1

Can't seem to figure out what is causing the error with script below with the "New-ADUser" syntax. Not sure if anybody can spot the error?

"New-ADUser : The object name has bad syntax

At D:\ScriptPath\importadusersAndMoveOU.ps1:33 char:3"

The script works if I remove the "$NewOU" variable and have the users imported into the default "users" OU. 

# Import active directory module for running AD cmdlets
Import-Module activedirectory

#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv 'D:\CSVPATH\adusers.csv'
$NewOU = New-ADOrganizationalUnit -Name "ADMINS"

#Loop through each row containing user details in the CSV file 
foreach ($User in $ADUsers)
{
    #Read user data from each field in each row and assign the data to a 
variable as below


$DomainName = Get-ADDomain -current LocalComputer
$Username   = $User.username
$Password   = "TestPassword12345"
$Firstname  = $User.firstname
$Lastname   = $User.lastname
$OU         = $NewOU+","+$DomainName.DistinguishedName
$upn = $Username+"@"+$DomainName.DNSRoot

#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
     #If user does exist, give a warning
     Write-Warning "A user account with username $Username already exist in Active Directory."
}
else
{
    #User does not exist then proceed to create the new user account

    #Account will be created in the OU provided by the $OU variable read from the CSV file
    New-ADUser `
        -SamAccountName $Username `
        -UserPrincipalName $upn `
        -Name "$Firstname $Lastname" `
        -GivenName $Firstname `
        -Surname $Lastname `
        -Enabled $True `
        -DisplayName "$Lastname, $Firstname" `
        -Path $OU `
        -AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True
    Add-ADGroupMember "domain admins" $username
    Add-ADGroupMember "enterprise admins" $Username
    }
}
Improve this question
1
  • 1
    It may be just me, but each time you create a user I think it is trying to create a new OU and erroring out. Try defining the OU after creating it outside the loop. Commented Aug 13, 2018 at 8:23

1 Answer 1

Reset to default
2

The New-ADOrganizationalUnit -Name "ADMINS" command creates a new OU under the default NC head for the domain. If you want that elsewhere, you should use the -Path <DistinghuisedName of Parent OU> parameter.

However, as Drew Lean already commented, this code does not check if the OU exists before trying to create it, so a quick test might be in order here:

[adsi]::Exists("LDAP://OU=ADMINS,DC=domain,DC=com")

or 

Get-ADOrganizationalUnit -Filter "distinguishedName -eq 'OU=ADMINS,DC=domain,DC=com'"
# don't filter on 'Name' because it is more than likely you have several OUs with the same name

Next, the part where you construct the distinguishedName for variable $OU results in a badly formatted string. $OU = $NewOU+","+$DomainName.DistinguishedName will result in "ADMINS,DC=domain,DC=com" which is not a valid DistinghuishedName, hence the error The object name has bad syntax

Try getting the DN of the existing OU first and if that does not exist, capture it after the creation and store the DistinghuishedName in variable $OU

something like this:

$OU = "OU=ADMINS,DC=domain,DC=com"
if (-not (Get-ADOrganizationalUnit -Filter "distinguishedName -eq '$OU'")) {
    $NewOU = New-ADOrganizationalUnit -Name "ADMINS" -PassThru
    $OU = $NewOU.DistinghuishedName
}

ps. The Identity parameter for Get-ADOrganizationalUnit must be one of:

  • A distinguished name
  • A GUID (objectGUID)
  • A security identifier (objectSid)
  • A Security Account Manager account name (sAMAccountName)
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for this, I think the issue was with the code not checking if the OU exists and trying to create for each user. Going to try amend the script so the OU is created initially before the loop and the loop can then assign each user to the OU.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.