Can't create Active Directory user with SSH commands from PHP

Question

I have tried to create an Active Directory user with SSH commands from a PHP page:

include('Net/SSH2.php');
$path = "OU=HRTest,OU=Israel,OU=Users,OU=Solaredge,DC=solaredge,DC=local";
$name = "Test User2";
$title = "Some Position";
$password = "Welcome!";
$department = "IS";
$POBox = "01/05/2020";
$Company = "SolarEdge Technologies LTD.";
$GivenName = "Test";
$DisplayName = "Test User2";
$SamAccountName = "Test.u2";
$Enabled = "$true";

$server = "MyServerName";
$username = "MyUserName";
$pwd = "MyPassword";

$command = 'powershell New-ADUser -Path "'.$path.'" -Name "'.$name.'" -Title "'.$title.'" -Department "'.$department.'" -POBox "'.$POBox.'" -AccountPassword $("'.$password.'" | ConvertTo-SecureString -AsPlainText -Force) -Company "'.$Company.'" -GivenName "'.$GivenName.'" -DisplayName "'.$DisplayName.'" -SamAccountName "'.$SamAccountName.'" -Enabled '.$Enabled;

$ssh = new Net_SSH2($server);
if (!$ssh->login($username, $pwd)) {
    exit('Login Failed');
}

echo $ssh->exec($command);

The SSH connection works, but PowerShell generates this error:

New-ADUser : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'Path'. Specified 
method is not supported.
At line:1 char:18
+ ... DUser -Path OU=HRTest,OU=Israel,OU=Users,OU=Solaredge,DC=solaredge,DC ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [New-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.NewADUser

Edit - New error:

'ConvertTo-SecureString' is not recognized as an internal or external command,
operable program or batch file.

Perhaps ConvertTo-SecureString cannot be located See similar issue at https://stackoverflow.com/questions/23723364/windows-7-make-is-not-recognized-as-an-internal-or-external-command-operabl — rhand, May 02 '20 at 03:48

stackprotector · Accepted Answer · 2020-04-23T11:16:59.820

You have to pass quotes for all strings that may contain special characters to PowerShell that it can parse your strings as intended. Furthermore, ConvertTo-SecureString behaves strange when called like this. A solution is described in this answer. I included the quotes and the workaround for ConvertTo-SecureString in the following line:

$command = 'powershell "& {New-ADUser -Path \''.$path.'\' -Name \''.$name.'\' -Title \''.$title.'\' -Department \''.$department.'\' -POBox \''.$POBox.'\' -AccountPassword (ConvertTo-SecureString -AsPlainText \''.$password.'\' -Force) -Company \''.$Company.'\' -GivenName \''.$GivenName.'\' -DisplayName \''.$DisplayName.'\' -SamAccountName \''.$SamAccountName.'\' -Enabled '.$Enabled}";

Change your password line to:

$password = "Welc0me!";

score 0 · Answer 2 · answered Apr 22 '20 at 14:13

Not tested and only a shot in the dark but if you print out your $command it will most likely show something like:

powershell New-ADUser -Path OU=HRTest,OU=Israel,OU=Users,OU=Solaredge,DC=solaredge,DC=local -Name ...

With this you give the path parameter an array of:

[0]OU=HRtest [1]OU=Israel

and so on.

Instead you want to encapsulated the path in quotation marks: powershell New-ADUser -Path "OU=HRTest,OU=Israel,OU=Users,OU=Solaredge,DC=solaredge,DC=local" -Name ...

Something like this shoud work:

$command = 'powershell New-ADUser -Path "'.$path.'" -Name ...

Can't create Active Directory user with SSH commands from PHP

2 Answers2