what powers the hydrologic cycle

by FirstAttribute
Active Directory FAQ Active Directory FAQ

AD PowerShell Basics 1: New-ADUser

(Last Update) | Posted by Robin Immecke | Administration , Powershell |

 

AD PowerShell Basics 1: New-ADUser

In this small series, I want to introduce the most common Active Directory PowerShell cmdlets to you like New-ADUser.

With the cmdlet New-ADUser you can:
– Create new users,
– Add passwords or
– Bulk create users with a csv-file

Hr-linebreak1500

AD PowerShell Basics

I created the series AD PowerShell Basics to show you how to use basic PowerShell commands – and how to get a lot of information from or to Active Directory with only a little effort and a small script. The following Cmdlets will be introduced:

New-ADUser  
Get-ADUser
Set-ADUser
New-ADGroup, Get-ADGroup, Set-ADGroup

Hr-linebreak1500

The New-ADUser Cmdlet

Contents

  • 1 The New-ADUser Cmdlet
    • 1.1 Add First Name, Last Name and Target OU
    • 1.2 Add Password
    • 1.3 Change Password at First Login
  • 2 Bulk Import Users with New-ADUser
  • 3 Conclusion

In this first article I want to explain what you can do with the cmdlet New-ADUser. In general, the cmdlet is used to create new user objects in Active Directory. To use the command, it is mandatory to know the sAMAccountName of the user that shall be created. And this could look like that:

1
New-ADUser -Name Mike.Miller

If you run this line in a PowerShell the user with the sAMAccountname and the cn (common name) “Mike.Miller” will be created. Make sure you have installed the AD tools.

There is only this information (sAMAcountname, cn) set to the account:

  • No FirstName or LastName,
  • No attributes filled
  • No password set
  • User is created as “disabled” user

And the user account will be created in the “Standard” user container. But in most cases we do not want it to stay there.

Add First Name, Last Name and Target OU

It makes sense to add some more information. As explained before this is not mandatory, but if you really want to work with the user object in Active Directory it is somehow essential. You can add for example the following parameters:

1
New-ADUser -Name Mike.Miller -GivenName Mike -Surname Miller -Path “OU=Testuser,DC=Company,DC=Com”

With this line you can set the First Name, Last Name and the OU of the user account. And you can set almost all other attributes to specify a user in this way. There are just a few exceptions.
 

Add Password

User creation with New-ADUser gets a little bit more difficult, when it comes to adding a password. But setting a password has multiple benefits:

  1. You do not need to change the account again.
    Setting a password during the creation process safes you a lot of time.
  1. The account will be created as “enabled”, If you create it with a password,

Because only the respective user should know his own password, you should also make him change it after the first login. 
 

Change Password at First Login

Unfortunately, New-ADUser does not allow you to set a value like “Start12345” for the parameter –AccountPassword. You have to set it as a Secure String in this case.

There is an You can easily workaround it. Define a variable with the “password value” and transform it into a Secure String. This might look like this:

1
2
$password = “Start12345” | ConvertTo-SecureString -AsPlainText -Force
New-ADUser -Name Mike.Miller -GivenName Mike -Surname Miller -Path “OU=Testuser,DC=Company,DC=Com” -AccountPassword $Password -ChangePasswordAtLogon $True -Enabled $True

Nun haben Sie einen Account, der vom Benutzer direkt verwendet werden kann.
Dabei ist sichergestellt, dass er das Kennwort beim ersten Login neu vergeben muss.

Now you have an account that can be used directly by the user. And it is ensured that he has set a new password on first login.

FirstWare-IDM-Portal-click-create

Bulk Import Users with New-ADUser

So far so good. If you compare what we did with the creation of a user in the Active Directory Users and Computers console, PowerShell doesn’t seem that handy.

BUT, PowerShell and New-ADUser really get powerful, when it comes to the creation of several hundred user accounts at once. You just need one input file with all the necessary information.

I suggest a semicolon separated CSV file, as this is the European standard .
US should probably use comma separated CVS to avoid weird behavior of Excel when you open it again.
Create an Excel spreadsheet with columns for Name, FirstName, LastName and so on and save it to the CSV file format.

The CSV file for user bulk import could be looking like that:

import.csv-bulk-creation-new-aduser

In this example I also added the department where the users are employes. And I did not take care about the OU this time, because I want them all to be in the same OU. The OU “Testuser” will be set in the beginning. Of course you can add an OU for each user as well, for example if you have a separate OUs for each department.

Now you just need to add some more code to the lines we just wrote before and it will run the user creation for each line of your CSV file:

1
2
3
4
5
6
7
8
9
10
11
$Import =Import-CSV “c:\Test\import.csv”
$OU = “OU=Testuser,DC=Company,DC=Com”
 
Foreach ($user in $Import)
 
ConvertTo-SecureString -AsPlainText -Force
New-ADUser -Name $user.Name -GivenName $user.FirstName -Surname $user.LastName -Path $OU -AccountPassword $Password -ChangePasswordAtLogon $True -Enabled $True
 

What does the script do?

  1. It imports the CSV file.
  2. Sets the standard OU
  3. Calls each data record (line of your CSV), writes the password and creates the user account

We are using a “Foreach”-loop, which loads each user record with its parameters from the CSV file.

Conclusion

Creating users with the PowerShell cmdlet New-ADUser is very efficient and time saving, when it comes to the (recurring) creation of many users at the same time.

Looking for specialists for your Active Directory operation, optimization or migration?
We would be happy to support you –  Contact us if you would like to know more.

Did this help you? Share it or leave a comment:
  • Tweet
  • LinkedIn
  • Facebook
  • Google+
  • Mail
  • Reddit
  • StumbleUpon
  • Pinterest
  • Tumblr
  • Del
Article created: 26.04.2016
Tags: New-ADUser powershell
0

You also might be interested in

PowerShell and Multi Value Attributes in Active Directory

PowerShell and Multi Value Attributes in Active Directory

You can edit Multi Value Attributes with the PowerShell. But[…]

Powershell – Group Policy Cmdlets

Powershell – Group Policy Cmdlets

Windows Server 2008 R2 and Windows Remote Server Administration Tools[…]

PowerShell Log File Monitoring – AD Migration

PowerShell Log File Monitoring – AD Migration

A lot of log files need to be analyzed during[…]