In Part I of this series (Bulk Create Users in AD), we created a CSV file with one user we want to create in AD. We went through the individual cmdlet for creating an individual user: The Emperor. No Pressure, right? In Part II we’re going to create the loop to go through our CSV file and make sure it works on one user before adding in the rest of the users in our CSV. Let’s get started with Bulk Create Users in AD Part II!
\\\Build the Loop
Until now, we’ve been manually assigning values for our individual user. This works great for one user, but we need to assign dynamic values based on each user’s attributes in our CSV. If we take a gander at the attributes we’re defining, 5 of them should be coming from our CSV. Let’s go ahead and wrap this in a ForEach loop and use dot notation to get the specific values from our CSV.
Continuing with the splatting technique we used in Part I, we’re going to add the 5 attributes for the user already defined in our CSV: First, Last, Title, Allegiance, and Species. In this loop, $U represents each individual user in our collection of users ($Users).
#Splatting wrapped in a ForEach loop
Foreach($U in $Users){
$Parameters = @{
Name = 'Sheev.Palpatine'
GivenName = $U.First
Surname = $U.Last
SamAccountName = 'Sheev.Palpatine'
DisplayName = 'Sheev Palpatine'
UserPrincipalName = 'Sheev.Palpatine@empire.local'
AccountPassword = (ConvertTo-SecureString 'DarksideHasCookies1' -AsPlainText -Force)
Enabled = $true
ChangePasswordAtLogon = $true
Title = $U.Title
OtherAttributes = @{"Allegiance"=$U.Allegiance;"Species"=$U.Species}
}
New-ADUser @Parameters
}
\\\Almost Good
This is almost good…but we want to avoid having to hardcode things into our loop or having every attribute defined in our CSV if possible.
To accomplish this, we could build some strings and dynamically assign them from the information we already have in the CSV. By “could,” I mean will. The Name, GivenName, Surname, SamAccountName, DisplayName, and UserPrincipalName attributes are all variations of the same stuff. Nothing to get (force) choked up about.
\\\String Building
So, let’s look at how we could define these strings in our loop. First, the Empire requires us to use the naming convention “First.Last” for the Username but the DisplayName needs to be “First Last”. You don’t want to know what happened to the last guy who got those mixed up… We can define the variations we need by using the First and Last values from our CSV:
$FirstDotLast = "$($U.First).$($U.Last)"
$Display = "$($U.First) $($U.Last)"
Notice that for us to use dot notation inside a string we have to wrap it in $(), otherwise everything after the period is part of the string. Well, this takes care of the name variations, but we still need to add the UPN Suffix for the UserPrincipalName and SamAccountName attributes. Here are 4 ways we could define the UPN:
This is hardcoded with our specific UPN suffix since it’s most likely the same for all of our users:
$UPN = "$FirstDotLast@empire.local"
This uses the local DNS client to get the DNS suffix, but it only works if you have one suffix defined for searching:
$UPN = "$FirstDotLast@$((Get-DnsClientGlobalSetting).SuffixSearchList)"
Here, we’re using the Domain DNS Root to get the DNS Suffix:
$UPN = "$FirstDotLast@$((Get-ADDomain).DNSRoot)"
If we’ve only added one UPN Suffix in our Forest, we could also get it from the Forest:
$UPN = "$FirstDotLast@$((Get-ADForest).UPNSuffixes)"
\\\Updated Loop With Dynamic Variables
Choose 1 of the 4 options for the $UPN and let’s add our new variables ($FirstDotLast, $Display, and $UPN) to the top of our loop. Now that we’re dynamically defining these variables for each user, we also need to use them in our $Parameters block for the Name, GivenName, Surname, SamAccountName, DisplayName, and UserPrincipalName attributes. Here’s our updated Loop:
Foreach($U in $Users){
#Define Name Variations
$FirstDotLast = "$($U.First).$($U.Last)"
$Display = "$($U.First) $($U.Last)"
$UPN = "$FirstDotLast@empire.local"
#Define Parameters
$Parameters = @{
Name = $FirstDotLast
GivenName = $U.First
Surname = $U.Last
SamAccountName = $FirstDotLast
DisplayName = $Display
UserPrincipalName = $UPN
AccountPassword = (ConvertTo-SecureString 'DarksideHasCookies1' -AsPlainText -Force)
Enabled = $true
ChangePasswordAtLogon = $true
Title = $U.Title
OtherAttributes = @{"Allegiance"=$U.Allegiance;"Species"=$U.Species}
}
#Create New User in AD with the Parameters defined
New-ADUser @Parameters
}
Okay, so that’s looking pretty good so far. We have dynamic attributes, so our loop should be good for each user in our CSV…but we still haven’t created random passwords yet. I mean, we could just give them all the same password (something super complex like “Welcome1”, “DarksideHasCookies1”, or “SysAdminsRock”) and call it a day, but you might get some weird looks from the security team when you reveal your master plan. Although that does sound like fun, let’s not go that route.
And besides, who wants to take the easy route when you spend that much more time in your beloved shell of power? Check out Part III of Bulk Create Users in AD where we’ll look at creating a random password for each user!