I've been slowly working on a script that will do everything I normally do for a new employee when they start. So far it all seems to be fine except one thing. Here's what I have:
Loads Quest snap-in.
Prompts for specific information for the user.
Gets information about a current similar employee for reference and pipes it into the new employee, minus the specific information I'm prompting for. Creates the AD account.
Gets group information of current employee and put the new user in the same groups.
Loads Exchange credentials and mail-enables the new user.
Goes to the File server and creates their home drive and gives specific rights as needed.
All works fine, except that when the new user is created, I can't login as them until I have went into ADUC and reset their password, unchecked "User must change password at next logon". It all looks fine, all the fields are populated, but when I go to OWA to test login, it says bad username and/or password. I've tried telling the script to manually uncheck the box, reset the password, disable, re-enable the account, etc. The commands execute just fine, no errors, but it seems like none of that works. But, if I right click on the user, select reset password, type in a password and uncheck the box, then I can immediately logon afterward.
So, it seems like there's another setting somewhere that I'm missing with the script that is happening when I do it manually. Here is the command I'm using to try and replicate what I'm doing manually:
Get-QADUser $username | Set-QADUser -UserPassword $accountpassword -userMustChangePassword $false
It seems to work, but not work... any suggestions would be greatly appreciated, this is the only thing holding me up from a pretty handy script! :) Thanks!
Actually, I just figured out what it was. I was passing in -assecurestring but it wasn't actually returning the password I entered. Apparently I was barking up the wrong tree. :) Thanks for your time!