0 votes

Hi Adaxes,

I'm struggling to create an AD user in Adaxes via PowerShell, here's part of the script I have, the user information is coming from a REST API query

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the Organizational Unit
$parent = $admService.OpenObject("Adaxes://OU=New Starters,OU=Users,DC=domain,DC=com",
    $NULL, $NULL, 0)

$manager = ""
$manager = $result.ReportsToEmployeeId.DisplayValue.Trim().ToString()
$manager = get-admuser -filter {employeeID -eq $manager}

$Context.LogMessage("Name: $($result.FirstName.DisplayValue).$($result.LastName.DisplayValue)", "Information")
$Context.LogMessage("Company: $($result.Company.DisplayValue)", "Information")
$Context.LogMessage("Department: $($result.Department.DisplayValue)", "Information")
$Context.LogMessage("DisplayName: $($result.FirstName.DisplayValue) $($result.LastName.DisplayValue)", "Information")
$Context.LogMessage("EmployeeID: $($result.EmployeeId.DisplayValue)", "Information")
$Context.LogMessage("GivenName: $($result.FirstName.DisplayValue)", "Information")
$Context.LogMessage("Manager: $($manager.UserPrincipalName)", "Information")
$Context.LogMessage("Office: $($result.Location.DisplayValue)", "Information")
$Context.LogMessage("EmployeeType: $($result.EmployeeType.DisplayValue)", "Information")
$Context.LogMessage("SamAccountName: $($result.FirstName.DisplayValue).$($result.LastName.DisplayValue)", "Information")
$Context.LogMessage("Title: $($result.JobRole.DisplayValue)", "Information")
$Context.LogMessage("UserPrincipalName: $($result.FirstName.DisplayValue).$($result.LastName.DisplayValue)@Quantadt.com", "Information")
$Context.LogMessage("Email: $($result.EmailId.DisplayValue)", "Information")
$Context.LogMessage("", "Information")

# Create a new user object (PowerShell)
New-AdmUser -Name "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())" `
-Company "$($result.Company.DisplayValue)" `
-Department "$($result.Department.DisplayValue)" `
-DisplayName "$($result.FirstName.DisplayValue) $($result.LastName.DisplayValue)" `
-EmployeeID "$($result.EmployeeId.DisplayValue)" `
-GivenName "$($result.FirstName.DisplayValue)" `
-Manager $manager `
-Office "$($result.Location.DisplayValue)" `
-OtherAttributes @{'EmployeeType'="$($result.EmployeeType.DisplayValue)"} `
-Path "OU=New Starters,OU=QFSUsers,DC=uk,DC=quantafs" `
-Surname "$($result.LastName.DisplayValue)" `
-Title "$($result.JobRole.DisplayValue)" `
-SamAccountName "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())" `
-UserPrincipalName "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())@Quantadt.com"


# Create a new user object (ADSI)
$user = $parent.Create("user", "$($result.FirstName.DisplayValue.Trim().ToString()) $($result.LastName.DisplayValue.Trim().ToString())")
$user.Put("Company", "$($result.Company.DisplayValue)")
$user.Put("DisplayName", "$($result.FirstName.DisplayValue) $($result.LastName.DisplayValue)")
$user.Put("EmployeeID", "$($result.EmployeeID.DisplayValue)")
$user.Put("givenName", "$($result.FirstName.DisplayValue)")
$user.Put("Manager", "$($manager.DistinguishedName)")
$user.Put("Office", "$($result.Location.DisplayValue)")
$user.Put("EmployeeType", "$($result.EmployeeType.DisplayValue)")
$user.Put("sn", "$($result.LastName.DisplayValue)")
$user.Put("sAMAccountName", "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())")
$user.Put("Title", "$($result.JobRole.DisplayValue)")
$user.Put("UserPrincipalName", "$($result.FirstName.DisplayValue.Trim().ToString()).$($result.LastName.DisplayValue.Trim().ToString())@Quantadt.com")

# Save the user account to the directory
$user.SetInfo()

Here's the output I get from the logs

Name: Joe.Bloggs
Company: Example
Department: Example Department
DisplayName: Joe Bloggs
EmployeeID: 12345
GivenName: Joe
Manager: jane.bloggs@example.com
Office: Headquarters
EmployeeType: Employee
SamAccountName: Joe.Bloggs
Title: Manager
UserPrincipalName: joe.bloggs@example.com
Email: joebloggs@outlook.com

An error occurred when creating user 'Joe Bloggs'. Error: Exception calling "SetInfo" with "0" argument(s): "DN 'Joe Bloggs,OU=New Starters,OU=Users,DC=domain,DC=com' is invalid."

I also tried removing all the information being provided by the API by just running the below and that gave the same error:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the Organizational Unit
$parent = $admService.OpenObject("Adaxes://OU=New Starters,OU=Users,DC=domain,DC=com",
    $NULL, $NULL, 0
 # Create a new user object (ADSI)
$user = $parent.Create("user", "Joe Bloggs")

I've checked the OU and there's no property patterns applied (was thinking there were some requirements)

by (260 points)

1 Answer

0 votes
by (228k points)

Hello Richard,

The issue occurs because you are specifying the second parameter of the Create method incorrectly. It must be an RDN of the user (e.g. CN=John Smith), not just their name. For the script to work, replace this line in your script

$user = $parent.Create("user", "$($result.FirstName.DisplayValue.Trim().ToString()) $($result.LastName.DisplayValue.Trim().ToString())")

with the following one:

$user = $parent.Create("user", "CN=$($result.FirstName.DisplayValue.Trim().ToString()) $($result.LastName.DisplayValue.Trim().ToString())")

As we can see, the script is executed in Adaxes. In such cases, you do not need to load the assembly and connect to Adaxes service. The following article should be helpful: https://adaxes.com/sdk/ServerSideScripting.

0

Thanks for you help, makes sense. I've replaced that line and removed the initial connection to the Adaxes service as suggested but I now get the following:

An error occurred when creating user 'Joe Bloggs'. Error: Exception calling "SetInfo" with "0" argument(s): "The parameter is incorrect. (Server: domain.com)"

I've replaced our actual domain name with domain.com, the domain specified in the actual error is correct.

0

Hello Richard,

The error occurs because one of the property values passed for user creation is incorrect. It looks to be the value of the Manager property. Make sure that you pass a valid distinguished name to it.

Also, your script seems to create the same user twice. You need to keep the part using the Create method or the one using the New-AdmUser cmdlet.

0

Thanks for your help again,

Looks like the issue was the $user.Put("Office", "$($result.Location.DisplayValue)") the Office attribute name is physicalDeliveryOfficeName, I had just assumed the attribute name based on the New-AdmUser cmdlet.

Related questions

0 votes
1 answer

I am experimenting with the new REST api. From our HR system, we will be receiving a user's manager represented as their email address. We will pass that (manager email ... an email address for the manager of a new hire? Any advice and details appreciated.

asked Mar 5, 2021 by techg (240 points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (90 points)
0 votes
1 answer

Hello, I am having trouble updating adaxes custom attributes when creating a new user with the powershell module, would running the New-AdmUser also ... -EmployeeID $EmployeeID -MobilePhone $MobilePhone -OtherAttributes @{adm-CustomAttributeText1 = $title }

asked May 11, 2020 by bbartlett (20 points)
0 votes
1 answer

Is it possible to connect to the Microsoft 365 Security & Compliance center through a PowerShell script? We are trying to configure users that belong to a ... department for a retention policy through the use of the Set-RetentionCompliancePolicy command.

asked Jan 3 by scoutcor (100 points)
0 votes
1 answer

I have to generate an Excel sheet populated with some users informations. It works on the server itself, but not when i run it via Custom commands. There is the code that ... it does'nt open and throws an error : How to interact with com objects on Adaxes?

asked Nov 29, 2021 by diaz801 (20 points)
2,807 questions
2,541 answers
6,615 comments
65,214 users