PowerShell GUI Tool to Generate Unique SamAccountName and Create an Active Directory User

Overview

I spent my Friday night messing around with the Form class, a .Net graphical user interface framework. I used a recursive function to dynamically find an available UserPrincipalName and add it to the selected Organizational Unit. A combination of Microsoft CoPilot some post from EddieJackson.net assisted me through the front-end process using the Forms framework. Usually, we use scripts to complete tasks, but with scripts that are used more frequently and cross-departmental, it’s good to spend time on a front-end solution.

How it Works

The GUI has two textboxes, each for new user’s first and last name. I also implemented a ComboBox with a Dropdown Style, the ranges being the Organizational Units. You input the user’s first and last name, along with optionally selecting the OU from the Combo box. The user clicks the button “Generate”, and the tool will parse a SamAccountName using the first letter of the first name, then the full last name. If the SamAccountName exists, we call the function again adding to the $len argument. This parameter is used to get the character at the substring of the first name.

For example, this table will show you the logic of generating the SamAccountNames

Whenever a SamAccountNme is detected, the tool will continue to add a character from the first name until the new user is created.

Helper Functions

I wrote a post containing code for a simple GUI tool to toggle users, and decided to use helper functions when creating Text boxes and labels.

Add-Type -AssemblyName System.Windows.Forms

$formWidth = 500
$formHeight = 350
$standardHeight = 30

function New-Label {
    param (
        [int[]] $location,
        [string] $text,
        [int] $width
    )

    $label = New-Object System.Windows.Forms.Label
    $label.Text = $text
    $label.Location = New-Object System.Drawing.Point -ArgumentList $location
    $label.Size = New-Object System.Drawing.Size($width, $standardHeight)
    return $label
}

function New-TextBox {
    param (
        [int[]] $location,
        [int] $width
    )

    $textbox = New-Object System.Windows.Forms.TextBox
    $textbox.Location = New-Object System.Drawing.Point -ArgumentList $location
    $textbox.Size = New-Object System.Drawing.Size($width, $standardHeight)
    $textbox.Enabled = $true
    return $textbox
}

In this block of code, I import the System.Windows.Forms namespace and set variables for the dimensions of the form. I create the New-label and New-TextBox functions so I can call them to create a new instance of the objects without having to repeat code. There are better ways to do it, like creating a class containing your helper functions, but that can be your project :-).

Dynamically Generating New SamAccountName

I use the function New-SamAccountName with the $len paramter to parse the first and last name of the user into a unique SamAccountName.

Function New-SamAccountName($len){

    $ou = "OU=Home,OU=Domain Users,$((Get-ADDomain).DistinguishedName)"
    $firstName = $firstNameTextBox.Text
    $lastName = $lastNameTextBox.Text

    if($ouDropdown.SelectedIndex -ne -1){
        $ou = (Get-ADOrganizationalUnit -Filter "Name -eq '$(($ouDropdown).SelectedItem)'").DistinguishedName
    }
    
    if([string]::IsNullOrEmpty($firstName) -or [string]::IsNullOrEmpty($lastName)){
        write-host "Blank Fields."
        [System.Windows.Forms.MessageBox]::Show("Please don't leave fields blank", "ERROR", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)
        return $false
    }

    $samAccountName = "$($firstName.Substring(0, $len))$lastName"
    $dnsSuffix = "$((get-addomain).DNSRoot)"
    $upn = "$samAccountName@$dnsSuffix"

    if($null -ne (get-aduser -Filter "UserPrincipalName -eq '$upn'")){
        return New-SamAccountName -firstName $firstName -lastName $lastName -len ($len += 1)
    }

    try{
        $newADUser = New-ADUser -Name "$firstName $lastName" `
        -SamAccountName $samAccountName `
        -UserPrincipalName $upn `
        -Enabled $true `
        -Path $ou `
        -PasswordNeverExpires $true `
        -AccountPassword (ConvertTo-SecureString -String "defaultPass2024!" -AsPlainText -force) `
        -PassThru

        [System.Windows.Forms.MessageBox]::Show("Successfully added $upn `n$($_.Exception.Message)", "SUCCESS", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information) | Out-Null

        return $newADUser.UserPrincipalName
    }catch{
        [System.Windows.Forms.MessageBox]::Show("Failed to add ${$upn}:`n$($_)", "ERROR", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error) | Out-Null
        return $false
    }
}

When creating a new user with New-ADUser, the uniqueness of the SamAccountName and UserPrincipalName is enforced by default. If you try to create a new user with a SamAccountName or UserPrincipalName that’s already in use, you’ll encounter an error. I check for the AD user with the generated UserPrincipalName using the -Filter flag to suppress any error. If the cmdlet returns something, we call the New-SamAccountName function again, incrementing the $len parameter. This parameter is used to retrieve the length of the substring of the first name. Like this:

"Matthew".Substring(0, 1) # returns "M"
"Matthew".Substring(0, 2) # returns "Ma"

• The first argument specifies the starting position (index) from which to begin the extraction.
• The second argument indicates the length of the substring to extract.

There is also input validation that will throw a message box if the fields were left blank.

Creating the GUI

The remaining code is creating a new form and adding the necessary components. The helper functions shortened our code a bit. Place all the code in one PowerShell file and run it from a terminal with the appropriate permissions to create new Active Directory users. Also have the ActiveDirectory PowerShell module installed.

$form = New-Object System.Windows.Forms.Form
$form.Text = "Generate SamAccountName"
$form.Size = New-Object System.Drawing.Size($formWidth, $formHeight)
$form.StartPosition = "CenterScreen"

$firstNameLabel = New-Label -text "First Name" -width 70 -location @(50, 100)
$lastNameLabel = New-Label -text "Last Name" -width 70 -location @(50, 150)
$ouLabel = New-Label -text "OU" -width 40 -location @(300, 100)

$upnLabel = New-Label  -text "" -width 150 -location @(50, 250)
$upnLabel.Visible = $true

$firstNameTextBox = New-TextBox -location @(120, 100) -width 150
$lastNameTextBox = New-TextBox -location @(120, 140) -width 150

$ous = Get-ADOrganizationalUnit -Filter *
$cbWidth = ($ous.Name | ForEach-Object{ $_.Length } | Measure-Object -Maximum).Maximum * 7

$ouDropdown = New-Object System.Windows.Forms.ComboBox
$ouDropdown.Location = New-Object System.Drawing.Point(340, 100)
$ouDropdown.Size = New-Object System.Drawing.Size($cbWidth, $standardHeight)
$ouDropdown.DropDownStyle =  [System.Windows.Forms.ComboBoxStyle]::DropDownList
$ouDropdown.Items.AddRange($ous.Name)

$button = New-Object System.Windows.Forms.Button
$btnWidth = 100
$button.Location = New-Object System.Drawing.Point(120, 200)
$button.Size = New-Object System.Drawing.Size($btnWidth, 23)
$button.Text = "Generate"
$button.Add_Click({
    Write-host $firstNameTextBox.Text
    Write-host $lastNameTextBox.Text
    Write-Host $ouDropdown.SelectedItem
    
    # HANDLE EVENT
    $sName = New-SamAccountName -firstName $firstNameTextBox.Text -lastName $lastNameTextBox.Text -len 1
    Write-Host $sName -ForegroundColor Green
    if($null -ne $sName){
        $upnLabel.Text = $sName
        $upnLabel.Visible = $true
    }
})

$form.Controls.Add($firstNameLabel)
$form.Controls.Add($lastNameLabel)
$form.Controls.Add($ouLabel)

$form.Controls.Add($firstNameTextBox)
$form.Controls.Add($lastNameTextBox)
$form.Controls.Add($ouDropdown)

$form.Controls.Add($upnLabel)
$form.Controls.Add($button)

$form.ShowDialog()

We use the Add_Click method to the button component, so when the user creates the click event on the button component, our function is called and a label with the new UserPrincipalName is created indicating success, along with an information message box.

Conclusion

In conclusion, the provided PowerShell code showcases the creation of a Windows Forms application for generating unique SamAccountNames in Active Directory. By integrating user-friendly GUI elements like textboxes, labels, and buttons, users can conveniently input their first and last names, select an Organizational Unit (OU), and generate SamAccountNames with ensured uniqueness. Through error handling and informative message boxes, the application ensures smooth user interaction and provides feedback on successful or failed account creations. This script serves as a practical example of leveraging PowerShell for efficient Active Directory management with a user-friendly interface.