New-QADUser

From PowerGUI Wiki

Jump to: navigation, search

Create a new user account in Active Directory. Supported are both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).

This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server.

Contents

Syntax

New-QADUser [-Name] <string> -ParentContainer <IdentityParameter> [-City <string>] [-Company <string>] [-Connection <ArsConnection>] [-ConnectionAccount <string>] [-ConnectionPassword <SecureString>] [-Control <hashtable>] [-Credential <PSCredential>] [-Department <string>] [-Description <string>] [-DeserializeValues] [-DisplayName <string>] [-Email <string>] [-ExcludedProperties <string[]>] [-Fax <string>] [-FirstName <string>] [-HomeDirectory <string>] [-HomeDrive <string>] [-HomePhone <string>] [-IncludedProperties <string[]>] [-Initials <string>] [-LastName <string>] [-LogonScript <string>] [-Manager <IdentityParameter>] [-MobilePhone <string>] [-Notes <string>] [-ObjectAttributes <ObjectAttributesParameter>] [-Office <string>] [-Pager <string>] [-PhoneNumber <string>] [-PostalCode <string>] [-PostOfficeBox <string>] [-ProfilePath <string>] [-Proxy] [-SamAccountName <string>] [-Service <string>] [-StateOrProvince <string>] [-StreetAddress <string>] [-Title <string>] [-UseDefaultExcludedProperties <Boolean>] [-UseGlobalCatalog] [-UserPassword <string>] [-UserPrincipalName <string>] [-WebPage <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

Detailed Description

Use this cmdlet to create a user account in Active Directory and, optionally, set attribute values in the newly created account.

This cmdlet takes a series of optional, attribute-specific parameters allowing you to set attributes in the newly created account. Thus, to set the value of the 'givenName', 'sn', or 'l' attribute, you can use the -FirstName, -LastName, or -City parameter, respectively.

If a given attribute is referred to by both the ObjectAttributes array and an attribute-specific parameter, the ObjectAttributes setting has no effect on that attribute. The cmdlet sets the attribute to the value specified by the attribute-specific parameter.

The cmdlet has optional parameters that determine the server and the security context for the operation. Normally, the connection parameters could be omitted so far as a connection to a server is established prior to using the cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.

If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.



Parameters

Name Description Required? Pipeline Input Default Value
City Set the 'l' attribute. false false
Company Set the 'company' attribute. false false
Connection For parameter description, see help on the Connect-QADService cmdlet. false false
ConnectionAccount For parameter description, see help on the Connect-QADService cmdlet. false false
ConnectionPassword For parameter description, see help on the Connect-QADService cmdlet. false false
Control Use this parameter to pass request controls (in-controls) to ActiveRoles Server as part of an operation request. In ActiveRoles Server, request controls are used to send extra information along with an operation request, to control how ActiveRoles Server performs the request.

The parameter value is a hash table that defines the names and values of the request controls to be passed to ActiveRoles Server. The parameter syntax is as follows:

   -Control @{<name> = <value>; [<name> = <value>] ...}

In this syntax, each of the name-value pairs is the name and the value of a single control. For instructions on how to create and use hash tables, see topic "about_associative_array" or "about_hash_tables" in Windows PowerShell Help. For information about ActiveRoles Server request controls, refer to ActiveRoles Server SDK documentation.

Note that this parameter only has an effect on the operations that are performed through ActiveRoles Server (connection established using the Proxy parameter); otherwise, this parameter causes an error condition in ActiveRoles Management Shell.

false false
Credential For parameter description, see help on the Connect-QADService cmdlet. false false
Department Set the 'department' attribute. false false
Description Set the 'description' attribute. false false
DeserializeValues Supply this parameter on the command line if the input you pass to the cmdlet contains serialized attribute values (for instance, when importing a directory object from a text file that was created using the Serialize parameter). For examples of how to export and import an object, see help on the Get-QADUser cmdlet. false false
DisplayName Set the 'displayName' attribute. false false
Email Not Specified false false
ExcludedProperties Use this parameter to specify the attributes that you do not want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. You could use this parameter when importing attribute values from a text file, in order to prevent some attributes found in the file from being set in the directory. false false
Fax Set the 'facsimileTelephoneNumber' attribute. false false
FirstName Set the 'givenName' attribute. false false
HomeDirectory Not Specified false false
HomeDrive Not Specified false false
HomePhone Set the 'homePhone' attribute. false false
IncludedProperties Use this parameter to specify explicitly the attributes that you want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. When used together with UseDefaultExcludedProperties, this parameter allows you to have the cmdlet update some attributes that would not be updated otherwise.

Note: If a particular attribute is listed in both ExcludedProperties and IncludedProperties, the cmdlet does not set the value of that attribute the directory.

false false
Initials Set the 'initials' attribute. false false
LastName Set the 'sn' attribute. false false
LogonScript Not Specified false false
Manager Set the 'manager' attribute. false false
MobilePhone Set the 'mobile' attribute. false false
Name Specify the name (CN) for the new user account to be created. true true (ByValue, ByPropertyName)
Notes Set the 'info' attribute. false false
ObjectAttributes Specify an associative array that defines the attributes to set. The array syntax:

@{attr1='val1';attr2='val2';...}

In this syntax, each of the key-value pairs is the LDAP display name and the value of an attribute to set. Thus, passing the @{title='Associate';l='Paris'} array to the ObjectAttributes parameter causes the cmdlet to set the 'Job Title' attribute to 'Associate and the 'City' attribute to 'Paris'.

For information about associative arrays, type the following command at the PowerShell command-prompt:

help about_associative_array

false true (ByValue, ByPropertyName)
Office Set the 'physicalDeliveryOfficeName' attribute. false false
Pager Set the 'pager' attribute. false false
ParentContainer Specify the distinguished name (DN) of the container in which you want this cmdlet to create a new user account. true true (ByPropertyName)
PhoneNumber Set the 'telephoneNumber' attribute. false false
PostalCode Set the 'postalCode' attribute. false false
PostOfficeBox Set the 'postOfficeBox' attribute. false false
ProfilePath Not Specified false false
Proxy For parameter description, see help on the Connect-QADService cmdlet. false false
SamAccountName Set the 'sAMAccountName' attribute. false false
Service For parameter description, see help on the Connect-QADService cmdlet. false false
StateOrProvince Set the 'st' attribute. false false
StreetAddress Set the 'streetAddress' attribute. false false
Title Set the 'title' attribute. false false
UseDefaultExcludedProperties When set to 'true', this parameter causes the cmdlet not to update a certain pre-defined set of attributes in the directory. This pre-defined set of attributes (referred to as "default excluded properties") can be viewed or modified by using the Get-QADPSSnapinSettings or Set-QADPSSnapinSettings cmdlet, respectively. false false
UseGlobalCatalog For parameter description, see help on the Connect-QADService cmdlet. false false
UserPassword Set the user password. false false
UserPrincipalName Set the 'userPrincipalName' attribute. false false
WebPage Set the 'wWWHomePage' attribute. false false
Confirm Prompts you for confirmation before executing the command. false false
WhatIf Describes what would happen if you executed the command without actually executing the command. false false

Examples

EXAMPLE 1

new-QADUser -name 'user1' -ParentContainer 'OU=companyOU,DC=company,DC=com' -samAccountName 'user1' -UserPassword 'P@ssword'

Description


Connect to any available domain controller with the credentials of the locally logged on user, create a new user account, and set a password for the new account.

EXAMPLE 2

$pw = read-host "Enter password" -AsSecureString

C:\PS>connect-QADService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw 

C:\PS>new-QADUser -name 'user1' -ParentContainer 'OU=companyOU,DC=company,DC=com' -UserPassword 'P@ssword'

C:\PS>disconnect-QADService

Description


Connect to the local Administration Service with the credentials of a specific user, create a new user account, set a password for the new account, and then disconnect (this example assumes that a value for the sAMAccountName attribute is to be generated by ActiveRoles Server, based on a provisioning policy).

EXAMPLE 3

$pw = read-host "Enter password" -AsSecureString

C:\PS>connect-qadService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw

C:\PS>import-csv C:\temp\data.csv |	
 %{new-qadUser -ParentContainer 'OU=companyOU,DC=company,DC=com' -name $_.'user name'}

C:\PS>disconnect-qadService

Description


Connect to the local Administration Service with the credentials of a specific user, import a CSV file, for each record in the file create a new user account with the name matching the value in the 'user name' column in the CSV file, and then disconnect. In this example, the % character preceding the script block is an alias for the ForEach-Object cmdlet. The sAMAccountName attribute is assumed to be set by ActiveRoles Server.

EXAMPLE 4

new-QADUser -Service 'server.domain.local:389' -Name 'user1' -ParentContainer '<DN of container>' -UserPassword 'P@ssword'

Description


Connect to the AD LDS instance on 'server.domain.local:389' with the credentials of the locally logged on user, and create a new AD LDS user object in a certain container.

Personal tools