OK after further research it turns out there is apparently an easier way to import users to AD, through Quest cmdlets.

I read up a bit and have been practicing with the code.  This is what I have so far.

Add-PSSnapin Quest.ActiveRoles.ADManagement
import-csv CSVVER_users.csv
$OU= $_.OU
Foreach-Object { New-QADUser `
-ParentContainer $OU `
-name $_.FullName `
-UserPassword $_.Password `
-SamAccountName $_.LoginName `
 -FirstName $_.FirstName `
-LastName $_.LastName `
-DisplayName $_.FullName `
-UserPrincipalName $_.UPN `
-email $_.mail `
-ProfilePath $_.ProfilePath + $_.FullName `
Set-QADUser $SamAccountName -UserMustChangePassword 1 `
}

CSV Example:
OU, DomainPath, FirstName, LastName, FullName, ProfilePath, LoginName, Password, mail, UPN,
"OU=Students,OU=Users 2011,DC=home,DC=network home.network", Jessica, Smith, Jessica Smith, \\Server2008\Profiles\, j.smith, PASSword Jessica.Smith@home.network, j.smith@home.network

Error Recieved:
New-QADUser : Cannot validate argument on parameter 'ParentContainer'. The argument is null or empty. Supply an argument that is not nu ll or empty and then try the command again. At E:\Powershell\MASTER\QUESTVer\MASTER_addusers_QUEST.ps1:59 char:17 + -ParentContainer <<<< $OU ` + CategoryInfo : InvalidData: (:) [New-QADUser], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.NewUserCmdlet

Now, I've tried all sorts of combos but for some reason it seems to fail at the OU.

If I hard set it (-ParentContainer home.network/Users 2011/Students) it then moves on and says the next parameter (-name) isnt set.

Am I importing the CSV wrong some how?

Can anyone point me in the right direction please!

There's the ForEach-Object *cmdlet* (case insensitive), see get-help foreach-object, with an alias of foreach or %, and then there's the foreach *construct*, see get-help about_foreach.

They are not the same. The cmdlet must be used to take pipeline input.

So your code should be more like:
Add-PSSnapin Quest.ActiveRoles.ADManagement
import-csv CSVVER_users.csv |
Foreach-Object { New-QADUser `
-ParentContainer $_.OU `
-name $_.FullName `
-UserPassword $_.Password `
-SamAccountName $_.LoginName `
-FirstName $_.FirstName `
-LastName $_.LastName `
-DisplayName $_.FullName `
-UserPrincipalName $_.UPN `
-email $_.mail `
-ProfilePath $_.ProfilePath + $_.FullName `
Set-QADUser $SamAccountName -UserMustChangePassword 1 `
}

Thank again Marco.

I managed to get my script working with the following, except for the bold line.
I'm guess is as "$_.SamAccountName" has already been read/added that I can't re-read/add it.....

CODE:
Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
import-csv CSVVER_users.csv | foreach{ `
New-QADUser `
-name $_.FullName `
-ParentContainer $_.OU `
-DisplayName $_.FullName `
-UserPrincipalName $_.userPrincipalName `
-SamAccountName $_.SamAccountName `
-ProfilePath $_.ProfilePath `
-UserPassword $_.password `
-Firstname $_.FirstName `
-Lastname $_.LastName `
-email $_.email `
Set-QADUser $_.SamAccountName -UserMustChangePassword `
}

ERROR MESSAGE:
New-QADUser : A positional parameter cannot be found that accepts argument 'Set-QADUser'.
At E:\Powershell\MASTER\QUESTVer\MASTER_addusers_QUEST.ps1:57 char:12
+ New-QADUser <<<< `
+ CategoryInfo : InvalidArgument: (:) [New-QADUser], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.NewUserCmdlet

I've tried a few things without success...scratching my head here as most examples I find simply put this in the foreach loop.

Any ideas?

You need to get rid of the `(tick) after -email $_.email if you are going to use the Set-QADUser command (that is basically what the error is all about).

You also don't need the tick after the Set-QADUser command or after the foreach{ on the line you import-csv.

The tick is for allowing an expression to extend multiple lines (like you did for the New-QADUser command); otherwise, PowerShell will be expecting a new command/expression on a new line.

Where you can have a scriptblock (you start and end scriptblocks with curly brackets {}), you can use multiple lines of code without the need for ticks (provided each line contains the entire command or expression).  Again ticks are used to allow a single command or expression to continue onto another line.

Also you don't actually need the Set-QADUser command at the end just use -ObjectAttributes parameter.

So it would look something like this:

import-csv CSVVER_users.csv | foreach{
New-QADUser `
-name $_.FullName `
-ParentContainer $_.OU `
-DisplayName $_.FullName `
-UserPrincipalName $_.userPrincipalName `
-SamAccountName $_.SamAccountName `
-ProfilePath $_.ProfilePath `
-UserPassword $_.password `
-Firstname $_.FirstName `
-Lastname $_.LastName `
-email $_.email `
-ObjectAttributes @{UserMustChangePassword=$true}
}

THANK YOU! That worked fine. (I think)

Tell me though, the "tick" for "users must change password at next logon" doesnt seem to be ticked when I right click and go to the properties of the user. Is that significant? Should it be visable to me once the accounts are created?

from PowerShell trying getting the user with the Get-QADUser command and see if the property is set to true:

Get-QADUser | select *password*

If it is set to false then the attribute didn't set properly.

If it is set to true then ADUC is a little behind :)

(in a Barney Stinston voice) Say whaaaat? :-)

OK, Tried

Get-QADUser a.smith -IncludeAllProperties | export-csv c:\j.smith.csv

but the csv is blank, its late and I'm off to bed... if you spot any obvious mistakes, help is much appreciated.

Hi guys, back again.

Can you help me solve this:

I got my code up to a level I was happy with so I decided to test it.

I fired up the server (Windows Server 2008 Standard, x86, SP2) I then installed the x86 version of quest cmdlets (from here: http://www.quest.com/powershell/act...ver.aspx), rebooted and ran the script. It threw an error of "the server is unwilling to process the request" I started researching and wanted to have a look at the AD again, however when I tried to run "Users and Computers" server 2008 threw an error stating "Naming Information cannot be located for the following reasons in windows 2008 server - unspecified error - loads of microsoft garbage". So I researched some more and it wasnt until I uninstalled quest cmdlets and rebooted that the problems went away and I could once more open users and computers and take a look at my AD

Something I missed?? Incompatability with Server 2008 Standard? or something else? Anyone?

Never heard of it, please go to the Quest forum for help: http://www.powergui.org.

OK thanks, thread started will update if necessary.

Going back to the code then:

Can you suggest some common faults (other than password complexity) for an error of "The Server is unwilling to process the request" really scratching my head with this one..

Ive solved the above problem.

Going back to another problem you may be able to help with.

Can you provide any common faults (except for domain password complexity policy) for recieving an error message of:

New-QADUser : The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)
At C:\Users\Administrator.school\Desktop\QUESTVer\MASTER_addusers_QUEST_school.ps1:63 char:12
+ New-QADUser <<<< `
+ CategoryInfo : NotSpecified: (:) [New-QADUser], DirectoryServicesCOMException
+ FullyQualifiedErrorId : System.DirectoryServices.DirectoryServicesCOMException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.
Cmdlets.NewUserCmdlet

I'm thinking its due to some sort of policy or something but there are thousands of them and google searches are throwing up nothing useful.

Thanks!

Posted By jonnie hack on 16 Aug 2011 11:42 AM

OK thanks, thread started will update if necessary.

Thread started Marco, (http://www.powergui.org./message.js...254#55254) although I find it hard to believe that a site full of powershell coders havent come across a similar error message so to bump up my chances of getting a quick response, and to widen the people willing to help I'm keeping this thread going.

Is there anyone else on here that may be able to provide any clues to why the powershell code is throwing an error of "The server is unwilling to process the request" anything at all, just think out loud....

(but not the password policy, as thats all fine...)

Not that I know everything... But I have never come across that error before in my 5+ years of doing PowerShell stuff, so it may require advanced knowledge which only the Quest AD coders @ powergui.org may be able to help you with. I am always proven wrong though, I just want to make sure you focus more on powergui.org because I think they are in a better position to help.

Try not seeting the UserMustChangePassword attribute.
I beleive that this must be set in a seperate step.
Karl

Hi Karl, thanks for the reply! I have tried your suggestion but am still recieving the same error. :-(

Thank you anyway!

Posted By Marco Shaw (MVP) on 17 Aug 2011 08:11 AM
Not that I know everything... But I have never come across that error before in my 5+ years of doing PowerShell stuff, so it may require advanced knowledge which only the Quest AD coders @ powergui.org may be able to help you with. I am always proven wrong though, I just want to make sure you focus more on powergui.org because I think they are in a better position to help.

Error is simply:

New-QADUser : The server is unwilling to process the request. (Exception from HRESULT: 0x80072035) At E:\Powershell\Script\QUESTVer\MASTER_addusers.ps1:62 char:12 + New-QADUser <<<< ` + CategoryInfo : NotSpecified: (:) [New-QADUser], DirectoryServicesCOMException + FullyQualifiedErrorId : System.DirectoryServices.DirectoryServicesCOMException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell. Cmdlets.NewUserCmdlet

(Where Line 62 Char 12 is simply the line embolded from this code:)

Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
import-csv CSVVER_users.csv | foreach{ `
 New-QADUser `
 -name $_.FullName `
 -ParentContainer $_.OU `
 -DisplayName $_.FullName `
 -UserPrincipalName $_.userPrincipalName `
 -SamAccountName $_.SamAccountName `
 -ProfilePath $_.ProfilePath `
 -userPassword $_.Password `
 -Firstname $_.FirstName `
 -Lastname $_.Lastname `
 -email $_.email `
 -Description $_.Description `
 -ObjectAttributes @{UserMustChangePassword=$true} }

The server I'm trying to test this on has been pulled from the school it lives in as the school is undergoing makor building works over the summer hols. My aim was to add these users in before the new term starts, does anyone know if the server is not plugged into the network (standalone in my house) if this would affect the script running as the DC's cant replicate until we put it back IN situ??

This is sorted, the above didnt work. Cheers for all the help.

This is sorted, the above didnt work. Cheers for all the help.

This is sorted, the above didnt work. Cheers for all the help.