Creating ad user account with distinguished name

1
votes

For the life of me, I can't figure a way to either create a new ad account with the distinguished name as firstname lastname instead of the username or modifying it afterwards. 

New-ADUser -SamAccountName $UserName -Name $UserName -DisplayName $DisplayName -GivenName $FirstName -Surname $LastName -UserPrincipalName $MailAddress -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-Enabled $false -Path $OU -ChangePasswordAtLogon $true -server ad.corp.com -MobilePhone $MobileNumber -OfficePhone $OfficeNumber -Title $JobTitle
$fullname = $FirstName + " " + $LastName
$distinguishedName="CN=" + $fullname + ", " + $ou
set-aduser $distinguishedName

The set-aduser returns a "directory not found" which makes sense since the distinguished name is the username.

Thanks

2
powershellactive-directory
How are you setting the OU? Also, I would strongly recommend splatting in this example for code readability and less chance of mistakes. Could you provide the full error message (redacted or w/e)? More importantly, what are you trying to do with Set-ADUser?Maximilian Burszley
Thanks for the quick response. I left out the $ou by accident. its here: $OU = "OU=Employees, OU=companyname, DC=corp, DC= co, DC=com" I dont need to use set-aduser, i just want to be able to change the current distinguished name from username to Firstname Lastname. I am playing around with rename-adobject to see if that will workkahoots

2 Answers

1
votes

You can assign your newly created ADUser to a variable and set its name as follows:

$Params = @{
    SamAccountName        = $UserName
    Name                  = $UserName
    DisplayName           = $DisplayName
    GivenName             = $FirstName
    Surname               = $LastName
    UserPrincipalName     = $MailAddress
    AccountPassword       = (ConvertTo-SecureString $Password -AsPlainText -Force)
    Enabled               = $False
    Path                  = $OU
    ChangePasswordAtLogon = $True
    Server                = 'ad.corp.com'
    MobilePhone           = $MobileNumber
    OfficePhone           = $OfficeNumber
    Title                 = $JobTitle
    PassThru              = $True
}
$ADUser = New-ADUser @Params

I couldn't test this, but it should work:

$DistinguishedName = "CN=$FirstName $LastName, $OU"
$ADUser.DistinguishedName = $DistinguishedName
0
votes

I actually got it to work by using the rename-adobject. 

Rename-ADObject -Identity $user -NewName $fullname -server ad.corp.com