So your company bought another company, you inherited an AD environment that was so jacked up you felt it was better to start over completely, your company used something other than AD (Is there really anything else?) before you arrived on the scene, or maybe you haven’t broken anything at work in a long time and you just want to fiddle around (with a dev box of course)…
In any of those scenarios, there are times where you need to create users in bulk. There are numerous ways of accomplishing this (LDIFDE, CSVDE, Dsadd, or even the manual GUI approach that fast tracks you to carpal tunnel), but we’re going to dive into PowerShell and bulk create users in AD from a CSV and give them all a unique, randomly-generated password.
\\\Prep the CSV
First, let’s prep the CSV. The column names don’t necessarily have to match the attribute name in AD, but it may be easier to follow if you make them match, especially if you sleep at all in between writing it and running it. I frequently revisit my scripts, notes, and really everything else in life and am genuinely bewildered by my former self and wonder, “what in the world was I thinking? Idiot.”
So, here I’ve created a CSV with several column headers that I’m going to import into my empire.local domain. To start with, I’ve populated the CSV with just one user (Emperor Palpatine…what was I thinking?? Go big or go home [dead]) so we can make sure our script is good and if we mess up, we mess up one time on one user instead of a gazillion.
(In this example, I’ve added additional attributes to my AD Schema so if you spend hours trying to find the Allegiance and Species attributes for the user class in AD, my bad.)
\\\Import the CSV
Now that we have one user in our CSV file, let’s save it somewhere and jump into the shell of power and go right to ludicrous speed. You can launch PowerShell on your workstation if you have the AD Module (get it with RSAT for your OS version) installed and run PS with an account that has privileges to create accounts in AD, or you can run this from the DC.
Let’s import our CSV into a variable so we can reference it and make sure everything looks right. I saved mine to my desktop and named it “TooManyUsers.csv” and imported it with this line:
$Users = Import-CSV C:\Users\star.killer\Desktop\TooManyUsers.csvGreat, now let’s call our $Users variable to make sure we know what we’re working with:
Cool, we can see that it grabbed our headers and our values accordingly.
\\\Create A New User in PS
Before we start building the ForEach loop, we first want to make sure we know the individual cmdlet and have all of the parameters correct.
The weapon of choice in our arsenal today will be the New-ADUser cmdlet. We have quite a few parameters (63) that are already available to configure attributes and other aspects of the user account. To find out more about the available parameters, you can type:
Get-Help New-ADUser -Parameter *\\\The One Liner
To make a long story short, there are a few required parameters that we have to set when creating a new user, quite a few that we can set, and for all attributes not specifically mentioned we have the ability to use the “-OtherAttributes” parameter.
Here’s an example of what I would do to create the user account for Palpatine, *ahem*, the Emperor:
New-ADUser -Name 'Sheev.Palpatine' -GivenName Sheev -Surname Palpatine -SamAccountName 'Sheev.Palpatine' -DisplayName 'Sheev Palpatine' -UserPrincipalName 'Sheev.Palpatine@empire.local' -AccountPassword (ConvertTo-SecureString "DarksideHasCookies1" -AsPlainText -Force) -Enabled $true -ChangePasswordAtLogon $true -Title "Emperor" -OtherAttributes @{"Allegiance"="Empire";"Species"="Human"}
I’m out of breath just reading this one-liner. And unless you work as a scribe on the side and love to scroll, let’s go ahead and take a look at a couple of options to “purty” it up so we don’t go cross-eyed:
\\\Readability
Using the Escape Character `
New-ADUser `<br /> -Name 'Sheev.Palpatine' `<br /> -GivenName Sheev `<br /> -Surname Palpatine `<br /> -SamAccountName 'Sheev.Palpatine' `<br /> -DisplayName 'Sheev Palpatine' `<br /> -UserPrincipalName 'Sheev.Palpatine@empire.local' `<br /> -AccountPassword (ConvertTo-SecureString "DarksideHasCookies1" -AsPlainText -Force) `<br /> -Enabled $true `<br /> -ChangePasswordAtLogon $true `<br /> -Title "Emperor" `<br /> -OtherAttributes @{"Allegiance"="Empire";"Species"="Human"}Using Splatting to define the Parameters
$Parameters = @{
Name = 'Sheev.Palpatine'
GivenName = 'Sheev'
Surname = 'Palpatine'
SamAccountName = 'Sheev.Palpatine'
DisplayName = 'Sheev Palpatine'
UserPrincipalName = 'Sheev.Palpatine@empire.local'
AccountPassword = (ConvertTo-SecureString 'DarksideHasCookies1' -AsPlainText -Force)
Enabled = $true
ChangePasswordAtLogon = $true
Title = "Emperor"
OtherAttributes = @{"Allegiance"="Empire";"Species"="Human"}
}
New-ADUser @Parameters\\\The Test
Okay, choose your poison and let’s try to run this to create one user and make sure it worked as expected.
Well, there wasn’t any magic sparkles or anything after we ran it. No pat on the back, raise, or promotion. Let’s check in Active Directory Users and Computers and see if Mr. Palpatine is there:
Nice! Emperor Palpatine will be well pleased that we created his AD account with (force) lightning speed!
The account is looking good on my end and if you’re satisfied with what this looks like, our next step is to build a loop to go through each user we have in the CSV which we’ll do In Part II of Bulk Create Users in AD. We’ll also look at building the loop to actually create the user accounts and do a little bit of manipulation in the script to fill in the gaps, so we can keep our CSV simple and clean with only the necessities. Check out Part II!