question

GarethDavies-0557 avatar image
0 Votes"
GarethDavies-0557 asked YoungYang-MSFT answered

Using variable tor -path value

I am tying to create a Powershell script to create user accounts, not a difficult task normally. However, I have been asked to create a GUI (already done) that allows the person creating the account to enter the users information and hit a button to create the account.
If I hard code the value for the -path attribute it works fine, but we have offices in multiple locations and each location has its own OU so I need to be able to use location as one of the items input by the service desk person creating the account and translate this to the path for the correct OU.
I have set it up using the entry typed in by the service desk user as a variable, the remainder of the path is set as another variable. I then use + to put the 2 variables together to create a third variable with the full path as the value
Using the get-variable cmdlet shows this has worked as intended, the full path is shown but when I put this third variable into my script as the -path value it fails, the script looks like it executes but then it displays the code executed and does not create the account. No errors are displayed.

What am I missing here?

 $OU= ",DC=domain,DC=com"
 $Path= "$locationentry"+"$OU"
 {
 New-ADUser -Name "Test User6" -GivenName "Test" -Surname "User6" -SamAccountName "testuser6" -UserPrincipalName "testuser6@domain.com" -Path $Path -AccountPassword(ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -force) -Enabled $true -ChangePasswordAtLogon $true -title "test user"  
 }

The $locationentry is the variable coming from the GUI, if I replace this with a hard coded entry it does exactly the same as it does as listed here. If I remove the variables and just hard code the path it works exactly as intended but I can't use this in production. I just don't understand why the above code is not working, even entering the full path into the $path variable fails so it looks like it is the fact I am using a variable for -path is the issue even though everything I read says this should work.

Anyone have any ideas?

windows-server-powershellwindows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

First, remove the double-quotes from line 2. They're unnecessary.

Second, remove the braces on lines 3 and 5. They're also unnecessary (at least in your example). If they're there because the New-ADUser is wrapped in a Try/Catch, you're missing the "-ErrorAction STOP" on the cmdlet.

Third, you haven't shown what the content of the variable $locationentry is. Is it "Location" or "OU=Location"?

Forth, if you want to see what's going on when that New-ADUser is running add "-Verbose" to the cmdlet. If you want to force it to die and throw an exception when there's an error add "-ErrorAction STOP" to the cmdlet. You can add both, too.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GarethDavies-0557 avatar image
0 Votes"
GarethDavies-0557 answered RichMatheisen-8856 commented

Thank you, I was missing the OU= from $locationentry

However, after fixing that it still doesn't work, adding verbose does not apear to have any effect, I still just see line 4 show up in the powershell window followed by the cursor on the next line.

Note, if I remove the braces from lines 3-5 I get an error saying "New-ADUser : The object name has bad syntax
17719-error.png

adding the braces back results in the original behavior being seen again
17765-2020-08-14-15-47-32-windows-powershell-ise.png



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there really no space between "-AccountPassword" and "(ConvertToSecureString . . .)"?

0 Votes 0 ·
charles-gerardlemetayer avatar image
0 Votes"
charles-gerardlemetayer answered RichMatheisen-8856 commented

Hello,

  1. As @RichMatheisen-8856 noticed, looks like you have a missing space between -AccountPassword and the value return by the command line (Convert...)

  2. You are using the wrong variable for Path parameter. You are sending $OU instead of $Path

  3. Avoid using + symbol to make string concatenation. It will works for a lot of cases, but you can have sometimes bad surprise.
    You can try something like $Path = "{0},{1}" -f $location,$domain or $Path = "$location,$domain"

  4. Brackets on line 3 & 5 are creating a scriptblock which contains line 4, and it won't be executed as "." is missing before "{" (or not called in an invoke or start-process or equivalent).



· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Alternative for concatenation :

     $location = "OU=GPO"  # No comma at end
     $domain  = "DC=CONTOSO,DC=LAN" # No comma at beginning and/or end
     $Path   = "{0},{1}" -f $location,$domain
    
    # or 
    
     $location = "OU=GPO"  # No comma at end
     $domain  = "DC=CONTOSO,DC=LAN" # No comma at beginning and/or end
     $Path   = "$location,$domain"   # Works until you have no "object" type variable between marks
0 Votes 0 ·

Interesting! I missed #2. It's different to what he'd posted in his question! I wonder why he changed it? Trying to use a path value that begins with a comma is certainly incorrect.

0 Votes 0 ·

the path code has been corrected

However, even using what I have been provided with here (apart from removing the {} from lines 3 and 5, reason given below) I still do not get an account created. If I run it WITH the {} in lines 3 and 5 it displays the code I just ran but does nothing else. If I remove the {} as mentioned I get the syntax error as shown in the screenshot earlier in this thread. The syntax error says the issue is at line4 character 1, so it is complaining about the new-aduser cmdlet.
So I can either have it error out as soon as I run it or I can have it look like it's doing something but not actually do it.
The syntax error, seen when the {} are removed, is seen no matter how the code is put together, hard coded attribute values or using variables, if the {} are there I get no account created no matter if the variables are used or the attributes are hard coded.

0 Votes 0 ·

Hello,

Could you please post entire updated code, without {} ?

Regards,

Charles

0 Votes 0 ·
Show more comments
YoungYang-MSFT avatar image
0 Votes"
YoungYang-MSFT answered

Hi, given that this post has been quiet for a while, this is a quick question and answer. Has your question been solved? If so, please mark it as an answer so that users with the same question can find and get help.
:)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.