Saturday, 19 April 2014

Create AD User using Powershell Script

Description

Creating new Active Directory user is one of the regular task for every Administrator either for testing or for actual new employee. For that case you can create new AD user using ADUC console. But some of us feel it is time consuming job. To overcome this I have planned to write Powershell Script to Create new AD User. You can see different powershell script samples to create AD user in following examples.

You can use the Active Directory module's cmdlet New-ADUser to create new AD user.
New-ADUser newUserName

Summary:

Before start, ensure that the Active Directory module for Windows Powershell is installed or not by using following command. It will be installed by default in Domain Controller. In client machines, you need to install it through Remote Server Administration Tools.
Get-Module -Listavailable
Create New AD User using Powershell Script
If you are newbie to powershell, don’t forget to set your execution policy to unrestricted or you might get an error when you try run the script. Use the below command to set your execution policy:
Set-ExecutionPolicy Unrestricted
Powershell Script to Add New Active Directory User

Create new Active Directory User using Powershell Script

   1. Copy the below Powershell script and paste in Notepad file.
   2. Change the Name, SamAccountName and DisplayName values into your own user name
   3. Change the Parent OU path with your own OU's DN
   4. SaveAs the Notepad file with the extension .ps1 like Create-ADUser.ps1

Click to download Powershell script as file Download Create-ADUser.ps1
Import-Module ActiveDirectory
New-ADUser `
 -Name "TestUser" `
 -Path  "OU=TestOU,DC=TestDomain,DC=Local" `
 -SamAccountName  "TestUser" `
 -DisplayName "Test User" `
 -AccountPassword (ConvertTo-SecureString "MyPassword123" -AsPlainText -Force) `
 -ChangePasswordAtLogon $true  `
 -Enabled $true
Add-ADGroupMember "Domain Admins" "TestUser";
   5. Now run the Create-ADUser.ps1 file in Powershell to create new Active Directory user using following command
PS C:\Scripts> .\Create-ADUser.ps1
Add new Active Directory User using Powershell Script
Note: I have placed script file in the location C:\Scripts, if you placed in any other location, you can navigate to that path using CD path command (like cd "C:\Downloads").

Create Bulk AD Users from CSV file using Powershell Script

   1. Consider the CSV file NewUsers.csv which contains set of new ad users to create with the attributes Name, samAccountName and ParentOU.
Create Bulk AD Users from CSV file using Powershell Script
Note: The value of ParentOU should be enclosed with double quote ("). like "OU=TestOU,DC=TestDomain,DC=Local" since it has the special character comma (,). because in csv file the comma (,) is the key character to split column headers. (Ex file: Download NewUsers.csv).

   2. Copy the below Powershell script and paste in Notepad file.
   3. Change the NewUsers.csv file path with your own csv file path.
   4. Change the domain name TestDomain.local into your own domain name
   5. SaveAs the Notepad file with the extension .ps1 like Create-BulkADUsers-CSV.ps1

Click to download Powershell script as file Download Create-BulkADUsers-CSV.ps1
Import-Module ActiveDirectory
Import-Csv "C:\Scripts\NewUsers.csv" | ForEach-Object {
 $userPrincinpal = $_."samAccountName" + "@TestDomain.Local"
New-ADUser -Name $_.Name `
 -Path $_."ParentOU" `
 -SamAccountName  $_."samAccountName" `
 -UserPrincipalName  $userPrincinpal `
 -AccountPassword (ConvertTo-SecureString "MyPassword123" -AsPlainText -Force) `
 -ChangePasswordAtLogon $true  `
 -Enabled $true
Add-ADGroupMember "Domain Admins" $_."samAccountName";
}
   6. Now run the Create-BulkADUsers-CSV.ps1 file in Powershell to create Bulk Active Directory users from CSV file.
PS C:\Scripts> .\Create-BulkADUsers-CSV.ps1
Create Bulk Active Directory Users from CSV Powershell Script
Note: I have placed script file in the location C:\Scripts, if you placed in any other location, you can navigate to that path using CD path command (like cd "C:\Downloads").

   7. Now you can check the newly created AD users though ADUC console.

Powershell Script to Create Bulk AD Users from CSV file

Powershell Script to Create Bulk AD Users for Testing

   1. Copy the below Powershell script and paste in Notepad file.
   2. Change the value for the variable $totalUsers as per your wish like 1000 or more
   3. Change the Parent OU path with your own Test OU's DN
   4. SaveAs the Notepad file with the extension .ps1 like Create-BulkADUsers.ps1

Click to download Powershell script as file Download Create-BulkADUsers.ps1
Import-Module ActiveDirectory
$totalusers = 10
for ($i=0; $i -lt $totalusers; $i++) 
 { 
 $userID = "{0:00}" -f ($i + 1)
 $userName = "TestUser$userID"

 Write-Host "Creating AD user" ($i + 1) "of" $totalusers ":" $userName

New-ADUser `
 -Name $userName  `
 -Path  "OU=TestOU,DC=TestDomain,DC=Local" `
 -SamAccountName $userName `
 -AccountPassword (ConvertTo-SecureString "MyPassword123" -AsPlainText -Force) `
 -Enabled $true
 Add-ADGroupMember "Domain Admins" $userName;
}
   5. Now run the Create-BulkADUsers.ps1 file in Powershell to create Multiple Active Directory users for Testing.
PS C:\Scripts> .\Create-BulkADUsers.ps1
Create Bulk AD Users for Testing using Powershell Script

Advertisements
Advertisements

9 comments:

  1. Super script, laid out to be very readable. I'm trying something similar for bulk uploading from a csv file. I'm having some trouble with using the -otherattributes argument. That part of my code looks like this:
    -OtherAttributes @{title=$._JobTitle;mail=$._userprinicpalname;proxyaddresses=$._proxyAddresses}
    Any idea what may be wrong, many thanks in advance for any insight.

    ReplyDelete
    Replies
    1. Hi Mark, use your script like this :
      -OtherAttributes @{title=$_."JobTitle";mail=$_."userPrinicpalName";proxyaddresses=$_."proxyAddresses"}
      and I have written this new article for your need : http://www.morgantechspace.com/2015/05/powershell-create-bulk-ad-users-from-csv.html

      Delete
  2. Hi, these scripts seem straight forward, thanks. Is it possible to use them with the -whatif cmdlet ? If so, where should the -whatif be placed ?
    Thank you

    ReplyDelete
    Replies
    1. Hi friend, to achieve your need, you should write above script as Function and call the function with -whatif parameter.

      function Import_Bulk_AD_Users
      {
      [cmdletbinding(SupportsShouldProcess=$True)]

      Param($csvpath)

      Import-Csv $csvpath | ForEach-Object {
      $userPrincinpal = $_."samAccountName" + "@TestDomain.Local"
      New-ADUser -Name $_.Name `
      -Path $_."ParentOU" `
      -SamAccountName $_."samAccountName" `
      -UserPrincipalName $userPrincinpal `
      -AccountPassword (ConvertTo-SecureString "MyPassword123" -AsPlainText -Force) `
      -ChangePasswordAtLogon $true `
      -Enabled $true
      Add-ADGroupMember "Domain Admins" $_."samAccountName";
      }}

      Import-Module ActiveDirectory
      Import_Bulk_AD_Users "C:\Scripts\NewUsers.csv" -whatif

      Delete
    2. Superb, thank you very much

      Delete
  3. Is there a way that this script can add "groups" as well that these users will be assigned to?

    ReplyDelete
    Replies
    1. Hi Kaari, do you want to create new group and new users to that group?.. can you explain ur need?.. and sorry for late reply

      Delete
  4. The term '-Path' is not recognized as the name of a cmdlet

    ReplyDelete
    Replies
    1. hi, can u send ur complete script?

      Delete