Random Samaccountname generator in AD with PowerShell

charles leon 26

Hello there, I'm new to PowerShell so I need some help. I need a PS script that will create samaccountname in AD with random and unique characters. Then I want to check the samaccountname against AD (particular OU) to see if the account already exist. If it exists, then I want to try a different account. I want to set a random password for the account. Here's an example for what the account needs to look like:

Account must be 10 characters long
Account MUST start with three unique letters . eg. PED
Account MUST have six random numbers after the unique letters. eg. PED153487
Account MUST have one unique letter at the end. eg. PED153487D

Any help will be highly appreciated. Thanks!

Accepted answer

Mhd Samer Sawas 151 Reputation points

2022-11-19T17:07:42.927+00:00

@charles leon
The error you got is a normal behavior because Active Directory does not allow you to have more than one user with the same full, name not only within an OU but across the whole domain. You can have two users with the same first and last names but not the same full name. Once you get that error, the script will ask you if you want to create more accounts so you can say yes and then choose a unique full name even if the first and last names are used before.

Finally, if your query was answered, please mark the last script as an "accepted answer" to close the thread.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

13 additional answers

charles leon 26 Reputation points

2022-11-19T00:16:07.177+00:00

I think it is an AD thing, I don't believe is anything to do with your script. AD just won't allow duplicate names in same OU. Thanks for al your help!!
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Mhd Samer Sawas 151

@charles leon

$n = 10 # Number of accounts required  
$Path = 'CN=Users,DC=contoso,DC=com' # OU for the accounts  
$UPNSuffix = '@contoso.com'  
$OutputFile = 'Accounts.csv'  
Clear-Content -Path $OutputFile -Confirm -ErrorAction SilentlyContinue  
  
for($i=0; $i -lt $n; $i++) {  
  
    $SamaccountnamePart1 = -join ((65..90) | Get-Random -Count 3  | ForEach-Object {[char]$_})  
    $SamaccountnamePart2 = Get-Random -Minimum 100000 -Maximum 999999  
    $SamaccountnamePart3 = -join ((65..90) | Get-Random -Count 1  | ForEach-Object {[char]$_})  
  
    $Samaccountname = -join ($SamaccountnamePart1, $SamaccountnamePart2, $SamaccountnamePart3)  
    $password = -join ((33..126) | Get-Random -Count 12  | ForEach-Object {[char]$_})  
  
    $NewUserParams = @{  
        'SamAccountName' = $Samaccountname  
        'UserPrincipalName' = $Samaccountname + $UPNSuffix  
        'Name' = $Samaccountname  
        'GivenName' = $Samaccountname  
        'Surname' = $Samaccountname  
        'AccountPassword' =  (ConvertTo-SecureString  -String $password -AsPlainText -Force)  
        'Path' = $Path  
        'Enabled' = $True  
    }   
    try {  
        New-ADUser @NewUserParams -ErrorAction Stop # if successful, send created account data to a file  
        [PSCustomObject]@{   
            'SamAccountName' = $Samaccountname  
            'Password' = $Password  
            } | Export-Csv $OutputFile -Append -NoTypeInformation  
    }  
    catch [Microsoft.ActiveDirectory.Management.ADIdentityAlreadyExistsException]{  
        $i-- # Duplicate Samaccountname found, retry this one  
        continue  
    }  
    catch { # some other error occured when creating the account  
        Write-Output $PSITEM.Exception.Message  
    }  
    finally {  
        $Error.Clear()  
    }  
}

charles leon 26 Reputation points

2022-11-17T18:46:52.693+00:00

Hello, thanks for the script. The only issue I see is that the first 3 letters or characters of the samaccountname MUST be unique (No random characters). And the unique characters MUST be "PED". The second part of the samccountname can be randomized (exactly six random numbers). And the last part of the samaccountname can also be randomized (Exactly one letter of the alphabet). Please let me know how this change can be made to the script. Also one last thing can the password include numbers, special characters, lowercase and uppercase? Thanks!

Mhd Samer Sawas 151

@charles leon

Sure.
The password already includes numbers, special characters, lowercase and uppercase as you can see from the accounts.csv file generated by the script.
For the unique prefix 'PED', we'll replace the first part of Samaccountname i.e. $SamaccountnamePart1 in line number 9 with a hardcoded value:
$SamaccountnamePart1 = 'PED'

Now the script will look like this:

 $n = 10 # Number of accounts required  
 $Path = 'CN=Users,DC=contoso,DC=com' # OU for the accounts  
 $UPNSuffix = '@contoso.com'  
 $OutputFile = 'Accounts.csv'  
 Clear-Content -Path $OutputFile -Confirm -ErrorAction SilentlyContinue  
      
 for($i=0; $i -lt $n; $i++) {  
      
     $SamaccountnamePart1 = 'PED'  
     $SamaccountnamePart2 = Get-Random -Minimum 100000 -Maximum 999999  
     $SamaccountnamePart3 = -join ((65..90) | Get-Random -Count 1  | ForEach-Object {[char]$_})  
      
     $Samaccountname = -join ($SamaccountnamePart1, $SamaccountnamePart2, $SamaccountnamePart3)  
     $password = -join ((33..126) | Get-Random -Count 12  | ForEach-Object {[char]$_})  
      
     $NewUserParams = @{  
         'SamAccountName' = $Samaccountname  
         'UserPrincipalName' = $Samaccountname + $UPNSuffix  
         'Name' = $Samaccountname  
         'GivenName' = $Samaccountname  
         'Surname' = $Samaccountname  
         'AccountPassword' =  (ConvertTo-SecureString  -String $password -AsPlainText -Force)  
         'Path' = $Path  
         'Enabled' = $True  
     }   
     try {  
         New-ADUser @NewUserParams -ErrorAction Stop # if successful, send created account data to a file  
         [PSCustomObject]@{   
             'SamAccountName' = $Samaccountname  
             'Password' = $Password  
             } | Export-Csv $OutputFile -Append -NoTypeInformation  
     }  
     catch [Microsoft.ActiveDirectory.Management.ADIdentityAlreadyExistsException]{  
         $i-- # Duplicate Samaccountname found, retry this one  
         continue  
     }  
     catch { # some other error occured when creating the account  
         Write-Output $PSITEM.Exception.Message  
     }  
     finally {  
         $Error.Clear()  
     }  
 }

charles leon 26 Reputation points

2022-11-18T15:22:12.03+00:00

Wow, you are awesome!! I will give this a shot and let you know how it went. As you can already tell I'm new to Powershell. So the varuable "$n =10", you commented that this is the number of accounts? SO I'm not looking to create 10 accounts, but I want that the account I'm creating is exactly 10-characters long. Example of account: PED123456D. The "PED" is unique and will never change. The six-digit numbers that come after "PED" will be generated randomly (numbers from 0 - 9) but there must be six random numbers after the hard coded "PED". Then one random letter at the end (from A - Z). Also, I see that you set the attributes Name, givenname, and surname to $Samaccountname. Can I prompt for user input to provide these attributes? Thanks for all your help!!

Mhd Samer Sawas 151

@charles leon
This version will create new accounts as much as needed and takes user input for each name, given name, and surname.

$Path = 'CN=Users,DC=contoso,DC=com' # OU for the accounts  
$UPNSuffix = '@contoso.com'  
$OutputFile = 'Accounts.csv'  
Clear-Content -Path $OutputFile -Confirm -ErrorAction SilentlyContinue  
do {  
    $SamaccountnamePart1 = 'PED'  
    $SamaccountnamePart2 = Get-Random -Minimum 100000 -Maximum 999999  
    $SamaccountnamePart3 = -join ((65..90) | Get-Random -Count 1  | ForEach-Object {[char]$_})  
    $Samaccountname = -join ($SamaccountnamePart1, $SamaccountnamePart2, $SamaccountnamePart3)  
    $password = -join ((33..126) | Get-Random -Count 12  | ForEach-Object {[char]$_})  
    $NewUserParams = @{  
        'SamAccountName' = $Samaccountname  
        'UserPrincipalName' = $Samaccountname + $UPNSuffix  
        'Name' = Read-Host -Prompt "Enter Full Name "  
        'GivenName' = Read-Host -Prompt "Enter First Name "  
        'Surname' = Read-Host -Prompt "Enter Last Name "  
        'AccountPassword' =  (ConvertTo-SecureString  -String $password -AsPlainText -Force)  
        'Path' = $Path  
        'Enabled' = $True  
    }   
    try {  
        New-ADUser @NewUserParams -ErrorAction Stop # if successful, send created account data to a file  
        [PSCustomObject]@{   
            'SamAccountName' = $Samaccountname  
            'Password' = $Password  
            'Name' = $NewUserParams.Name  
            'GivenName' = $NewUserParams.GivenName  
            'Surname' = $NewUserParams.Surname  
            } | Export-Csv $OutputFile -Append -NoTypeInformation  
    }  
    catch [Microsoft.ActiveDirectory.Management.ADIdentityAlreadyExistsException]{  
        $i-- # Duplicate Samaccountname found, retry this one  
        continue  
    }  
    catch { # some other error occured when creating the account  
        Write-Output $PSITEM.Exception.Message  
    }  
    finally {  
        $Error.Clear()  
    }  
} while (  
    ((Read-Host -Prompt "Do you want to create more accounts ? (Type 'y' for yes or any other key to exit)") -eq 'y')  
  )

charles leon 26 Reputation points

2023-12-10T20:17:07.4933333+00:00

Hello, sorry here I come again. Ok so the script works fine as far as creating the AD account just the way I want it. But when duplicate name is found, I do get the error saying that an attempt was made to create an account that already exists, but what's weird is that it displays a samaccountname saying that the account was created even though it was not. I would like the script to say the account for the user was not created because the account already exist and then ask the user if they would like to create a different account. But if there is no duplicate found, create the account and display the created samaccountname on the screen. Thanks
charles leon 26 Reputation points

2023-12-13T16:34:18.0333333+00:00

Hello, sorry to bother you, but when the script runs and find a duplicate account, I want it not to display any samaccountname, but tell the user that the account was not created due to duplicate and then ask if they would like to create a different user. If no duplicate is found, create the account and display samaccountname on the screen. Thanks

Share via

Random Samaccountname generator in AD with PowerShell

13 additional answers

Your answer