Select Page

So your company bought another company, you inherited an AD environment that was so jacked up you felt it was better to start over completely, your company used something other than AD (Is there really anything else?) before you arrived on the scene, or maybe you haven’t broken anything at work in a long time and you just want to fiddle around (with a dev box of course)…

In any of those scenarios, there are times where you need to create users in bulk. There are numerous ways of accomplishing this (LDIFDECSVDEDsadd, or even the manual GUI approach that fast tracks you to carpal tunnel), but we’re going to dive into PowerShell and bulk create users in AD from a CSV and give them all a unique, randomly-generated password.

\\\Prep the CSV

First, let’s prep the CSV. The column names don’t necessarily have to match the attribute name in AD, but it may be easier to follow if you make them match, especially if you sleep at all in between writing it and running it. I frequently revisit my scripts, notes, and really everything else in life and am genuinely bewildered by my former self and wonder, “what in the world was I thinking? Idiot.”

So, here I’ve created a CSV with several column headers that I’m going to import into my empire.local domain. To start with, I’ve populated the CSV with just one user (Emperor Palpatine…what was I thinking?? Go big or go home [dead]) so we can make sure our script is good and if we mess up, we mess up one time on one user instead of a gazillion.

(In this example, I’ve added additional attributes to my AD Schema so if you spend hours trying to find the Allegiance and Species attributes for the user class in AD, my bad.)

\\\Import the CSV

Now that we have one user in our CSV file, let’s save it somewhere and jump into the shell of power and go right to ludicrous speed. You can launch PowerShell on your workstation if you have the AD Module (get it with RSAT for your OS version) installed and run PS with an account that has privileges to create accounts in AD, or you can run this from the DC.

Let’s import our CSV into a variable so we can reference it and make sure everything looks right. I saved mine to my desktop and named it “TooManyUsers.csv” and imported it with this line:

$Users = Import-CSV C:\Users\star.killer\Desktop\TooManyUsers.csv

Great, now let’s call our $Users variable to make sure we know what we’re working with:

Cool, we can see that it grabbed our headers and our values accordingly.

\\\Create A New User in PS

Before we start building the ForEach loop, we first want to make sure we know the individual cmdlet and have all of the parameters correct.

The weapon of choice in our arsenal today will be the New-ADUser cmdlet. We have quite a few parameters (63) that are already available to configure attributes and other aspects of the user account. To find out more about the available parameters, you can type:

Get-Help New-ADUser -Parameter *

\\\The One Liner

To make a long story short, there are a few required parameters that we have to set when creating a new user, quite a few that we can set, and for all attributes not specifically mentioned we have the ability to use the “-OtherAttributes” parameter.

Here’s an example of what I would do to create the user account for Palpatine, *ahem*, the Emperor:

New-ADUser -Name 'Sheev.Palpatine' -GivenName Sheev -Surname Palpatine -SamAccountName 'Sheev.Palpatine' -DisplayName 'Sheev Palpatine' -UserPrincipalName 'Sheev.Palpatine@empire.local' -AccountPassword (ConvertTo-SecureString "DarksideHasCookies1" -AsPlainText -Force) -Enabled $true -ChangePasswordAtLogon $true -Title "Emperor" -OtherAttributes @{"Allegiance"="Empire";"Species"="Human"}

I’m out of breath just reading this one-liner. And unless you work as a scribe on the side and love to scroll, let’s go ahead and take a look at a couple of options to “purty” it up so we don’t go cross-eyed:

\\\Readability

Using the Escape Character `
New-ADUser `<br /> -Name 'Sheev.Palpatine' `<br /> -GivenName Sheev `<br /> -Surname Palpatine `<br /> -SamAccountName 'Sheev.Palpatine' `<br /> -DisplayName 'Sheev Palpatine' `<br /> -UserPrincipalName 'Sheev.Palpatine@empire.local' `<br /> -AccountPassword (ConvertTo-SecureString "DarksideHasCookies1" -AsPlainText -Force) `<br /> -Enabled $true `<br /> -ChangePasswordAtLogon $true `<br /> -Title "Emperor" `<br /> -OtherAttributes @{"Allegiance"="Empire";"Species"="Human"}
Using Splatting to define the Parameters
$Parameters = @{
    Name = 'Sheev.Palpatine'
    GivenName = 'Sheev'
    Surname = 'Palpatine'
    SamAccountName = 'Sheev.Palpatine'
    DisplayName = 'Sheev Palpatine'
    UserPrincipalName = 'Sheev.Palpatine@empire.local'
    AccountPassword = (ConvertTo-SecureString 'DarksideHasCookies1' -AsPlainText -Force)
    Enabled = $true
    ChangePasswordAtLogon = $true
    Title = "Emperor"
    OtherAttributes = @{"Allegiance"="Empire";"Species"="Human"}
}
New-ADUser @Parameters

\\\The Test

Okay, choose your poison and let’s try to run this to create one user and make sure it worked as expected.

Well, there wasn’t any magic sparkles or anything after we ran it. No pat on the back, raise, or promotion. Let’s check in Active Directory Users and Computers and see if Mr. Palpatine is there:

Nice! Emperor Palpatine will be well pleased that we created his AD account with (force) lightning speed!

The account is looking good on my end and if you’re satisfied with what this looks like, our next step is to build a loop to go through each user we have in the CSV which we’ll do In Part II of Bulk Create Users in AD. We’ll also look at building the loop to actually create the user accounts and do a little bit of manipulation in the script to fill in the gaps, so we can keep our CSV simple and clean with only the necessities. Check out Part II!

OTHER POSTS YOU WANT TO READ

Spice Up HTML Emails with PowerShell – Part III

So far in this series we've fumbled our way around the kitchen and tried to wing it when sending HTML emails with PowerShell. It was clunky to say the least. We then went through our spice rack and built an HTML template, highlighting the nuances of each spicy element...

Spice up HTML Emails with PowerShell – Part II

In Part I of our scrumptious concoction we put our script into the oven to let it bake. But we forgot to add our secret sauce that's sure to leave our recipients drooling, which is clearly our goal. In this post we'll continue to spice up HTML emails with PowerShell...

Spice Up HTML Emails with PowerShell – Part I

I live in the South, specifically in God's country AKA TEXAS BABAY! There's plenty of amazing things about Texas and definitely some reasons to loathe being from Houston, but it's hard to knock our food. I mean, is there really even a debate between Whataburger vs...

Disable O365 Apps in License (PowerShell)

If it's free, it's better. This is basically my mantra for life and a really easy one to follow at that. You can apply it to all sorts of things: ice cream, candy, food. Okay, maybe just free food tastes better when you know you didn't have to pay for it. Especially...

Font Installer Script (PowerShell)

Things have smells. I know, this is a revolutionary idea and you may need to stop right here and take a breather while you process this massive revelation. Things that are brand new have a particular smell that vanishes shortly after hitting your nostrils. It's...
%d bloggers like this: