How to: Create Active Directory Users using PowerShell
Not unlike several posts in recent weeks, tonight’s adventures in PowerShelling started with from a conversation at SharePoint Saturday New Hampshire with the Iowan treasure Todd Klindt. The conversation was around the script that he used to create Active Directory users. I had my own bit of jumbled together code for this purpose, but his has some snazzy ifelse-ness to it and the ability to set Managers and add Pictures that made it especially appealing.
At the same time there were things in his script that I felt were a bit lacking and it lead to the whole “I can write that code in 2 hours” game not unlike a name that tune style geek-out.
Rather than reiterating all of the goodness that Todd built into his version of the script I will refer you to his post: http://www.toddklindt.com/PoshMakeUsers to read all of his fun comments.
Instead I will regale you with the updates that I have made:
- Specify an OU – I am an old school AD guy at heart and I HATE a mess Users directory where I can’t find anything. I always end up moving my SQL & SharePoint Service accounts to their own OU, as well as my dummy test accounts. This tweak to the script asks you what OU you want the accounts created in and then will create the OU if it doesn’t already exist (given you have those rights). If you hit enter it will default to attempting to place the accounts in an OU called “SharePoint Service Accounts”.
- Prompt for the CSV input file – I have multiple files that I use in different dev environments for different purposes: a.) SQL service accounts b.) SharePoint service accounts c.) Dummy user accounts d.) Smart user accounts e.) etc, etc, etc. The script now prompts for which CSV file you want to import the users from. Hitting enter when prompted will look for a file called Users.csv in the local running directory.
**Updated**
- Change the default password – On Todd’s Netcast tonight he mentioned this little bit of code, however I hadn’t actually written it yet. Nothing like throwing down the gauntlet there, Mr. Klindt! In response I whipped up version 3.1 of the script which now allows you to change the default password as a variable when run. If you choose nothing it will default to the pass@word1 standard.
Here is a copy of the code:
# Script to create Active Directory accounts # v3.1 11/26/2012 # Updated by Jason Himmelstein # https://sharepointlonghorn.com # Based upon the script by Todd Klindt # http://www.toddklindt.com # Add the Active Directory bits and not complain if they're already there Import-Module ActiveDirectory -ErrorAction SilentlyContinue $OU= Read-Host -Prompt "Enter OU name you want. Press Enter for SharePoint Service Accounts" If ($OU -eq "") {$OU = 'SharePoint Service Accounts'} $FQDN = (Get-ADDomain).DistinguishedName If ([adsi]::Exists("LDAP://OU=$OU, $FQDN") -eq $True){ write-host "The OU already exist" -ForegroundColor DarkGreen -BackgroundColor Gray} else{dsadd ou "ou=$OU,$FQDN"} $OU_specified = "ou=$OU,$FQDN" # specify the file location $csvfile = 'users.csv' $userfile = Read-Host -Prompt " Enter the location of the CSV file containing the users you want to import. Press Enter for $csvfile" If ($userfile -eq "") {$userfile = $csvfile} # set default password # change pass@word1 to whatever you want the account passwords to be $userpassword = Read-Host -Prompt "Enter default password you wish to set for all of these accounts. Press Enter for pass@word1" If ($userpassword -eq "") {$userpassword = 'pass@word1'} $password = (ConvertTo-SecureString $userpassword -AsPlainText -Force) # Get domain DNS suffix $dnsroot = '@' + (Get-ADDomain).DistinguishedName # Import the file with the users. You can change the filename to reflect your file $users = Import-Csv $userfile foreach ($user in $users) { if ($user.manager -eq "") # In case it's a service account or a boss { try { New-ADUser -SamAccountName $user.SamAccountName -path $OU_specified -Name ($user.FirstName + " " + $user.LastName) ` -DisplayName ($user.FirstName + " " + $user.LastName) -GivenName $user.FirstName -Surname $user.LastName ` -EmailAddress ($user.SamAccountName + $dnsroot) -UserPrincipalName ($user.SamAccountName + $dnsroot) ` -Title $user.title -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true ` -AccountPassword $password -PassThru ` } catch [System.Object] { Write-Output "Could not create user $($user.SamAccountName), $_" } } else { try { New-ADUser -SamAccountName $user.SamAccountName -path $OU_specified -Name ($user.FirstName + " " + $user.LastName) ` -DisplayName ($user.FirstName + " " + $user.LastName) -GivenName $user.FirstName -Surname $user.LastName ` -EmailAddress ($user.SamAccountName + $dnsroot) -UserPrincipalName ($user.SamAccountName + $dnsroot) ` -Title $user.title -manager $user.manager ` -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true ` -AccountPassword $password -PassThru ` } catch [System.Object] { Write-Output "Could not create user $($user.SamAccountName), $_" } } # Put picture part here. $filename = "$($user.SamAccountName).jpg" Write-Output $filename if (test-path -path $filename) { Write-Output "Found picture for $($user.SamAccountName)" $photo = [byte[]](Get-Content $filename -Encoding byte) Set-ADUser $($user.SamAccountName) -Replace @{thumbnailPhoto=$photo} } }
If you are looking for the downloadable PowerShell or text file version, please find them linked below. Happy PowerShelling!