How to create a user account by mirroring another account in PowerShell (Trying to learn to use Powshell for some daily AD tasks intead of the GUI)

Hi,
I am trying to create user accounts via PowerShell instead of the Gui in server 2008 R2 (PowerShell 2.0).
I know how to create a user account with the following Power Shell command below is one from a dummy domain I created to practice.
PS C:\Users\Administrator> New-ADUser -SamAccountName "TestOut" -UserPrincipalNa
me "[email protected]" -GivenName "Test" -Surname "out" -DisplayName "Testou
t" -Name "Testout" -Enabled $true -Path "CN=users,DC=bwcat,DC=net,DC=int" -Accou
ntPassword (Read-Host -AsSecureString "Enter Account Password") 
However when doing day to day tasks where I work normally we have a new hire, they contact IT and ask that a user account is created.   I will ask who they would like to mirror.
I then would go into the gui pull up the user that they want to mirror right click him and choose copy.  This would create a new user account that I would then fill out.
I am wondering if its possible to do this same thing via PowerShell, or  if its not an option because it takes more work type up everything than it does to go into the gui and do it.
Anyway thanks for the help.

Hi Wilder, hi Mark,
first of all: The tutorial sources Mark posted - especially the book "Powershell 3 in A month of lunches" - are good to get a baseline start. A really great reference, especially when you try to learn it while still dealing with your daily business.
On another note, Wilder: While I fully agree that learning things sequentially is usually the best, I too jumped right in instead of learning how to walk first (though it's been some time now. Fewer years than you'd think, but still ...). So I thought I'd
give you a little aid with that function husk, so you could just stuff interesting bits into an available structure, making use of the fun tools in a useful context (It's fun fiddling around with the commands, but if you have to type in all of them manually
each time, using the GUI is often just faster. Doing fun things and being efficient with it feels even better though ...). So ... while I
do agree with yourself, learn it the Correct & Proper Way, I also do
intend to finish this little explanation about the husk, all the way to the end.
Everything below this paragraph is part of this.
function Copy-ADUser
<#
.SYNOPSIS
A brief description of the Copy-ADUser function.
.DESCRIPTION
A detailed description of the Copy-ADUser function.
.PARAMETER GivenName
A description of the GivenName parameter.
.PARAMETER Surname
A description of the Surname parameter.
.PARAMETER Template
A description of the Template parameter.
.EXAMPLE
PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
.NOTES
Additional information about the function.
#>
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true)]
[string]
$Surname,
[Parameter(Mandatory = $true)]
[string]
$GivenName,
[Parameter(Mandatory = $true)]
[string]
$Template
) # Create finished Strings
$JoinedName = $GivenName + "." + $Surname
# Create new User
$NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName $JoinedName -Name "$Surename, $GivenName" -PassThru
# Copy from old User
$NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
# Do Whatever else you feel like doing
This is again the same function husk I posted earlier. Only this time, I filled a little logic (the pieces that were already posted in this thread). This time, I'll not only go over each part again ... I'll do it by reposting the segments and trying to show
some examples on how to modify the parts. Thus some of it will be repetitive, but this way all the info is in one spot.
Segment: Comment Based Help
<#
.SYNOPSIS
A brief description of the Copy-ADUser function.
.DESCRIPTION
A detailed description of the Copy-ADUser function.
.PARAMETER GivenName
A description of the GivenName parameter.
.PARAMETER Surname
A description of the Surname parameter.
.PARAMETER Template
A description of the Template parameter.
.EXAMPLE
PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
.NOTES
Additional information about the function.
#>
That's the premier documentation part of a function, that teaches a user what the function does and how to use it. It's what's shown when using the Get-Help cmdlet.
Comment texts are not restricted to single lines however. For example you could replace ...
.EXAMPLE
PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
... with ...
.EXAMPLE
PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
Creates a new user named Max Mustermann and copies the group memberships of the already existing user Jonny Normal to this new User
... and get an explanation on what the example does when using Get-Help with the
-Detailed parameter (Explaining examples is always a good idea).
Segment: Parameter
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true)]
[string]
$Surname,
[Parameter(Mandatory = $true)]
[string]
$GivenName,
[Parameter(Mandatory = $true)]
[string]
$Template
This is the segment that tells Powershell what input your function accepts. Each parameter of Copy-ADUser you set will be available in the next segment as a variable of the same name. You can add additional parameters if you need more information for your
logic. For example, let's add a parameter that allows you to specify what Organization the new user should belong to:
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true)]
[string]
$Surname,
[Parameter(Mandatory = $true)]
[string]
$GivenName,
[string]
$Organization,
[Parameter(Mandatory = $true)]
[string]
$Template
That's how that would look like. You may notice that I didn't add the line with
"[Parameter(Mandatory = $true)] this time. This means you
may add the Organization parameter when calling Copy-ADUser, but you need not.
Segment: Logic
# Create new User
$NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -PassThru
# Copy from old User
$NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
# Do Whatever else you feel like doing
This is the part of the function that does the actual work. Compared to the first husk I posted, this time there are two commands in it (and some comments). First, I create a new user, using the information passed into
the parameters -Surname and -GivenName. Then I Copy the group memberships of the user identified by the information given by the
-Template parameter.
So, let's modify it!
# Tell the user you are starting
Write-Host "Starting to create the user account for $GivenName $Surname"
# Create new User
$NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -PassThru
# Tell the user you are copying Group Memberships
Write-Host "Copying the group-memberhips of $Template to $GivenName $Surname"
# Copy from old User
$NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
# Do Whatever else you feel like doing
Now after adding a few lines, the logic will tell us what it's doing (and do so before it
is taking action)!
Hm ... didn't we create a change in the Parameter Segment to add an -Organization parameter? Let's use it!
# If the -Organization parameter was set, the $Organization variable will be longer than 0. Thus do ...
if ($Organization.Length -gt 0)
# Tell the user you are starting
Write-Host "Starting to create the user account for $GivenName $Surname in the Organization $Organization"
# Create new User
$NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -Organization $Organization -PassThru
# If the -Organization parameter was NOT set, the $Organization variable will have a length of 0. Thus the if-condition does not apply, thus we do the else block
else
# Tell the user you are starting
Write-Host "Starting to create the user account for $GivenName $Surname"
# Create new User
$NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -PassThru
# Tell the user you are copying Group Memberships
Write-Host "Copying the group-memberhips of $Template to $GivenName $Surname"
# Copy from old User
$NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
# Do Whatever else you feel like doing
There! Now we first check whether the -Organization parameter was set (it's not mandatory after all, so you can skip it). If it
was set, do whatever is in the curly braces after if (...). However, if it wasn't set, do whatever is in the curly braces after
else.
And that concludes my "minor" (and hopefully helpful) tutorial on how to use the function husk I posted :)
With this, whenever you find another cool command that helps you in the user creation process, you can simply add it, similar to what I did in these examples.
And if it all didn't make much sense, go through the tutorials in proper order and come back - it'll make much more sense then.
Cheers and good luck with PowerShell,
Fred
There's no place like 127.0.0.1

Similar Messages

  • How to create Mobile User Account

    Hi all,
    I have a dumb question but it makes me crazy !!!
    I'm new in CRM 5.2 and in mobile as weel.
    My question is : How to create a user acount into my mobile infrastructure ?
    I've followed the following explanation but I don't find the solution :
    [help|http://help.sap.com/saphelp_crm60/helpdata/de/c8/2ae1a3c73245c8aef8c4b69c2ff072/content.htm]
    In there, it tells me to go thought User Management tool of Mobile Application Studio ( is it Microsoft Visual Studio ?) but in there i do not find any tools.
    Thanks for your future help
    Regards

    hi,
    Creation of User Accounts
    Purpose
    This process describes the steps required to create user accounts for secured and controlled access to the Mobile Application Repository (MAR). User accounts are created for consultants, who intend to customize mobile client applications using Mobile Application Studio (MAS). User account allows a consultant to log on to MAS.
    Process Flow
           1.      During the installation of MAR, the system enables the User Management feature.
    If MAR is upgraded from a release prior to 3.0 to the current release, the User Management feature must be enabled manually by system administrator. This is done by changing the umfrc parameter value to “YES” in the ARS_SYSTABLE.
           2.      The CRM technical administrator creates a DSN to access MAR by using the default internal login arsdb with password arsdb.
           3.      The CRM technical administrator carries out the following tasks using the User Manager tool of MAS:
                                a.      Creates user accounts.
                                b.      Associates each user account with a standard MAR profile. For more information, see Profiles of the Mobile Application Repository.
                                c.      Specifies a password for each user account.
    Login IDs of the Mobile Application Repository
    Definition
    A login ID is a source through which users log on to Mobile Application Studio, and connect to the Mobile Application Repository (MAR). When MAR is installed, standard login IDs are available by default. While creating user accounts, the system administrator associates a standard login ID with the profile of each user account.
    Structure
    Login ID
    Allows you to:
    ARSAdmin
    ·        Perform administrative activities in MAR.
    ·        Create and modify development objects in MAR.
    ·        Modify the password of a user account.
    ARSDeveloper
    ·        Create and modify development objects in MAR.
    ·        Modify your own password.
    ARSUser
    ·        View development objects in MAR.
    ·        Modify your own password.
    ARSSys
    ·        Get information about the MAR.
    ·        Validate MAR users.
    ARSdb
    Create a DSN for MAR. The default password for this login is arsdb.
    Profiles of the Mobile Application Repository
    Definition
    A profile of the Mobile Application Repository (MAR) is a collection of access rights defined for:
    ·        Development objects, like tiles, tile sets and business objects of mobile client applications
    ·        Services of MAR like change lists and namespaces
    Structure
    The standard profiles that are available are listed below.
    Profile name
    Associated login ID
    Allows you to:
    Administrator
    ARSAdmin
    ·        Perform administrative activities like creating and maintaining users.
    ·        Read and write repository specific information (ARS_SYSTABLE).
    ·        Create and modify development objects in MAR.
    ·        Release and revert a change list.
    ·        Transfer the ownership of objects to another MAR.
    ·        Create link objects to integrate tile set help.
    ·        Create and modify framework objects in MAR.
    ROGuest
    ARSUser
    ·        View development objects in MAR.
    ·        Modify your own password.
    Developer
    ARSDeveloper
    ·        Read repository specific information (ARS_SYSTABLE).
    ·        Create and modify development objects in MAR.
    ·        Release change lists that have been created only by you.
    ·        Modify your own password.
    ·        Transfer the ownership of objects to another MAR.
    SPDeveloper
    ARSDeveloper
    ·        Read repository specific information (ARS_SYSTABLE).
    ·        Modify your own password.
    ·        Create and modify development objects in MAR.
    This profile does not allow you to release change lists.
    QMResponsible
    ARSDeveloper
    ·        Read repository specific information (ARS_SYSTABLE).
    ·        Create and modify development objects in MAR.
    ·        Modify your own password.
    ·        Transfer the ownership of objects to another MAR.
    ·        Release and revert change lists.
    This profile does not allow you to create a change list.
    Coordinator
    ARSDeveloper
    ·        Read repository specific information (ARS_SYSTABLE).
    ·        Create and modify development objects in MAR.
    ·        Release and revert change lists.
    ·        Modify your own password.
    ·        Transfer the ownership of objects to another MAR.
    Frwkuser
    ARSDeveloper
    ·        Read repository specific information (ARS_SYSTABLE).
    ·        Create and modify development objects in MAR.
    ·        Release the change list you have created.
    ·        Transfer the ownership of objects to another MAR.
    ·        Create and modify framework objects in MAR.
    Infodeveloper
    ARSDeveloper
    ·        Read repository specific information (ARS_SYSTABLE).
    ·        Create and modify development objects in MAR.
    ·        Release the change list you have created.
    ·        Create link objects to integrate tile set help.
    thanks
    karthik
    ifhelpfull reward me some points

  • How to create new user account and delete old one?

    Greetings,
    we have wanted to change our alias on the discussions group but understand from the frequently asked questions section that,
    "Once you create an alias, you cannot make changes to it. If you want to change your alias, you will need to create a new User Account".
    However it does not go on to tell us specifically how to now set up a "new User Account". Could someone specify how to do this? And if we do this, how would we then delete the current User Account? Thank you.
    Chris

    Colleen Von Eckartsberg wrote:
    Thanks for the reply.
    However I am still confused. I originally thought the "user account" referred to an account specific to the Discussions Forums, not the general "Apple ID" however your email seems to suggest they are one and the same....Please clarify.
    If so, however I do not think I am able to change my Apple ID. As I am a mobile me user I am required to us my mobile me address for my apple ID.....and do not think I can have two ID's with the same mobile me address.....
    Any additional thoughts are appreciated. Thanks.
    Chris
    Not with the same Primary address, but you can use your MM address as a secondary one. That is how I have my 2 Apple IDs setup. 1 uses my Dot Mac address and the other uses an ISP address as the Primary with the latter having my Dot Mac address as an alternate address.
    Warning, even if you create a new account, you won't be able to use your current ALIAS with the new account.

  • How to create a user account without a password

    how do you make a user account without a password!

    Hi Kappy,
    i checked out your bio and posts. would you be able to give me some guidance with respect to a recent post of mine. I'd appreciate any help you may offer.
    with respect to the password question, an added point may be to suggest a strong and secure password. i'm still baffled by the poor passwords in use by some of the people i know personally - and their smart individuals too.
    thanks in advance.
    blue.falcon

  • If you can't 'Create new user account' - try this!

    Over the last few days I've wasted many hours trying unsuccessfully to create a new user account so I can post to Apple Discussions. Kept going round an endless loop, back to the 'Create New User Account' form. Tried every possible solution I found through internet searches, to no avail.
    The answer, for me, turned out to be simply choosing a different alias - one that nobody else was using, presumably.
    Why, oh why, isn't there an error message that tells you this? It would have saved me so much time and frustration - and many other people too, I'm sure.

    Welcome, finally, to Discussions - you are not the first to complain about this, if you like, you can go to app.com/feedback and register your complain there as well.

  • How to use migration assistant without creating dual user accounts

    I want to use migration assistant to transfer apps, software & files on my macbook pro to my new macbook air. How can I do this without creating two user accounts for myself on the m-book air -- my account from the m-book pro & the one that the air makes me create as soon as I do start-up? Can I just use the same name & password for both? or will that make things go badly awry?
    Thanks!

    If you have not booted the MBA for the first time and gone through the Setup Assistant, then I would use the Setup Assistant to make the transfer before you even create another user account. However, if you've already created the new user account on the MBA, then create a new admine one with a different username than the account you will migrate. Log into this new account, delete the first account you made, then use Migration Assistant to transfer your account from the MBP.

  • I have created separate user accounts for my 2 boys on my macbook. How do i get my itunes library onto their new ipods?

    I have created separate user accounts for my 2 boys on my macbook. How do i get my itunes library onto their new ipods?

    They can't.  Which came first - the chicken or the egg?  Actually, that's a bad comparison but a sync must come first.
    The library is actually part of iTunes and it contains everything.  iTunes is then configured so that you (or they) determine which portion of everything will be synced to each iPod (identified by a unique name, see below for an example of an iPod and an iPad).  iTunes can't make that decision until AFTER it knows which iPods exist.
    By the way, I (you, they) can very easily change the name of each device to whatever I (you, they) wish to call it.

  • How can I find the user that created a user account and the user who last updated the account

    How can I find out who created a user account and who last updated the account. I think that this is the same information that is displayed in the description field on the General tab.
    I am using ADO commands and vbscript
    ug3j

    I should point out that there are two attributes of all AD objects that can help you track down the correct information in the system logs. These are the whenCreated and whenChanged attributes. This will tell when the object was created and when it was last
    modified, which should help when you search the logs. Also, while whenCreated is replicated to all DC's, so they will all have the exact same creation time, the whenChanged attribute is technically not replicated. The date/time on each DC reflects when
    the last modification was replicated to that DC. The values will differ slightly on each DC, reflecting how long it took for the change to replicate.
    Richard Mueller - MVP Directory Services

  • Used Migration Assistant to import PC files. It created second user account that won't sync with iPad.  How do I merge accounts?

    Used Migration Assistant to import PC files. It created second user account that won't sync with iPad.  How do I merge accounts?

    It's next to impossible to fully merge two accounts on a Mac easily.
    This being said, though, please take a look at "The Great Pondini's" site where this specific issue is addressed.  There should be information here you can use to get things sorted out.
    http://pondini.org/OSX/Transfer.html

  • Creating second user account on TC. No separate folder and security issues

    Hi,
    I've had my TC for some time, and after some start-up triuble all is working very nicely now.
    That is, until I wanted to set up the TC for my girlfriends backups too. On my mac, i created a user account for the TC, and i see two folders when i connect to the TC: "Timecapsule" and "MyAccountName". Now when i did the same on the other Macbook, i get only the "Timecapsule" account, not a folder (or sharepoint) with her account name. Also, I saw that as the sparsebundle files are on the 'main' sharepoint, it is possible to access both from both computers, wierd.
    Any thoughts on how I can use 1 TC for 2 computers with 2 sharepoints for both?
    So, on my own computer i would have a general folder and a personal folder, on the other the same...
    Help much appreciated!

    To clarify: When i connect to the TC, i mount two volumes, but on the other Macbook, I only get the main volume, not the specific user volume.

  • How to create 2 icloud accounts with one apple id

    I would like to find out how to create 2 iCloud accounts using the same apple id. Currently, my husband's iphone4S and my iPhone 4 have merged contacts which we don't want, and when he texts it shows that it is from me.

    You can't do that.  One of you will have to create a new icloud account with a new ID and connect the device to it.
    TO GET DATA FROM ONE ACCOUNT TO A NEW ACCOUNT:
    When connected to the account you want to GET data from, Go to Settings>iCloud and turn all data that is syncing with iCloud (contacts, calendars, etc.) to Off. 
    When prompted choose to keep the data on the iPhone. 
    After everything is turned off, scroll to the bottom and tap Delete Account.  Next, set up a new iCloud account using a different Apple ID and turn iCloud data syncing for contacts, etc. back to On.  When prompted, choose Merge.  This will upload the data to this new account.
    Note that this only affects the "Apple data" like contacts, calendars, reminders, etc.  Many third party apps also use iCloud to store data files there.  These files may be lost in the process, unless the apps also keep the data locally on the device.
    NOTE:  Photos in the photo stream (if you use it) will not transfer to the new account.  It is advised that you save the photos to a computer before performing the account switch. 
    CREATING A NEW ID:
    Each user should have their own icloud account, otherwise they end up getting the same emails, contacts, calendars, notes, reminders, etc. - usually not what you want.  But if all have been sharing the same itunes ID, keep it that way, you can have different IDs for itunes and icloud.
    If you already have another icloud account, and want to set it up on a device, then go to Settings>icloud, scroll to bottom of screen and tap Delete Account.  This only disconnects the device from that account, no data is lost on icloud.  Then enter the account ID that you want to use.
    To create a new icloud account, go to
    http://www.apple.com/icloud/setup/

  • HOW TO CREATE LOCAL USER PROFILE

    SIR,
       OS            -    WINDOWS SERVER 2008 R2
       SYSTEM    -    IBM  MACHINE X3400 SERIES
        1. HOW TO CREATE A USER IN WINDOWS SERVER 2008 R2  WITHOUT ACTIVE DIRECTORY 
        2.  AFTER CREATE USER IN WINDOWS SERVER 2008 R2 BUT USER PROFILE NOT CREATE .

    Hi,
    >>1. HOW TO CREATE A USER IN WINDOWS SERVER 2008 R2  WITHOUT ACTIVE DIRECTORY 
    >>2.  AFTER CREATE USER IN WINDOWS SERVER 2008 R2 BUT USER PROFILE NOT CREATE
    Creating an user account on the computer doesn't create a profile for that user. The profile is created the first time the user interactively logs on at the computer. After the user logs onto the computer for the first time, the user's local profile
    will be created in a folder with the name of the user under the systemroot/Users folder.
    Best regards,
    Frank Shen

  • How to create a user  y which will have the same content of existing user x

    how to create a user y which will have the same content of existing user x ,
    like all the tables,procedures,functions and packages

    You can do the following.
    1. Use CREATE USER to create the new account/schema
    2. Use exp to export old schema
    3 Use imp with fromuser=<old user> and touser=<newuser>

  • Create Oracle USER Account from Third Party System

    Hi there
    We have requirment to create Oracle USER Account through third party system.
    How can we achive this?
    I know ORacle Provide FND_USER_PKG.CREATEUSER API to create user
    Is there any special thing we have to do to create Oracle USER from another system?
    Thanks
    ASIM

    Hi,
    Is there any special thing we have to do to create Oracle USER from another system?I believe you need to check the third party manual or contact the vendor for other considerations when creating user accounts from this system.
    For FND_USER_PKG, please see the links referenced in this thread.
    change password of EBS user
    Re: change password of EBS user
    Regards,
    Hussein

  • Login page keeps going to "Create new user account" on login

    For about 3 weeks, whenever I log in, the next page I get is nearly always the "Create new user account" page. This happens regardless of whether I wait to let AutoFill enter my user name and password or whether I fill in the correct info myself.
    When I click the back button on my browser and finally arrive at the page with the forums list, I'm always registered as logged in. But sometimes I just end up back on the login page with a blank entry box.
    How do I get to the forums page without having to get out of the "new user account" page first? (While this isn't a huge problem, it's time-wasting and kind of annoying, and it didn't used to happen.)

    Hi Turtlewiz!
    Have you tried deleting your browser cache & cookies?
    Good Luck!
    ali b

Maybe you are looking for