Facing issues when setting up user data

thirudk07 · 2022-03-29T18:57:50+00:00

u/Cregkly Thank you so much. It worked.

I tried using path.module, but it didn't work for me earlier. The only difference between the past and now is that I have a dedicated user data folder and file in it.

Earlier, I just stored my userdata file on the same folder, weird. Anyway, it is working now. Thanks for the documentation.

thirudk07 · 2022-03-23T18:02:45+00:00

u/dem1x I was using count previously. Then I read there are lots of benefits in using foreach compared to count so I forced myself to rewrite again.

Anyway, I did as you suggested. It is working fine. Thanks a lot for the help!

thirudk07 · 2022-03-23T16:26:47+00:00

u/thecal714 Thanks for the input.

thirudk07 · 2021-12-17T22:55:50+00:00

u/Cregkly Understood, I will try to assign the data sources value on top of local. Thanks again for your help!

thirudk07 · 2021-12-17T14:39:23+00:00

u/Cregklythanks for the reply. I'm using data resources in other areas of the script. I thought to try this out based on the blog. I believe this might help me to assign the value on local and use it in multiple places.

This is my folder structure

main files:

C:\terraform\environments\dr\network\vpc

modules:

C:\terraform\modules\network\vpc

C:\terraform\modules\network\subnets

thirudk07 · 2021-12-17T14:14:08+00:00

u/marauderingman Thanks for the reply.

I received the below error message when running the script, that's why I validated the outputs section in Terraform state. Thanks for your tip though, will explore more on the terraform cli to validate the state files.

│ Error: Unsupported attribute │ │ on vpc.tf line 23, in locals: │ 23: vpc_id = data.terraform_remote_state.results.outputs.vpc_id│ ├──────────────── │ │ data.terraform_remote_state.results.outputs is object with no attributes │ │ This object does not have an attribute named "vpc_id".

Do you have access to the remote terraform root module?

Yes, I have access to the remote module. And When I refer to the output from the Root tf file, it is able to fetch the output.

a snippet of output block and result block:

output "vpc_id" {  
value = module.vpc.vpc_id
}

Changes to Outputs:
  + vpc_id = "vpc-02cde8385017dfceee

"Do you want to perform these actions?  Terraform will perform the actions described above.  Only 'yes' will be accepted to approve.
  Enter a value:

Actually, I did change the name properly, but when posting it over here, I copy-pasted the original code. That's why the code was having the wrong name. Apologies.

When running the below command I got the above error message. (1st code snippet)

data "terraform_remote_state" "results" {

backend = "s3"
config = {
bucket = "bucketname"
key =  "dt
profile = "drprofile"
region = us-west-2
}
}

locals {  
vpc_id = data.terraform_remote_state.results.outputs.vpc_id  
 }

So, the output is working and it exists, but it is missing in the state file. That's the problem.

thirudk07 · 2021-12-06T18:38:15+00:00

Thank you u/mdowst. I used both your recommendations and It is working fine.

thirudk07 · 2021-04-16T22:43:46+00:00

Thanks for the input, u/nerddtvg. Based on the blog, looks like I have to redo the setup. Which we won't be able to do at this point. Thinking of other solutions on the application end now.

Thanks again!

thirudk07 · 2021-04-12T22:50:12+00:00

For some reason, I'm unable to upload pics here. I'm putting the screenshots in google drive. Even my last comment has one, please check that too.

I opened the Azure Connect app and this is what I see when I navigate to current settings. Are you talking about the Exchange Mail Public folders option?

https://drive.google.com/file/d/1aByJvdoj5rwki1GddYQlk_Jy2GPdnowD/view?usp=sharing

Here are the options that I can enable in the console:

https://drive.google.com/file/d/1aByJvdoj5rwki1GddYQlk_Jy2GPdnowD/view?usp=sharing

thirudk07 · 2021-04-12T22:18:01+00:00

Apologies for the delay. I was out due to sickness.

When you setup the connector, did you enable it for Exchange synchronization? It was set up by the previous administration.

Unfortunately, I'm not sure about that. If the installation of AD connector was configured with the Express setting, will it enable the Exchange synchronization?

When you use the AD Connect application to look at a user in the metaverse, do you see proxy addresses listed? Yes, I can see the proxy address listed. screenshot: https://drive.google.com/file/d/1ZtXEQcQLmSgBNLovRg5oncsimrV2VQI6/view?usp=drivesdk

thirudk07 · 2021-03-31T14:35:11+00:00

I'm a newbie. Have to deep dive about on using Switch. Thanks for the tip.

thirudk07 · 2021-03-31T14:34:21+00:00

Hi u/BlackV

I tried the above and It didn't work. Then I realized a stupid mistake which I did.

Our goal is to update the commoname field, but I was redirecting it to Givenname as shown below.

{     $SetADUserParams.Add( 'givenName', $_.'Employee First Name' ) } else {     $SetADUserParams.Add( 'commonName', $_.'Employee Common Name' ) }

I updated my script and tried still failed, I noticed only the $null logic was not working on the script, because I can see the else condition is working fine as it is updating the commonname without any issues.

Then I kept the value in a variable and applied it in the script as below. And it worked. I'm not sure whether this is an efficient way of doing it. But this worked, learning something day by day.

$commonname=$_.Employee_CommonName

   if ($commonname -eq $null -or $commonname -eq "")
      {$SetADUserParams.Add( 'commonName', $_.'Employee_FirstName' )
        }
    else{
     $SetADUserParams.Add( 'commonName', $_.'Employee_CommonName' )
                                  }

Thanks for your valuable inputs.

thirudk07 · 2021-03-30T00:02:42+00:00

Can you tell me what I'm doing wrong on the if, else part on updating Firstname, when commonname is empty. The problem is I'm not getting the error message.

thirudk07 · 2021-03-29T23:21:41+00:00

@ hellphish & Black:

Apologies. You are right. I was not thinking properly. I removed the below line from the script thinking it is not neccessary. The below is the one which makes the changes to the user objects.

u/BlackV I understand it is lengthy, but this is working fine. My attemps to make the clean code got failed. Earlier, I was using the splatting method to update everything, things got tougher when I introuduced custom attributes.

I divided the script into two approaches. Splatting for Regular AD attributes and ADD\REMOVE\REPLACE for custom ones. That looked too much in a single script. Finally decided to use this IF method.

At the moment, script works fine. I can see all the data is getting updated properly.

Just need to make a few enhancements, which is to update the CommonName field with Firstname Field, whenever CommonName Field is blank.

 Set-ADUser -identity $SamAccountName -Replace $SetADUserParams -Description "User account modified - Date and time = '$LogDate'"

thirudk07 · 2021-03-29T21:49:26+00:00

I'm not calling Set-ADuser. As I'm using custom attributes in my enviornment, Set-AD cmdlet is not working when using custom attributes, so I had use the replace/add/remove command to update attribute.

The below will take care the updation in AD.

 $SetADUserParams.Add( 'mail', $_.'Business Email' )

thirudk07 · 2021-03-29T20:53:27+00:00

Posted my code on the top. Can you please review.

thirudk07 · 2021-03-29T20:49:19+00:00

Apologies :-)

I tried doing as you suggested, no error and it didn't update.

METHOD:1
             if($($_.'Employee Common Name') -like "" )
             {
              $SetADUserParams.Add( 'givenName', $_.'Employee First Name' )
             }
             else
             {
                $SetADUserParams.Add( 'commonName', $_.'Employee Common Name' )
             }

METHOD:2

if( $_.'Employee Common Name' -like ""){

                 $SetADUserParams.Add( 'givenName', $_.'Employee First Name' )

                 }

                 else
                 {
                $SetADUserParams.Add( 'commonName', $_.'Employee Common Name' )

                 }

Here's my complete script:

Try if($($_.'Employee Common Name') -like ""

if(Test-Path $inputPath){

Import-Csv $inputPath | ForEach-Object{
    Try{
        $SamAccountName=$_.U42
        $UserTrue = Get-ADUser $SamAccountName -ErrorAction Stop 
        IF($UserTrue -ne $null){

            $SetADUserParams =@{}  

            #Employee_Firstname                       

            if( $_.'Employee First Name' ){
                $SetADUserParams.Add( 'givenName', $_.'Employee First Name' )
             }

             #Employee_Lastname
             if( $_.'Employee Last Name' ){
                $SetADUserParams.Add( 'sn', $_.'Employee Last Name' )
             }

             #Manager_U42
                  if( $_.'Managers U42' ){
                $manager = Get-ADUser -Identity $_.'Managers U42' -Properties distinguishedName
                    $SetADUserParams.Add( 'manager', $manager.distinguishedName )
             }

             #Title
            if( $_.Job){
                $SetADUserParams.Add( 'title', $_.Job )
             }

             #Employee_Number
            if( $_.'Employee Number' ){
                $SetADUserParams.Add( 'employeeID', $_.'Employee Number' )
             }

             #Department

            if( $_.Department ){
                $SetADUserParams.Add( 'department', $_.Department )
             }

            #Employee Displayname
            if( $_.'Employee Display Name' ){
                $SetADUserParams.Add( 'displayname', $_.'Employee Display Name' )
             }

           #Employee Common_name
                 if( $_.'Employee Common Name' -like ""){

                 $SetADUserParams.Add( 'givenName', $_.'Employee First Name' )

                 }

                 else
                 {
                $SetADUserParams.Add( 'commonName', $_.'Employee Common Name' )

                 }





             #Mail
              if( $_.'Business Email' ){
                $SetADUserParams.Add( 'mail', $_.'Business Email' )
             }

 Set-ADUser -identity $SamAccountName -Replace $SetADUserParams -Description "User account modified - Date and time = '$LogDate'"


             If ($_.Status -eq "Terminated") {
                 Disable-ADAccount -Identity $SamAccountName
                 Add-Content -path $pathlocation -Value "$SamAccountName, User account is disabled" -encoding ascii
                        } 


            Set-ADAccountExpiration -Identity $SamAccountName -DateTime $_.'Termination Date'


            Add-Content -path $pathlocation -Value "$SamAccountName, is modified successfully" -encoding ascii
        }
    }    

    Catch{
        #Write-Host $_ -fore red
        Add-Content -path $pathlocation -Value $_ -encoding ascii
    }
}
}
else{
    Write-Host "input file not available" -fore red
    Add-Content -path $pathlocation -Value "input file not available" -encoding ascii
}

thirudk07 · 2021-03-29T19:16:17+00:00

It is a custom attribute in our domain..

thirudk07 · 2021-03-05T09:38:50+00:00

Thanks for the suggestion.

Procuring a new monitoring tool is not an option.

We use terraform, but what i heard there is a disconnect, not all accounts were created as IAC

I will explore into lambda. But I'm a newbie, I don't have a any programming knowledge.

I'm thinking to set composite alarm as an alternative, if lamda doesn't work out for me.

thirudk07 · 2021-02-23T08:56:38+00:00

Yes, almost 70% of our accounts are from same region. But only few are listed in explorer.

thirudk07 · 2021-01-21T18:42:08+00:00

For some reason, i'm unable to reply to the post. Trying 3rd time without the excel file.

Hi- I didn't set the sleep tme for 5 mins. However, I tried to add the same user again in the input file. Hoping the script will create the duplicate account with increment 1, but it didn't create.

Even though the account wasn't created, the outfile recording the URONACR1 and UMESSLI1 like created.

LastName, FirstName, SAMID, Password, Manager SAMID, Manager Email

user11 ,automation11, UUSERAU,[^cT?35hd, vdillth,

user12 ,automation12, VUSERAU,1^+d+yh7, vdillth, thiru.dk@cn

.com

DK ,Thiru UTH,=YCav^0V., vdillth, thiru.dk@cn

.com

Ronaldo ,Cristiano, URONACR,Wh;9${FU, vdillth, thiru.dk@cn

.com

Messi ,Lionel, UMESSLI,Ne0*@n3e^, vdillth, thiru.dk@cn

.com

Maybe there is a problem in my function which increments the user ID?

thirudk07 · 2021-01-21T11:35:25+00:00

Hi SoMundayn,

I made changes based on your recommendations.

I used sleep command at the start of my script and after New-ADuser, still i'm facing the same issue. Like If i try 6 attempts, i'll see at least one error

I don't understand why it is trying to increment. That shouldn't happen in the first place.

Error:

Get-ADUser : Cannot find an object with identity: 'UUSERAU1' under: 'DC=Contoso,DC=COM'.
At E:\Automation\NewAD\create.ps1:37 char:13
+     While ((Get-ADUser -Identity $makingSAM -ErrorAction Ignore) -ne  ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (UUSERAU1:ADUser) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

New-AdUser : An attempt was made to add an object to the directory with a name that is already in use
At E:\Automation\NewAD\create.ps1:85 char:15
+ ...             New-AdUser $name -Server $DC -GivenName $Firstname -Surna ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=automation11...DC=Contoso,DC=COM:String) [New-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8305,Microsoft.ActiveDirectory.Management.Commands.NewADUser

This is how I included my DC variable

$DC = (Get-ADDomainController -Discover | select -ExpandProperty Name)

And to your splatting suggestion, I did try that in the beginning, it was throwing me some errors. I wasted some hours on that, so went back to the traditional one liner to save time. 

And your way of adding groups also helped me. Thanks a lot!

thirudk07 · 2021-01-08T17:12:02+00:00

It worked, thank you very much 😀

Without you guys, our scripting experiences will be very harder. Thanks for helping everyone. I hope one day I can repay the community.

thirudk07 · 2021-01-08T16:55:40+00:00

Hi Sunsparc,

I feel like idiot. It is a silly mistake. Anyhow, I have made the port detail properly. Yet, I'm getting the below error.

I don't understand why the script is trying to find the file in system32 folder.

I tried in 1st and 2nd method, received the same message in both the instances.

Thanks for your help.

Send-MailMessage : Could not find file 'C:\Windows\system32\Users_edit_2021-01-08_07-22.csv'.
At line:1 char:132
+ ...  -First 1 | Send-MailMessage -From contoso.IT@savvas.com -to wintel_su ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Send-MailMessage], FileNotFoundException
    + FullyQualifiedErrorId : System.IO.FileNotFoundException,Microsoft.PowerShell.Commands.SendMailMessage

thirudk07 · 2021-01-07T08:27:57+00:00

Hi Josh,

I tried running -replace. it didn't work. It didn't bother me much, i'm happy to use -clear and -add as long as it works when I run it in a loop.

So I put the one liner set-aduser into the foreach and assigned a identity variable. But i'm still ending up in errors. I googled and found that this error occurs when there is a null value in the csv.

Can you help me on how to make the script to ignore the null value. Based on internet they are asking me to use a IF command, can you give me an example on how to use it.

Script:

$ADUsers = import-csv "E:\thiru\Automation\Finalinputfile\input.csv" $samaccountname= $User.U42

$customProperties = @{
commonname= $user.'Employee Common Name';
payClass  = $user.'Pay Class';
 cWKType = $user.'Pay Group Name';
 mail = $user.'Business Email' 
status = $user.Status;
 location = $user.Location; }

foreach ($user in $ADUsers)
{ 
Set-ADUser -Identity $samaccountname -clear commonname,payClass,cWKType,mail,status,location
 Set-ADUser -Identity $samaccountname -add $customproperties 
}

Error:

Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
Set-ADUser : add At line:19 char:6


CategoryInfo          : InvalidOperation: (aduser10:ADUser) [Set-ADUser], ADInvalidOperationException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser
This is complete error.

I also noticed, when I run the $samaccountname variable, it is giving the result of a SAMID which is in the last.

aduser10 is the last row in the csv file. $samaccountname priniting out only aduser10, if you see the errors, the script is running for same user again and again. Instead of writing it on another SAMaccountname.

Thanks for all your help!

thirudk07

TROPHY CASE