This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIH%3C/text%3E%3C/svg%3E)
hey i have been asked to make a powershell script that creates users in active directory (study related) and the syntax of the scripts work fine but when i try to log in to the user it says that the username or password are incorrect i am i think there is an issue with the password syntax but i am not sure
the script
Import-Module ActiveDirectory
$firstname = Read-Host -Prompt "firstname"
$lastname = Read-Host -Prompt "lastname"
$OU = Read-Host -Prompt "destenation OU"
$password = ConvertTo-SecureString "Enter password" -AsPlainText -Force
New-ADUser -Name "$firstname $lastnamAe" -GivenName $firstname -Surname $lastname -UserPrincipalName "$firstname-$lastname" -AccountPassword (Read-Host -AsSecureString "AccountPassword") -Path $OU -Enabled $true -ChangePasswordAtLogon $true
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Syntax seems fine to me although your initial block of variables includes something about passwords and that code wouldn't be used.
Note in the docs that it says that if you provide a password to the cmdlet and the password is not complex enough then it will create the user but not set the password. You would have no way of knowing this without querying for the user to verify the account is enabled. So my initial instinct is that the password you're using isn't sufficiently complex enough to meet your AD requirements and therefore the password isn't being set.
I would recommend that you verify the account is enabled after the call and/or use Set-ADAccountPassword instead as it seems like it reports an error if the set fails. You would need to verify this though. Also note you'd need to enable the account after the password is set as well.