ido hemed 1 Reputation point

hey i have been asked to make a powershell script that creates users in active directory (study related) and the syntax of the scripts work fine but when i try to log in to the user it says that the username or password are incorrect i am i think there is an issue with the password syntax but i am not sure

the script

import ad moudle `

Import-Module ActiveDirectory


$firstname = Read-Host -Prompt "firstname"
$lastname = Read-Host -Prompt "lastname"
$OU = Read-Host -Prompt "destenation OU"
$password = ConvertTo-SecureString "Enter password" -AsPlainText -Force


SALES = OU=sales,DC=smartcore,DC=local

MANUFACTRING = OU=manufcturing,DC=smartcore,DC=local


FIANANCE = OU=FAINANCE,DC=smartcore,DC=OU=accunting,DC=smartcore,DC=local

CUSTOMER-SERVICE = OU=customer-services,DC=smartcore,DC=local

ACCOUNTIG = OU=accunting,DC=smartcore,DC=local

create ad user

New-ADUser -Name "$firstname $lastnamAe" -GivenName $firstname -Surname $lastname -UserPrincipalName "$firstname-$lastname" -AccountPassword (Read-Host -AsSecureString "AccountPassword") -Path $OU -Enabled $true -ChangePasswordAtLogon $true

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,407 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Michael Taylor 49,251 Reputation points

    Syntax seems fine to me although your initial block of variables includes something about passwords and that code wouldn't be used.

    Note in the docs that it says that if you provide a password to the cmdlet and the password is not complex enough then it will create the user but not set the password. You would have no way of knowing this without querying for the user to verify the account is enabled. So my initial instinct is that the password you're using isn't sufficiently complex enough to meet your AD requirements and therefore the password isn't being set.

    I would recommend that you verify the account is enabled after the call and/or use Set-ADAccountPassword instead as it seems like it reports an error if the set fails. You would need to verify this though. Also note you'd need to enable the account after the password is set as well.

    0 comments No comments