OfficePhone) { $newUserParams['OfficePhone'] = $sourceUser.OfficePhone }
# Create the user with whatever attributes we can set
New-ADUser @newUserParams
Write-Host "User $username created successfully in $ou!" -ForegroundColor Green
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
# Copy group memberships (excluding Domain Users)
$copyGroups = Read-Host "Would you like to copy group memberships? (Y/N)"
if ($copyGroups -eq 'Y' -or $copyGroups -eq 'y') {
$groups = Get-ADPrincipalGroupMembership -Identity $sourceUsername |
Where-Object { $_.Name -ne "Domain Users" }
if ($groups) {
foreach ($group in $groups) {
try {
Add-ADGroupMember -Identity $group -Members $username -ErrorAction Stop
Write-Host "Added to $($group.Name) successfully." -ForegroundColor Green
}
catch {
Write-Host "Error adding to group $($group.Name) : $_" -ForegroundColor Red
}
}
}
else {
Write-Host "No additional groups to copy." -ForegroundColor Yellow
}
}
}
catch {
Write-Host "Error creating user: $($_.Exception.Message)" -ForegroundColor Red
if ($_.Exception.Message -like "*parent is not on the list of possible superiors*") {
Write-Host "`nTROUBLESHOOTING TIPS:" -ForegroundColor Yellow
Write-Host "1. You don't have permission to create users in: $ou" -ForegroundColor Yellow
Write-Host "2. Try creating in the default Users container instead" -ForegroundColor Yellow
Write-Host "3. Run PowerShell as Domain Administrator" -ForegroundColor Yellow
}
elseif ($_.Exception.Message -like "*mailNickname*") {
Write-Host "`nNOTE: mailNickname attribute not available in this environment" -ForegroundColor Yellow
Write-Host "The user was created successfully without this attribute" -ForegroundColor Green
}
}
}
catch {
Write-Host "Error accessing source user: $_" -ForegroundColor Red
}
}
# Main script execution
do {
Show-Menu
$selection = Read-Host "Please make a selection"
@ -444,16 +524,18 @@ do {
'1' {
$domain = Get-DomainSelection
CreateNewUser -Domain $domain
pause
}
'2' {
$domain = Get-DomainSelection
CopyExistingUser -Domain $domain
pause
}
'Q' {
exit
}
default {
Write-Host "Invalid selection" -ForegroundColor Red
Write-Host "Invalid selection. Please try again." -ForegroundColor Red
pause
}
}