@Andreas Baumgarten Hi, how are you?
I developed a Powershell script to create an AD account where a IT Support must populating many fields, like Name, Surname, Description, E-mail, password and Account expires (dd/mm/yyyy).
The script works almost perfectly. Function TestPasswordComplexy gives error on screen:
New-ADUser : The password does not meet the length, complexity, or history requirement of the domain.
At C:\Users\Administrator\Documents\scripts\testes\Versoes\Criar_conta_usuario_v.1.4 - test.ps1:123 char:1
+ New-ADUser -SamAccountName $SamAccountName -Name $DisplayName -Displa ...
The script still prints the outputs below before displaying the above error:
Passwords match.
.........
Valid password.
Username Test1 and password created successfully.
And do not create the user in AD.
But if I remove/comment Function TestPasswordComplexy, it works.
I would like Function to return in the step of entering the password after the failure.
Please give me a helping hand or a way forward. Thanks!
Full Script below:
# Variable FQDN
$DNSRoot = "@weg.art.br"
# Variables MemberOf
$MemberOfEstMediVol = "Limited Internet"
$MemberOfConc = "Ilimited Internet"
do {
do {
Write-Host "================ User account creation script ================"
write-host ""
write-host "Type 'A' to create an account for Intern."
write-host "Type 'B' to create an account for Manager."
write-host "Type 'C' to create an account for Employee."
write-host "Type 'D' to create an account for Director."
write-host ""
write-host "X - Exit"
write-host ""
Write-Host "====================================================================================="
write-host -nonewline "Type the desired option and hit Enter: "
$choice = read-host
write-host ""
$ok = @("A","B","C","D","S") -contains $choice
if ( -not $ok) { write-host "Invalid option. Enter only the letters in the Menu." -F red
write-host ""}
}
until ( $ok )
switch ( $choice ) {
"A" {write-host "You chose option 'A' - Intern" -F green
# Variables that will have values entered by the user
$Path = "OU=Users,OU=Departments,dc=weg,dc=art,dc=br"
$GivenName = Read-Host -Prompt 'Enter only the user's first name'
$Surname = Read-Host -Prompt 'Enter the user's last name'
$DisplayName = $GivenName + " " + $Surname
$Description = Read-Host -Prompt 'Enter Description'
$SamAccountName = Read-Host -Prompt 'Enter user login'
$UserPrincipalName = $SamAccountName+$DNSRoot
$Mail = $UserPrincipalName
# Insert Contract Date
Function InsertDate {
$global:expirationDate = ""
$Date = Read-Host -Prompt 'Enter the contract end date - dd/mm/yyyy'
try{
$global:expirationDate = [DateTime]::ParseExact($date,'dd/MM/yyyy',$null)
}
catch{
Write-Host ""
Write-Host " Date $date NOT VALID! " -ForegroundColor Red
Write-Host ""
Write-Host ""
Write-Host ""
Clear-Variable -name date
InsertDate
}
}
InsertDate
# Enter password, confirmation and Complexity test
Function TestPasswordComplexy {
do {
Write-Host "Enter the password carefully, because if you make a mistake you will have to enter it again." -ForegroundColor Green
$secpass = Read-Host "Type the password" -AsSecureString
$secpass2 = Read-Host "Confirm the Password" -AsSecureString
$secpass_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($secpass))
$secpass2_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($secpass2))
}
while ($secpass_text -cne $secpass2_text)
Write-Host "Passwords match." -F green
Write-Host "........." -F green
if ($null -eq (Get-Module -listavailable activedirectory))
{
# next step required AD module.
}
$policy = Get-ADDefaultDomainPasswordPolicy
$complexityRulesMet = 0
if ($policy.ComplexityEnabled)
{
# If complexity is enabled, the password must contain three of the following four categories
if ($secpass -cmatch '[a-z]') { $complexityRulesMet += 1 } # lower case
if ($secpass -cmatch '[A-Z]') { $complexityRulesMet += 1 } # capital letter
if ($secpass -match '\d') { $complexityRulesMet += 1 } # number 0...9
if ($secpass -match '[`\~!@#$%^&*()_+-=\\{}|;'''':",./<>?\[\]]') { $complexityRulesMet += 1 } # special characters
}
else
{
# Domain does not impose complexity requirement
$complexityRulesMet = 4
}
if($secpass.Length -ge $policy.MinPasswordLength -and $complexityRulesMet -ge 3)
{
Write-Host "Valid password." -ForegroundColor Green
Write-Host "...." -F green
Write-Host "........." -F green
}
else
{
Write-Host "Password NOT valid! Password must meet complexity requirements." -ForegroundColor Red
Write-Host ""
Write-Host ""
TestPasswordComplexy
}
}
TestPasswordComplexy
New-ADUser -SamAccountName $SamAccountName -Name $DisplayName -DisplayName $DisplayName -GivenName $GivenName -Surname $Surname -Description $Description -EmailAddress $Mail -UserPrincipalName $Mail -ChangePasswordAtLogon $true -Path $Path -AccountPassword $secpass -Enabled $true
Set-ADAccountExpiration -Identity $SamAccountName -DateTime $global:expirationDate -Server (Get-ADDomain).PDCEmulator -ErrorAction Ignore
Add-ADPrincipalGroupMembership -Identity $SamAccountName -MemberOf $MemberOfEstMediVol
Write-Host Username " -ForegroundColor green -NoNewline
Write-Host "$DisplayName" -ForegroundColor Black -BackgroundColor White -NoNewline
Write-Host " and password created successfully." -ForegroundColor green
Write-Host "" -F green
Write-Host "" -F green
break
}
"B" {write-host "You chose option 'B' - Manager" -F green
break
}
"C" {
write-host "You chose option 'C' - Employee" -F grenn
break
}
"D" {
write-host "You chose option 'D' - Director" -F grenn
break
}
}
}
until ( $choice -eq "S" )
Thank You!