New-ADUser -Name Length too long
I need to add about 500 users to an OU in AD
I have scripted out everything I need, however, it gives the error:
the name provided is not a properly formed
Here is the script
New-ADUser -Name C080CAB1-9756-409F-914D-AE3971F67DE7 -Path "OU=Staging,DC=domain,DC=local" -accountPassword (convertto-securestring "zagreb+scotch8355" -asplaintext -force) -PasswordNeverExpires $True -CannotChangePassword $false -Enabled $true
I ran a couple test to confime what the problem is:
New-ADUser -Name "C080CAB1-9756-409F-914D-AE3971F67DE7" -Path "OU=Staging,DC=domain,DC=local" -accountPassword (convertto-securestring "zagreb+scotch8355" -asplaintext -force) -PasswordNeverExpires $True -CannotChangePassword $false -Enabled $true
New-ADUser -Name 'C080CAB1-9756-409F-914D-AE3971F67DE7' -Path "OU=Staging,DC=domain,DC=local" -accountPassword (convertto-securestring "zagreb+scotch8355" -asplaintext -force) -PasswordNeverExpires $True -CannotChangePassword $false -Enabled $true
New-ADUser -Name C080CAB1`-9756`-409F`-914D`-AE3971F67DE7 -Path "OU=Staging,DC=domain,DC=local" -accountPassword (convertto-securestring "zagreb+scotch8355" -asplaintext -force) -PasswordNeverExpires $True -CannotChangePassword $false -Enabled $true
Along with a couple other variations
What did work:
New-ADUser -Name C080CAB1-9756-409F -Path "OU=Staging,DC=domain,DC=local" -accountPassword (convertto-securestring "zagreb+scotch8355" -asplaintext -force) -PasswordNeverExpires $True -CannotChangePassword $false -Enabled $true
So I think it may be a length issue but I'm not sure how to get the script to work.
Do you want to Display name to that 36 char string or the login to be the 36 char string
If you are using server 2012 R2 you can only set the display name to 20 char however the login name can be up to 64 char (I think) using "-UserPrincipalName"
Try this
New-ADUser -Name C080CAB1-9756-409F-9 -UserPrincipalName C080CAB1-9756-409F-914D-AE3971F67DE7 -Path "OU=Staging,DC=domain,DC=local" -accountPassword (convertto-securestring "zagreb+scotch8355" -asplaintext -force) -PasswordNeverExpires $True -CannotChangePassword $false -Enabled $true
This will create the display name and to truncate value of the -UserPrincipalName which will be the user login name for the user.
See the properties of any user to set the appropriate flags.
http://thenerdservice.com/useradd.png
You can see that the pre-200 login is truncated however the User login Name is not
http://thenerdservice.com/userlogin.png
20 character limit for sAMAccountName. No real way around it. What's funny is that there are 256 characters (~120 Unicode) reserved for it, but the Directory Services engine only lets you use 20.
Edit: Let me be a little more clear. You can have a Name that exceeds 20 characters, but not a sAMAccountName. That may suit your needs. Let me demonstrate:
New-ADUser C080CAB1-9756 # 20 character limit here
Rename-ADObject 'CN=C080CAB1-9756,CN=Users,DC=lab,DC=com
Get-ADUser C080CAB1-9756
DistinguishedName: CN=C080CAB1-9756-409F-914D-AE3971F67DE7,CN=Users,DC=lab,DC=com
Name : C080CAB1-9756-409F-914D-AE3971F67DE7
SamAccountName : C080CAB1-9756
DisplayName :