I am programmatically creating thousands of test users from a txt file containing First Name, Last Name, Username, and Password using the following command (saved as a batch file, run in cmd, modified from this question):
FOR /F "tokens=1,2,3,4 delims," %%i in (UserList.txt) do (dsadd user "cn=%%j %%i,ou=2013,ou=My50kOU,dc=mydomain,dc=com" -samid %%k -pwd "%%l" -upn %%k@mydomain.com -fn "%%j" -ln "%%i" -display "%%j %%i" -disabled no -mustchpwd no)
Sample contents of UserList.txt
Claverie,Eugenio,Eugenio.Claverie,UX8y30B2TFN%Y?Ig[78Z
Baglio,Carl,Carl.Baglio,i=*fqdRyK]#cab/i5j%U
Wilda,Irina,Irina.Wilda,{***f)GwK#K3Rd!iE}%D
Shadowen,Gale,Gale.Shadowen,xLxP}zUdCF4rpzUkB#uS
However, for every user after the first user, I get an error like the following:
dsadd failed:cn=Carl Baglio,ou=My50kOU,dc=mydomain,dc=com:The specified account already exists.
even when there is not a single duplicate user in the list. Viewing the OU in the MMC snap-in for AD users, I see only the first user has been created and no other users are present in the OU.
The command will work when I try to run it directly (changing %%i to %i as appropriate and using 2>>Errors.txt to route my errors to a txt file.)
Command run directly in CMD:
FOR /F "tokens=1,2,3,4 delims," %i in (UserList.txt) do (dsadd user="cn%j %i,ou=My50kOU,dc=mydomain,dc=com" -samid %k -pwd "%l" -upn %k@mydomain.com -fn "%j" -ln "%i" -display "%j %i" -disabled no -mustchpwd no) 2>>Errors.txt
It would be nice to be able to run this just by clicking on the batch file, rather than executing it manually.
Edit:
When I ran the batch file this morning, I noticed that the first user also gives an error every time, though the user is successfully created:
Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain
This occurs for passwords that will succeed when I run the command directly, rather than running the batch file. All subsequent users have the "specified account already exists" error.
I looked up this error, and I found an old question with a similar issue. Unfortunately, the resolution was "use Powershell", which is not an option as the AD module is not available on the version of windows I must use (Server 2008 x64)
Edit 2
The secondary issue where seemingly random users were failing when running the command directly turned out to be an issue of users with the same samAccountName in a different OU, which is not allowed.
Edit 3
Changing do to do echo to write the command out to a new batch file generated commands like the following:
dsaddUser "cn=Carroll Colhoun,ou=Testou,dc=mydomain,dc=com" -samid k@testdom.com -fn "Carroll" -ln "Colhoun" -display "Carroll Colhoun" -disabled no -mustchpwd no
Compared to running the same do echo dsadd directly, which generates this:
dsaddUser "cn=Carroll Colhoun,ou=Testou,dc=mydomain,dc=com" -samid Carroll.Colhoun -pwd "xLxP}zUdCF4rpzUkB#uS" -upn Carroll.Colhoun@testdom.com -fn "Carroll" -ln "Colhoun" -display "Carroll Colhoun" -disabled no -mustchpwd no
So somehow running the command as a batch file is omitting the entire section Carroll.Colhoun -pwd "xLxP}zUdCF4rpzUkB#uS" -upn Carroll.Colhoun and replacing it with just k
Best Answer
For the batch file issue, it turns out I was working from the wrong copy of the file (a different one than I copy-pasted here) that had a typo where
samidandupnused%kinstead of%%k. I'm not sure how that was introduced, but correcting the typos will allow the batch file to run successfully.(If it would be more appropriate to make this as an edit, please comment and I will change it)