We use windows server as Domain controller, and for AD redundancy, we setup about 4 controllers, we have around 250k account in our domain. And our developer team developed a plugin use .NET's DirectorySearcher function to search users' account in our domain. The code works fine with most cases.
But sometimes it couldn't find some newly created account(not all newly created account, but after about 1 day, it could find them). Not sure what causes this problem.
This is the script we use for created new account.
Import-Module ActiveDirectory
Enter the file path your user CSV file is located
$NewUser = Import-Csv "C:\Users\sgodi3adm\desktop\UserID Creation\NewUser.csv"
foreach ($User in $NewUser)
{
$EmployeeNumber = $User.EmployeeNumber
$UserID = $User.UserID
$FirstName = $User.FirstName
$LastName = $User.LastName
$Description = $User.Description
$EmailAddress = $User.EmailAddress
$Telephone = $User.Telephone
$ExpirationDate = $User.ExpirationDate
$JobTitle = $User.JobTitle
$RoomNumber = $User.RoomNumber
$Password = $User.Password
$Company = $User.Company
$Department = $User.Department
#This section checks to see if the user already exists:
if (Get-ADUser -F {SamAccountName -eq $UserID})
{
Write-Warning "User $UserID already exists; bypassing"
}
else
{
#Account creation begins. Note that AccountExpirationDate must be in format MM/DD/YYYY in csv sheet
New-ADUser `
-SamAccountName $UserID `
-UserPrincipalName "$UserID@ad.uottawa.ca" `
-Name "$FirstName $LastName" `
-GivenName $FirstName `
-Surname $LastName `
-Enabled $True `
-ChangePasswordAtLogon $False `
-DisplayName "$FirstName $LastName" `
-Department "$Department" `
-Path "OU=Users,OU=Medicine,OU=Faculties,DC=uottawa,DC=ad,DC=uottawa,DC=ca" `
-AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) `
-EmployeeID $EmployeeNumber `
-Description $Description `
-EmailAddress $EmailAddress `
-OfficePhone $Telephone `
-AccountExpirationDate $ExpirationDate `
-Title $JobTitle `
-Office $RoomNumber `
-StreetAddress "451 Smyth Road" `
-City "Ottawa" `
-State "Ontario" `
-PostalCode "K1H8M5" `
-Country "CA" `
-Company "Faculty of Medicine, University of Ottawa"
Add-ADGroupMember -Identity "DFS Users" -Members $UserID
Add-ADGroupMember -Identity "Medicine Users" -Members $UserID
Write-Host -ForegroundColor Green "User $userID has been created!"
}
}
And this is the C# code we use to search accounts.
internal static SearchResultCollection GetADsObjects(string ADsFilter, string zone)
{
Credentials credentials = new Credentials();
string path = "";
if (zone == "common")
{
credentials = GetCreds("AD_common_Z");
credentials.username += "@uottawa.ad.uottawa.ca";
path = "LDAP://uottawa.ad.uottawa.ca/";
}
else if (zone == "trusted")
{
credentials = GetCreds("AD_trust_Z");
credentials.username += "@uottawa.o.univ";
path = "LDAP://uottawa.o.univ/";
}
if (credentials != null)
{
DirectoryEntry rootDSE = new DirectoryEntry(path + "rootDSE", credentials.username, credentials.password, AuthenticationTypes.Secure);
string rootDN = (string)rootDSE.Properties["defaultNamingContext"].Value;
DirectoryEntry searchRoot = new DirectoryEntry(path + rootDN, credentials.username, credentials.password, AuthenticationTypes.Secure);
DirectorySearcher searcher = new DirectorySearcher(searchRoot);
searcher.SearchScope = SearchScope.Subtree;
searcher.ReferralChasing = ReferralChasingOption.All;
searcher.PropertiesToLoad.AddRange(new string[] { "sAMAccountName" });
searcher.Filter = "(&(|(ObjectClass=User)(ObjectClass=Person))(" + ADsFilter + "))";
searcher.Sort = new SortOption("CN", SortDirection.Descending);
return searcher.FindAll();
}
else
return null;
}
Thanks for any kinds of help.