We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Ensure Full Name is unique

February 25, 2021 Views: 3067

This PowerShell script will cancel user creation if another user with the same full name already exists in your Active Directory domain. The script gives different error messages for active users and for users located in a deprovisioned users OU.

To use the script, you need to create a business rule triggered automatically on user creation. For more details, see Validate/Modify User Input Using a Script.

Note: The script uses cmdlets from Adaxes PowerShell module for Active Directory. To run the script, you need to install the PowerShell Module for Active Directory component of Adaxes.

Parameters:

  • $errorText - Specifies the text for the error message that is displayed if an active user with the same full name is found.
  • $userDeprovisionedErrorText - Specifies the text for the error message that is displayed if a deprovisioned user with the same full name is found.
  • $deprovisionedOuDN - Specifies the Distinguished Name (DN) of the Organizational Unit for deprovisioned users.
Note: You can use value references (e.g. %fullname%) to insert the properties of the new user account in the error texts.
Edit Remove
PowerShell
Import-Module Adaxes

$fullName = $Context.GetModifiedPropertyValue("cn")

$errorText = "'" + $fullName + "' already exists!  Specify a different full name." # TODO: modify me
$userDeprovisionedErrorText = "'" + $fullName + "' already exists and has been deprovisioned. Enable the deprovisioned user account or specify a different full name." # TODO: modify me
$deprovisionedOuDN = "OU=Decommissioned Accounts,DC=example,DC=com"

$user = Get-AdmUser -Filter 'Name -eq $fullName'
if ($user -ne $NULL)
{
    $deprovisionedOu = New-Object "Softerra.Adaxes.LDAP.DN" $deprovisionedOuDN
    $userDN = New-Object "Softerra.Adaxes.LDAP.DN" $user.DistinguishedName
    if ($userDN.IsDescendantOf($deprovisionedOuDN))
    {
        $Context.Cancel($userDeprovisionedErrorText)
        return
    }
    else
    {
        $Context.Cancel($errorText)
        return
    }
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers