PowerShell: Copy Active Directory User

# copyADUser.ps1
# Version 0.01

$fromUsername='mTyson'
$newUserFirstname='Bruce'
$newUserLastname='Lee'
$newPassword='SOMEPASSWORD'
$newEmailAddress='bruce.lee@kimconnect.com'
$setProxyAddress=$false

function copyADUser{
  param(
    $fromUsername,
    $newUserFirstname,
    $newUserLastname,
    $newPassword,
    $newEmailAddress,
    $setProxyAddress=$false
  )
  try{
    Import-Module activedirectory
  }catch{
    write-warning $_
    return $false
  }
  $availableUserName=.{
    $index=0
    $x=($newUserFirstname.toLower())[$index]+$newUserLastname.tolower()
    do{
      $usernameExists=try{$null=get-aduser $x;$true}catch{$false}
      if($usernameExists){
        $index+=1
        $x=(($newUserFirstname.toLower())[0..$index] -join '')+$newUserLastname.tolower()
      }else{
        return $x
      }
    }until(!$usernameExists -or $newUserFirstname.length+$newUserLastname.length -eq $x.length)
    $number=1
    $x=($newUserFirstname.toLower())[$index]+$newUserLastname.tolower()
    do{
      $y=$x+"$number"
      $usernameExists=try{$null=get-aduser $y;$true}catch{$false}
      if($usernameExists){
        $number+=1
        $y=$x+"$number"
      }else{
        return $y
      }      
    }until($number -ge 10000)
    return $null
  }
  if(!$availableUserName){
    write-warning "Unable to proceed due to username being NOT available."
    return $false
  }
  function copyGroupMemberships($fromIdentity,$toIdentity){
    $ErrorActionPreference='stop'
    try{
      Import-module activedirectory
      $groupNames=(Get-ADPrincipalGroupMembership $fromIdentity).Name
      $groupNames|%{try{Add-ADGroupMember -Identity "$_" -Members $toIdentity -ea SilentlyContinue}catch{}}
      $currentMemberships=(Get-ADPrincipalGroupMembership $toIdentity).Name
      write-host "User '$env:USERDOMAIN\$toIdentity' now has these memberships:`r`n---------------------------------`r`n$($currentMemberships|out-string)"
      return $true
    }catch{
      write-warning $_
      return $false
    }
  }

  $fullName=$newUserFirstname+' '+$newUserLastname
  $newPrinciplename=$availableUserName+'@'+$env:USERDNSDOMAIN
  $securedPass=(ConvertTo-SecureString $newPassword -AsPlainText -Force)
  write-host "Creating UserID '$availableUserName' with full name of '$fullname', and setting the password of '$newPassword'"
  try{
    $copyAttributes=Get-ADUser -Identity $fromUsername -Properties StreetAddress,City,Title,PostalCode,Office,Department,Manager
    $targetOu=.{
      $x=((Get-aduser $fromUsername).DistinguishedName -split ',')
      return $x[1..$x.length] -join ','
    }
    New-ADUser -SAMAccountName $availableUserName -Name $fullName -GivenName $newUserFirstname -Surname $newUserLastname -Instance $copyAttributes -DisplayName $fullName -UserPrincipalName $newPrincipleName -AccountPassword $securedPass -ChangePasswordAtLogon $false -Enabled $true
    Set-ADUser -Identity $availableUserName -EmailAddress $newEmailAddress
    if($setProxyAddress){
      Set-ADUser -Identity $availableUserName -Add @{proxyAddresses="SMTP:$newEmailAddress";proxyAddressesForGapps="SMTP:$newEmailAddress"}
    }

    # This error would occur if UserPrincipleName is not specified or having conflicts
    # New-ADUser : The operation failed because UPN value provided for addition/modification is not unique forest-wide
    # At line:1 char:5
    # +     New-ADUser -Name $fullName -GivenName $newUserFirstname -Surname  ...
    # +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    #     + CategoryInfo          : NotSpecified: (CN=Bruce Lee...DC=kimconnect,DC=com:String) [New-ADUser], ADException
    #     + FullyQualifiedErrorId : ActiveDirectoryServer:8648,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    $currentIdentity=(Get-aduser $availableUserName).DistinguishedName
    Move-ADObject -Identity $currentIdentity -TargetPath $targetOu
    copyGroupMemberships $fromUsername $availableUserName
    return $true
  }catch{
    write-warning $_
    return $false
  }
}

copyADUser $fromUsername `
  $newUserFirstname `
  $newUserLastname `
  $newPassword `
  $newEmailAddress `
  $setProxyAddress

Leave a Reply

Your email address will not be published. Required fields are marked *