2

I am programmatically creating thousands of test users from a txt file containing First Name, Last Name, Username, and Password using the following command (saved as a batch file, run in cmd, modified from this question):

FOR /F "tokens=1,2,3,4 delims,"  %%i in (UserList.txt) do (dsadd user "cn=%%j %%i,ou=2013,ou=My50kOU,dc=mydomain,dc=com" -samid %%k -pwd "%%l" -upn %%k@mydomain.com -fn "%%j" -ln "%%i" -display "%%j %%i" -disabled no -mustchpwd no)

Sample contents of UserList.txt

Claverie,Eugenio,Eugenio.Claverie,UX8y30B2TFN%Y?Ig[78Z
Baglio,Carl,Carl.Baglio,i=*fqdRyK]#cab/i5j%U
Wilda,Irina,Irina.Wilda,{***f)GwK#K3Rd!iE}%D
Shadowen,Gale,Gale.Shadowen,xLxP}zUdCF4rpzUkB#uS

However, for every user after the first user, I get an error like the following:

dsadd failed:cn=Carl Baglio,ou=My50kOU,dc=mydomain,dc=com:The specified account already exists.

even when there is not a single duplicate user in the list. Viewing the OU in the MMC snap-in for AD users, I see only the first user has been created and no other users are present in the OU.

The command will work when I try to run it directly (changing %%i to %i as appropriate and using 2>>Errors.txt to route my errors to a txt file.)

Command run directly in CMD:

FOR /F "tokens=1,2,3,4 delims," %i in (UserList.txt) do (dsadd user="cn%j %i,ou=My50kOU,dc=mydomain,dc=com" -samid %k -pwd "%l" -upn %k@mydomain.com -fn "%j" -ln "%i" -display "%j %i" -disabled no -mustchpwd no) 2>>Errors.txt

It would be nice to be able to run this just by clicking on the batch file, rather than executing it manually.

Edit: When I ran the batch file this morning, I noticed that the first user also gives an error every time, though the user is successfully created: 

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain

This occurs for passwords that will succeed when I run the command directly, rather than running the batch file. All subsequent users have the "specified account already exists" error.

I looked up this error, and I found an old question with a similar issue. Unfortunately, the resolution was "use Powershell", which is not an option as the AD module is not available on the version of windows I must use (Server 2008 x64)

Edit 2

The secondary issue where seemingly random users were failing when running the command directly turned out to be an issue of users with the same samAccountName in a different OU, which is not allowed.

Edit 3

Changing do to do echo to write the command out to a new batch file generated commands like the following:

dsaddUser "cn=Carroll Colhoun,ou=Testou,dc=mydomain,dc=com" -samid k@testdom.com -fn "Carroll" -ln "Colhoun" -display "Carroll Colhoun" -disabled no -mustchpwd no

Compared to running the same do echo dsadd directly, which generates this:

dsaddUser "cn=Carroll Colhoun,ou=Testou,dc=mydomain,dc=com" -samid Carroll.Colhoun -pwd "xLxP}zUdCF4rpzUkB#uS" -upn Carroll.Colhoun@testdom.com -fn "Carroll" -ln "Colhoun" -display "Carroll Colhoun" -disabled no -mustchpwd no

So somehow running the command as a batch file is omitting the entire section Carroll.Colhoun -pwd "xLxP}zUdCF4rpzUkB#uS" -upn Carroll.Colhoun and replacing it with just k

Community
  • 1
AlannaRose
  • 121
  • 5
  • I don't see any immediate problems with your script. What do you get when you `dsquery` one of these supposed "duplicate" users? (It _really_ looks like they've already been created, based on what I see here...) – Evan Anderson Oct 21 '14 at 22:44
  • 1
    If you change the batch file version to do echo instead of do, and redirect that to a batch file, can you then run the batch file with perfect results? If not, check the commands in the batch file, maybe there's some kind of problem with a control character or unhandled accent in someone's name, or a double quote in the password, etc. etc. – Mark Allen Oct 21 '14 at 22:48
  • Nothing is returned when I use something like 'dsquery user OU=My50kOU,dc=mydomain,dc=dom -name ="*Baglio'. I tested the query with the last name of a user that didn't give an error and it did return the user. – AlannaRose Oct 21 '14 at 22:55
  • @MarkAllen I'll give that a try as soon as I can. At the moment, I already have a long-running dsadd script (perhaps I should have waited to post this until the machine was free). When the long-running script completes, I'll have some new errors to inspect to see if there's a pattern I've missed. – AlannaRose Oct 21 '14 at 22:58
  • 1
    It is possible there is another account with the same samAccountName (%k) in a different OU? – Clayton Oct 22 '14 at 15:42
  • @Craig620 Ah, it turns out there are. I thought I had checked that too, but I must have made a typo. That solves the issue of the random users failing, thanks! – AlannaRose Oct 22 '14 at 17:37
  • @MarkAllen Hm, looking at the command generated using echo, it has the samID wrong (it just says k@mydomain.com) and the -pwd option is missing completely. – AlannaRose Oct 22 '14 at 17:51

1 Answers1

0

For the batch file issue, it turns out I was working from the wrong copy of the file (a different one than I copy-pasted here) that had a typo where samid and upn used %k instead of %%k. I'm not sure how that was introduced, but correcting the typos will allow the batch file to run successfully.

(If it would be more appropriate to make this as an edit, please comment and I will change it)

AlannaRose
  • 121
  • 5