Categories
Development

AD users don’t get added to groups by powershell

I have a script for adding a user to the active directory. The user gets created (although there are some issues for which I’ll create separate questions), but the user is not added to the groups, with the error that groups were not found. But I confirmed the groups are in the AD. This is the code I have now:

$Orig_exec_policy = Get-ExecutionPolicy
Set-ExecutionPolicy Bypass -Force
<# This form was created using POSHGUI.com  a free online gui designer for PowerShell
.NAME
    Untitled
#>

Add-Type -AssemblyName System.Windows.Forms
[System.Windows.Forms.Application]::EnableVisualStyles()

#region Window properties
$AD_user_creation                = New-Object system.Windows.Forms.Form
$AD_user_creation.ClientSize     = '480,740'
$AD_user_creation.text           = "AD user creation - WG Mustang"
$AD_user_creation.TopMost        = $false
#endregion

[void]$AD_user_creation.SuspendLayout()

#region Real name of the user
$Display_name_lbl                = New-Object system.Windows.Forms.Label
$Display_name_lbl.text           = "User`'s real name"
$Display_name_lbl.AutoSize       = $true
$Display_name_lbl.width          = 25
$Display_name_lbl.height         = 10
$Display_name_lbl.location       = New-Object System.Drawing.Point(10,10)

$First_name_val                  = New-Object system.Windows.Forms.TextBox
$First_name_val.multiline        = $false
$First_name_val.width            = 120
$First_name_val.height           = 20
$First_name_val.location         = New-Object System.Drawing.Point(200,10)

$Second_name_val                 = New-Object system.Windows.Forms.TextBox
$Second_name_val.multiline       = $false
$Second_name_val.width           = 120
$Second_name_val.height          = 20
$Second_name_val.location        = New-Object System.Drawing.Point(330,10)

$Display_name_val                = New-Object system.Windows.Forms.Label
$Display_name_val.Text           = ""
$Display_name_val.width          = 250
$Display_name_val.height         = 20
$Display_name_val.location       = New-Object System.Drawing.Point(200,40)
#endregion

#region User name of the user
$User_name_lbl                   = New-Object system.Windows.Forms.Label
$User_name_lbl.text              = "User logon name"
$User_name_lbl.AutoSize          = $true
$User_name_lbl.width             = 25
$User_name_lbl.height            = 10
$User_name_lbl.location          = New-Object System.Drawing.Point(10,70)

$User_name_val                   = New-Object system.Windows.Forms.TextBox
$User_name_val.multiline         = $false
$User_name_val.width             = 250
$User_name_val.height            = 20
$User_name_val.location          = New-Object System.Drawing.Point(200,70)
#endregion

#region Account password
$Password_lbl                    = New-Object system.Windows.Forms.Label
$Password_lbl.text               = "Password"
$Password_lbl.AutoSize           = $true
$Password_lbl.width              = 25
$Password_lbl.height             = 10
$Password_lbl.location           = New-Object System.Drawing.Point(10,100)

$Password_ini_val                = New-Object system.Windows.Forms.MaskedTextBox
$Password_ini_val.multiline      = $false
$Password_ini_val.width          = 250
$Password_ini_val.height         = 20
$Password_ini_val.UseSystemPasswordChar = $true
$Password_ini_val.location       = New-Object System.Drawing.Point(200,100)

$Password_conf_val               = New-Object system.Windows.Forms.MaskedTextBox
$Password_conf_val.multiline     = $false
$Password_conf_val.width         = 250
$Password_conf_val.height        = 20
$Password_conf_val.UseSystemPasswordChar = $true
$Password_conf_val.location      = New-Object System.Drawing.Point(200,130)
#endregion

#region Location of the user
$Location_lbl                    = New-Object system.Windows.Forms.Label
$Location_lbl.text               = "Location"
$Location_lbl.AutoSize           = $true
$Location_lbl.width              = 25
$Location_lbl.height             = 10
$Location_lbl.location           = New-Object System.Drawing.Point(10,160)

$Location_val                    = New-Object system.Windows.Forms.TextBox
$Location_val.multiline          = $false
$Location_val.text               = "OU=Users,OU=ADM,DC=Domain,DC=com"
$Location_val.width              = 250
$Location_val.height             = 20
$Location_val.location           = New-Object System.Drawing.Point(200,160)
#endregion

#region Checkboxes
$Must_chg_pass                   = New-Object system.Windows.Forms.CheckBox
$Must_chg_pass.text              = "User must change password at next logon"
$Must_chg_pass.AutoSize          = $false
$Must_chg_pass.width             = 290
$Must_chg_pass.height            = 20
$Must_chg_pass.location          = New-Object System.Drawing.Point(200,190)

$Cannot_chg_pass                 = New-Object system.Windows.Forms.CheckBox
$Cannot_chg_pass.text            = "User cannot change password"
$Cannot_chg_pass.AutoSize        = $false
$Cannot_chg_pass.width           = 250
$Cannot_chg_pass.height          = 20
$Cannot_chg_pass.location        = New-Object System.Drawing.Point(200,220)
$Cannot_chg_pass.Checked         = $true

$Pass_not_expires                = New-Object system.Windows.Forms.CheckBox
$Pass_not_expires.text           = "Password never expires"
$Pass_not_expires.AutoSize       = $false
$Pass_not_expires.width          = 250
$Pass_not_expires.height         = 20
$Pass_not_expires.location       = New-Object System.Drawing.Point(200,250)
$Pass_not_expires.Checked        = $true

$Account_disabled_val            = New-Object system.Windows.Forms.CheckBox
$Account_disabled_val.text       = "Account is active"
$Account_disabled_val.AutoSize   = $false
$Account_disabled_val.width      = 250
$Account_disabled_val.height     = 20
$Account_disabled_val.location   = New-Object System.Drawing.Point(200,280)
$Account_disabled_val.Checked    = $false
#endregion

#region Description
$GECOS_lbl                       = New-Object system.Windows.Forms.Label
$GECOS_lbl.text                  = "Description"
$GECOS_lbl.AutoSize              = $true
$GECOS_lbl.width                 = 25
$GECOS_lbl.height                = 10
$GECOS_lbl.location              = New-Object System.Drawing.Point(10,310)

$GECOS_val                       = New-Object system.Windows.Forms.TextBox
$GECOS_val.multiline             = $false
$GECOS_val.width                 = 250
$GECOS_val.height                = 20
$GECOS_val.location              = New-Object System.Drawing.Point(200,310)
#endregion

#region Group membership
$ADGroups_lbl                    = New-Object system.Windows.Forms.Label
$ADGroups_lbl.text               = "AD Groups"
$ADGroups_lbl.AutoSize           = $true
$ADGroups_lbl.width              = 25
$ADGroups_lbl.height             = 10
$ADGroups_lbl.location           = New-Object System.Drawing.Point(10,340)

$ADGroups_val                    = New-Object system.Windows.Forms.TextBox
$ADGroups_val.multiline          = $true
$ADGroups_val.width              = 250
$ADGroups_val.height             = 160
$ADGroups_val.location           = New-Object System.Drawing.Point(200,340)
#endregion

#region Additional attributes
$Ext_Attribute5_lbl              = New-Object System.Windows.Forms.Label
$Ext_Attribute5_lbl.Text         = "Extension Attribute5"
$Ext_Attribute5_lbl.AutoSize     = $true
$Ext_Attribute5_lbl.Width        = 25
$Ext_Attribute5_lbl.Height       = 10
$Ext_Attribute5_lbl.Location     = New-Object System.Drawing.Point(10,510)

$Ext_Attribute5_val              = New-Object System.Windows.Forms.TextBox
$Ext_Attribute5_val.Text         = "Company name"
$Ext_Attribute5_val.Multiline    = $false
$Ext_Attribute5_val.Width        = 250
$Ext_Attribute5_val.Height       = 20
$Ext_Attribute5_val.Location     = New-Object System.Drawing.Point(200,510)

$Ext_Attribute10_lbl             = New-Object System.Windows.Forms.Label
$Ext_Attribute10_lbl.Text        = "Extension Attribute10"
$Ext_Attribute10_lbl.AutoSize    = $true
$Ext_Attribute10_lbl.Width       = 25
$Ext_Attribute10_lbl.Height      = 10
$Ext_Attribute10_lbl.Location    = New-Object System.Drawing.Point(10,540)

$Ext_Attribute10_val             = New-Object System.Windows.Forms.TextBox
$Ext_Attribute10_val.Text        = "Region"
$Ext_Attribute10_val.Multiline   = $false
$Ext_Attribute10_val.Width       = 250
$Ext_Attribute10_val.Height      = 20
$Ext_Attribute10_val.Location    = New-Object System.Drawing.Point(200,540)

$Ext_Attribute15_lbl             = New-Object System.Windows.Forms.Label
$Ext_Attribute15_lbl.Text        = "Extension Attribute15"
$Ext_Attribute15_lbl.AutoSize    = $true
$Ext_Attribute15_lbl.Width       = 25
$Ext_Attribute15_lbl.Height      = 10
$Ext_Attribute15_lbl.Location    = New-Object System.Drawing.Point(10,570)

$Ext_Attribute15_val             = New-Object System.Windows.Forms.TextBox
$Ext_Attribute15_val.Text        = "EH/WH"
$Ext_Attribute15_val.Multiline   = $false
$Ext_Attribute15_val.Width       = 250
$Ext_Attribute15_val.Height      = 20
$Ext_Attribute15_val.Location    = New-Object System.Drawing.Point(200,570)

$Job_Title_lbl                   = New-Object System.Windows.Forms.Label
$Job_Title_lbl.Text              = "Job title"
$Job_Title_lbl.AutoSize          = $true
$Job_Title_lbl.Width             = 25
$Job_Title_lbl.Height            = 10
$Job_Title_lbl.Location          = New-Object System.Drawing.Point(10,600)

$Job_Title_val                   = New-Object System.Windows.Forms.TextBox
$Job_Title_val.Text              = "NA"
$Job_Title_val.Multiline         = $false
$Job_Title_val.Width             = 250
$Job_Title_val.Height            = 20
$Job_Title_val.Location          = New-Object System.Drawing.Point(200,600)

$Department_lbl                  = New-Object System.Windows.Forms.Label
$Department_lbl.Text             = "Department"
$Department_lbl.AutoSize         = $true
$Department_lbl.Width            = 25
$Department_lbl.Height           = 10
$Department_lbl.Location         = New-Object System.Drawing.Point(10,630)

$Department_val                  = New-Object System.Windows.Forms.TextBox
$Department_val.Text             = "NA"
$Department_val.Multiline        = $false
$Department_val.Width            = 250
$Department_val.Height           = 20
$Department_val.Location         = New-Object System.Drawing.Point(200,630)

$Company_lbl                     = New-Object System.Windows.Forms.Label
$Company_lbl.Text                = "Company"
$Company_lbl.AutoSize            = $true
$Company_lbl.Width               = 25
$Company_lbl.Height              = 10
$Company_lbl.Location            = New-Object System.Drawing.Point(10,660)

$Company_val                     = New-Object System.Windows.Forms.TextBox
$Company_val.Text                = "IBM"
$Company_val.Multiline           = $false
$Company_val.Width               = 250
$Company_val.Height              = 20
$Company_val.Location            = New-Object System.Drawing.Point(200,660)
#endregion

#region Buttons
$Confirm_Button                  = New-Object system.Windows.Forms.Button
$Confirm_Button.BackColor        = "#00ff00"
$Confirm_Button.text             = "OK"
$Confirm_Button.width            = 100
$Confirm_Button.height           = 30
$Confirm_Button.location         = New-Object System.Drawing.Point(200,690)
$Confirm_Button.Font             = 'Microsoft Sans Serif,10,style=Bold'
$Create_ADuser = {
  if ($Password_ini_val.Text -cne $Password_conf_val.Text)
  {
    [System.Windows.MessageBox]::Show("Passwords don't match")
  } elseif ($Password_ini_val.Text.Length -lt 8)
  {
    [System.Windows.MessageBox]::Show("Password is too short")
  } else {
    $password = $Password_ini_val.Text | ConvertTo-SecureString -AsPlainText -Force
    $Display_name = $Display_name_val.Text + " [ADM]"
    New-ADUser -GivenName $First_name_val.Text -Surname $Second_name_val.Text -DisplayName $Display_name -AccountPassword $password -Path $Location_val.Text -Name $User_name_val.Text`
     -CannotChangePassword $Cannot_chg_pass.Checked -PasswordNeverExpires $Pass_not_expires.Checked -ChangePasswordAtLogon $Must_chg_pass.Checked -Enabled $Account_disabled_val.Checked`
     -Description $GECOS_val.Text -OtherAttributes @{'ExtensionAttribute5' = $Ext_Attribute5_val.Text;'ExtensionAttribute9' = "People";'ExtensionAttribute10' = $Ext_Attribute10_val.Text;`
     'ExtensionAttribute11' = "Other";'ExtensionAttribute12' = "No";'ExtensionAttribute14' = "NA";'ExtensionAttribute15' = $Ext_Attribute15_val.Text;'Division' = "WG Mustang"}`
     -Office "NA" -OfficePhone "NA" -Title $Job_Title_val.Text -Department $Department_val.Text -Company $Company_val.Text -SamAccountName $User_name_val.Text -PassThru | `
     Add-ADPrincipalGroupMembership -MemberOf $ADGroups_val.Text
    $AD_user_creation.Close()
  }
}
$Confirm_Button.add_Click($Create_ADuser)


$Cancel_button                   = New-Object system.Windows.Forms.Button
$Cancel_button.BackColor         = "#ff0000"
$Cancel_button.text              = "Cancel"
$Cancel_button.width             = 100
$Cancel_button.height            = 30
$Cancel_button.location          = New-Object System.Drawing.Point(350,690)
$Cancel_button.Font              = 'Microsoft Sans Serif,10,style=Bold'
<#$Cancel = {
    $AD_user_creation.Close()
    exit
}#>
$Cancel_button.add_Click({
    $AD_user_creation.Close()
    exit
})

$AD_user_creation.AcceptButton   = $Confirm_Button
$AD_user_creation.CancelButton   = $Cancel_button
#endregion

$AD_user_creation.controls.AddRange(@($Display_name_lbl,$First_name_val,$Second_name_val,$User_name_lbl,$Display_name_val,$User_name_val,$Password_lbl,$Password_ini_val,$Password_conf_val,$Location_lbl,`
$Location_val,$Must_chg_pass,$Cannot_chg_pass,$Pass_not_expires,$Account_disabled_val,$GECOS_lbl,$GECOS_val,$ADGroups_lbl,$ADGroups_val,$Ext_Attribute5_lbl,$Ext_Attribute5_val,$Ext_Attribute10_lbl,`
$Ext_Attribute10_val,$Ext_Attribute15_lbl,$Ext_Attribute15_val,$Job_Title_lbl,$Job_Title_val,$Department_lbl,$Department_val,$Company_lbl,$Company_val,$Confirm_Button,$Cancel_button))

$showFullName = { $Display_name_val.Text = ($First_name_val.Text + " " + $Second_name_val.Text) }

[void]$Second_name_val.Add_Leave( { & $showFullName } )
[void]$First_name_val.Add_Leave(  { & $showFullName } )

[void]$AD_user_creation.ResumeLayout()

$result = $AD_user_creation.ShowDialog()
[void]$AD_user_creation.Dispose()

Set-ExecutionPolicy $Orig_exec_policy -Force

Originally I didn’t put the -passthru parameter to the New-ADUser (row 268) and added the Add-ADPrincipalGroupMembership cmdlet at a separate row with -Identity parameter instead, but tried the actual solution in the code above, when that didn’t work. I verified that the $ADGroups_val.Text contains the group names put in the respective textbox.
Any idea why the groups aren’t added?

Leave a Reply

Your email address will not be published. Required fields are marked *