Share via

Powershell sAMAccountType and primaryGroupID

Ch3ll 1 Reputation point
2021-11-24T21:37:26.083+00:00

Hello. I have the following that creates an entry in the specified OU.

$File="C:\Users\user123\Desktop\mac_address.csv" # Specify the import CSV position.
$Path="ou=NETWORK AUTHENTICATION,ou=SITE,ou=ESE,dc=ESSM,dc=DM,dc=COM" # Specify the path to the OU.
Import-Csv -Path $File | ForEach-Object { New-ADComputer -Name $_.Computer -Path $Path -Enabled $True -PasswordNotRequired $True -PasswordNeverExpires $True -Description "MAC ADDRESS ACCOUNT" -AccountPassword (convertto-securestring -AsPlainText "1234QWERasdfzxcv" -Force)}

It creates an entry in the OU as a Name aaaabbbbcccc and it as Type Computer in the OU. However, I'd like to have the above where the attributes are:

sAMAccountName doesn't have a $ at the end
sAMAccountType is NORMAL_USER_ACCOUNT
primaryGroupID is Domain Users

I'm trying to mimic what was set for entries in the OU by a VBscript that no longer works. This was primarily for creating an object as the MAC address of a workstation in format aaaabbbbcccc and having the attributes mentioned above. I am NOT a script writer by any means. I've been looking at bits and pieces. Thanks for any feedback.

Windows for business | Windows Server | User experience | PowerShell
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 40,106 Reputation points
    2021-11-26T10:00:18.453+00:00

    Hello

    Thank you for your question and reaching out.

    Starting in Windows 7/2008R2, there are potential compatibility issues with using domain user accounts ending with the dollar sign ($) as a service account. Managed service accounts are identified by ending in a dollar sign ($). The system may evaluate the account as a managed service account and block the change.

    The sAMAccountName attribute of a computer object is the NetBIOS name of the computer with a trailing dollar sign, "$", appended. Besides flagging the object as a computer (which has class user), it also helps ensure uniqueness. The sAMAccountName value must be unique in the domain. Note, the Common Name of computer objects (the value of the cn attribute) does not have a trailing "$", but cn also does not uniquely identify the object in AD. The Common Name only needs to be unique in the OU or container.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/compatibility-user-accounts-end-dollar-sign

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.