Don't assume UserName is SamAccountName

Fix New-ADUser to use '-Name' instead of '-SamAccountName' for specifying the user account name. Change parameter descriptions to clarify that UserName can be more than just SamAccountName.
dsccommunity · May 20, 2021 · 895ef7c · 895ef7c
1 parent 11e7411
commit 895ef7c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/source/DSCResources/MSFT_ADUser/MSFT_ADUser.psm1 b/source/DSCResources/MSFT_ADUser/MSFT_ADUser.psm1
@@ -27,7 +27,8 @@ $adPropertyMap = (Import-PowerShellDataFile -Path $adPropertyMapPath).Parameters
         Name of the domain where the user account is located (only used if password is managed).
 
     .PARAMETER UserName
-        Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName').
+        Specifies the account name of the user. (You can identify a user by its distinguished
+    name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name.)
 
     .PARAMETER DomainController
         Specifies the Active Directory Domain Services instance to use to perform the task.
@@ -185,7 +186,8 @@ function Get-TargetResource
         Name of the domain where the user account is located (only used if password is managed).
 
     .PARAMETER UserName
-        Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName').
+        Specifies the account name of the user. (You can identify a user by its distinguished
+    name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name.)
 
     .PARAMETER Password
         Specifies a new password value for the account.
@@ -869,7 +871,8 @@ function Test-TargetResource
         Name of the domain where the user account is located (only used if password is managed).
 
     .PARAMETER UserName
-        Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName').
+        Specifies the account name of the user. (You can identify a user by its distinguished
+    name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name.)
 
     .PARAMETER Password
         Specifies a new password value for the account.
@@ -1506,7 +1509,7 @@ function Set-TargetResource
 
                 Write-Debug -Message ('New-ADUser Parameters:' + ($newADUserParams | Out-String))
 
-                $newADUser = New-ADUser @newADUserParams -SamAccountName $UserName -Passthru
+                $newADUser = New-ADUser @newADUserParams -Name $UserName -Passthru
 
                 if ($updateCnRequired)
                 {

diff --git a/source/DSCResources/MSFT_ADUser/MSFT_ADUser.schema.mof b/source/DSCResources/MSFT_ADUser/MSFT_ADUser.schema.mof
@@ -2,7 +2,8 @@
 class MSFT_ADUser : OMI_BaseResource
 {
     [Key, Description("Name of the domain where the user account is located (only used if password is managed).")] String DomainName;
-    [Key, Description("Specifies the Security Account Manager (SAM) account name of the user (ldapDisplayName 'sAMAccountName').")] String UserName;
+    [Key, Description("Specifies the account name of the user. (You can identify a user by its distinguished
+    name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name.)")] String UserName;
     [Write, Description("Specifies a new password value for the account."), EmbeddedInstance("MSFT_Credential")] String Password;
     [Write, Description("Specifies whether the user account should be present or absent. Default value is 'Present'."), ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] String Ensure;
     [Write, Description("Specifies the common name assigned to the user account (ldapDisplayName 'cn'). If not specified the default value will be the same value provided in parameter UserName.")] String CommonName;