In Part I of this series (Bulk Create Users in AD), we created a CSV file with one user we want to create in AD. We went through the individual cmdlet for creating an individual user: The Emperor. No Pressure, right? In Part II we’re going to create the loop to go through our CSV file and make sure it works on one user before adding in the rest of the users in our CSV. Let’s get started with Bulk Create Users in AD Part II!

\\\Build the Loop

Until now, we’ve been manually assigning values for our individual user. This works great for one user, but we need to assign dynamic values based on each user’s attributes in our CSV. If we take a gander at the attributes we’re defining, 5 of them should be coming from our CSV. Let’s go ahead and wrap this in a ForEach loop and use dot notation to get the specific values from our CSV.

Continuing with the splatting technique we used in Part I, we’re going to add the 5 attributes for the user already defined in our CSV: FirstLastTitleAllegiance, and Species. In this loop, $U represents each individual user in our collection of users ($Users).

#Splatting wrapped in a ForEach loop
Foreach($U in $Users){
    $Parameters = @{
        Name = 'Sheev.Palpatine'
        GivenName = $U.First
        Surname = $U.Last
        SamAccountName = 'Sheev.Palpatine'
        DisplayName = 'Sheev Palpatine'
        UserPrincipalName = 'Sheev.Palpatine@empire.local'
        AccountPassword = (ConvertTo-SecureString 'DarksideHasCookies1' -AsPlainText -Force)
        Enabled = $true
        ChangePasswordAtLogon = $true
        Title = $U.Title
        OtherAttributes = @{"Allegiance"=$U.Allegiance;"Species"=$U.Species}
    }
    New-ADUser @Parameters
}

\\\Almost Good

This is almost good…but we want to avoid having to hardcode things into our loop or having every attribute defined in our CSV if possible.

To accomplish this, we could build some strings and dynamically assign them from the information we already have in the CSV. By “could,” I mean will. The NameGivenNameSurnameSamAccountNameDisplayName, and UserPrincipalName attributes are all variations of the same stuff. Nothing to get (force) choked up about.

\\\String Building

So, let’s look at how we could define these strings in our loop. First, the Empire requires us to use the naming convention “First.Last”  for the Username but the DisplayName needs to be “First Last”. You don’t want to know what happened to the last guy who got those mixed up… We can define the variations we need by using the First and Last values from our CSV:

$FirstDotLast = "$($U.First).$($U.Last)"
$Display = "$($U.First) $($U.Last)"

Notice that for us to use dot notation inside a string we have to wrap it in $(), otherwise everything after the period is part of the string. Well, this takes care of the name variations, but we still need to add the UPN Suffix for the UserPrincipalName and SamAccountName attributes. Here are 4 ways we could define the UPN:

This is hardcoded with our specific UPN suffix since it’s most likely the same for all of our users:

$UPN = "$FirstDotLast@empire.local"

This uses the local DNS client to get the DNS suffix, but it only works if you have one suffix defined for searching:

$UPN = "$FirstDotLast@$((Get-DnsClientGlobalSetting).SuffixSearchList)"

Here, we’re using the Domain DNS Root to get the DNS Suffix:

$UPN = "$FirstDotLast@$((Get-ADDomain).DNSRoot)"

If we’ve only added one UPN Suffix in our Forest, we could also get it from the Forest:

$UPN = "$FirstDotLast@$((Get-ADForest).UPNSuffixes)"

\\\Updated Loop With Dynamic Variables

Choose 1 of the 4 options for the $UPN and let’s add our new variables ($FirstDotLast, $Display, and $UPN) to the top of our loop. Now that we’re dynamically defining these variables for each user, we also need to use them in our $Parameters block for the NameGivenNameSurnameSamAccountNameDisplayName, and UserPrincipalName attributes. Here’s our updated Loop:

Foreach($U in $Users){
    #Define Name Variations
    $FirstDotLast = "$($U.First).$($U.Last)"
    $Display = "$($U.First) $($U.Last)"
    $UPN = "$FirstDotLast@empire.local"
    #Define Parameters
    $Parameters = @{
        Name = $FirstDotLast
        GivenName = $U.First
        Surname = $U.Last
        SamAccountName = $FirstDotLast
        DisplayName = $Display
        UserPrincipalName = $UPN
        AccountPassword = (ConvertTo-SecureString 'DarksideHasCookies1' -AsPlainText -Force)
        Enabled = $true
        ChangePasswordAtLogon = $true
        Title = $U.Title
        OtherAttributes = @{"Allegiance"=$U.Allegiance;"Species"=$U.Species}
    }
    #Create New User in AD with the Parameters defined
    New-ADUser @Parameters
}

Okay, so that’s looking pretty good so far. We have dynamic attributes, so our loop should be good for each user in our CSV…but we still haven’t created random passwords yet. I mean, we could just give them all the same password (something super complex like “Welcome1”, “DarksideHasCookies1”, or “SysAdminsRock”) and call it a day, but you might get some weird looks from the security team when you reveal your master plan. Although that does sound like fun, let’s not go that route.

And besides, who wants to take the easy route when you spend that much more time in your beloved shell of power? Check out Part III of Bulk Create Users in AD where we’ll look at creating a random password for each user!

OTHER POSTS YOU WANT TO READ

Index Scripts for Windows Search

So you just finished writing some code and you go to save your file. You summarize all of the important aspects this section of code contains into a nice, easy-to-read file name that your future self will immediately recognize. Fast forward to the future where you...

Array vs ArrayList (PowerShell)

For some tasks in life, being precise is a necessity. But most of us get away with rounding, paraphrasing, and hitting in the general vicinity most of the time. Depending on your personality, you may be one who strives for perfection and strains on every miniscule...

Spice Up HTML Emails with PowerShell – Part III

So far in this series we've fumbled our way around the kitchen and tried to wing it when sending HTML emails with PowerShell. It was clunky to say the least. We then went through our spice rack and built an HTML template, highlighting the nuances of each spicy element...

Spice up HTML Emails with PowerShell – Part II

In Part I of our scrumptious concoction we put our script into the oven to let it bake. But we forgot to add our secret sauce that's sure to leave our recipients drooling, which is clearly our goal. In this post we'll continue to spice up HTML emails with PowerShell...

Spice Up HTML Emails with PowerShell – Part I

I live in the South, specifically in God's country AKA TEXAS BABAY! There's plenty of amazing things about Texas and definitely some reasons to loathe being from Houston, but it's hard to knock our food. I mean, is there really even a debate between Whataburger vs...
%d