Vista Forums - View Single Post

permalink · 10-10-2006

To be fair to the developers of powershell. What you are running into is not
a powershell issue... If I remember correctly it is a security feature. If
you want to set a password using the LDAP provider you must use LDAP over
SSL (port 636.) This is simply because LDAP is clear text and you do not
want your password hanging out on the wire in clear text. You will find if
you write the script and run it LOCALLY on a DC it should work.

Options:
1) Do it locally on a DC
2) Do it using LDAP over SSL
3) Use Winnt provider

<krukinews@gmail.com> wrote in message
news:1160468369.398782.280480@i3g2000cwc.googlegroups.com...
> This is really frustrating.
>
> On Exchange 2007 you can do this
>
> $username = Read-Host "Enter Username: "
> $password = Read-Host "Enter password: " -AsSecureString
>
> New-MailUser -Name $username -Password $password -ExternalEmailAddress
> ($username + "@test.com").ToString() -UserPrincipalName ($username +
> "@test.com").ToString() -Organizational test.com/test
>
> It will create a user account, and its way it should be done in
> PowerShell. Clean, simple, documented.
>
> To PowerShell team.
>
> You have created something very very good.
> I have created script that converts event logs from servers into RSS
> feed in less then 3 hours.
>
> And I'm struggling to create simple user in AD, please add some of
> Exchange 2007 stuff into final release. Please.
>
> Krunoslav
>
> Jim Holbach wrote:
>> All I've been able to come up with so far is this. I haven't been able to
>> set
>> the password yet.
>>
>> $ou=[ADSI]"LDAP://cn=Users,dc=test,dc=com"
>> $user = $ou.Create("user","cn=User1")
>> $user.Put("sAMAccountName", "User1")
>> $user.SetInfo()
>>
>> $User.put("useraccountcontrol",$User.useraccountcontrol.value -band
>> (-bnot 2))
>> $user.SetInfo()
>>
>> $Group=[ADSI]"LDAP://cn=dnsadmins,cn=Users,dc=test,dc=com"
>> $Group.PutEx(3, "member", @("cn=User1,cn=Users,dc=test,dc=com"))
>> $Group.SetInfo()
>>
>> ---
>> Jim Holbach
>>
>>
>> "krukinews@gmail.com" wrote:
>>
>> > Hi,
>> >
>> > I'm trying to create new user in AD.
>> >
>> > $ou=[ADSI]"LDAP://ou=myUsers,dc=test,dc=com"
>> > $user = $ou.Create("user","cn="User1")
>> > $user.Put("sAMAccountName", "User1")
>> > $user.SetInfo()
>> >
>> > But this only creates disabled user (without password).
>> >
>> > How can I set password and enable this user?
>> > Also how can I add user to some group?
>> >
>> > Krunoslav
>> >
>> >
>

10-10-2006	#4 (permalink)
Brandon Shell n/a posts	Re: Create new user account To be fair to the developers of powershell. What you are running into is not a powershell issue... If I remember correctly it is a security feature. If you want to set a password using the LDAP provider you must use LDAP over SSL (port 636.) This is simply because LDAP is clear text and you do not want your password hanging out on the wire in clear text. You will find if you write the script and run it LOCALLY on a DC it should work. Options: 1) Do it locally on a DC 2) Do it using LDAP over SSL 3) Use Winnt provider <krukinews@gmail.com> wrote in message news:1160468369.398782.280480@i3g2000cwc.googlegroups.com... > This is really frustrating. > > On Exchange 2007 you can do this > > $username = Read-Host "Enter Username: " > $password = Read-Host "Enter password: " -AsSecureString > > New-MailUser -Name $username -Password $password -ExternalEmailAddress > ($username + "@test.com").ToString() -UserPrincipalName ($username + > "@test.com").ToString() -Organizational test.com/test > > It will create a user account, and its way it should be done in > PowerShell. Clean, simple, documented. > > To PowerShell team. > > You have created something very very good. > I have created script that converts event logs from servers into RSS > feed in less then 3 hours. > > And I'm struggling to create simple user in AD, please add some of > Exchange 2007 stuff into final release. Please. > > Krunoslav > > Jim Holbach wrote: >> All I've been able to come up with so far is this. I haven't been able to >> set >> the password yet. >> >> $ou=[ADSI]"LDAP://cn=Users,dc=test,dc=com" >> $user = $ou.Create("user","cn=User1") >> $user.Put("sAMAccountName", "User1") >> $user.SetInfo() >> >> $User.put("useraccountcontrol",$User.useraccountcontrol.value -band >> (-bnot 2)) >> $user.SetInfo() >> >> $Group=[ADSI]"LDAP://cn=dnsadmins,cn=Users,dc=test,dc=com" >> $Group.PutEx(3, "member", @("cn=User1,cn=Users,dc=test,dc=com")) >> $Group.SetInfo() >> >> --- >> Jim Holbach >> >> >> "krukinews@gmail.com" wrote: >> >> > Hi, >> > >> > I'm trying to create new user in AD. >> > >> > $ou=[ADSI]"LDAP://ou=myUsers,dc=test,dc=com" >> > $user = $ou.Create("user","cn="User1") >> > $user.Put("sAMAccountName", "User1") >> > $user.SetInfo() >> > >> > But this only creates disabled user (without password). >> > >> > How can I set password and enable this user? >> > Also how can I add user to some group? >> > >> > Krunoslav >> > >> > >
My System Specs