Quickly create as many Active Directory users as you want using this easy to follow tutorial. This will not only save you time, but will keep all of the user creation details and information standardized.
I produced a couple other tutorials with a slightly different method and script, but I feel this one is a lot more simple and easier to work with.
Why manually create multiple users in Active Directory when you can script it using PowerShell? Especially since most of the server roles is PowerShell on the back-end with a gui front-end.
Powershell – Create Multiple Users in Active Directory Quickly
1. Information
Objective:
- Simplify the creation of multiple users in Active Directory.
- Maintain standardization for punctuation and the proper fields needing to be filled in.
What you will need:
- New-Users_Sent.xlsx – The spreadsheet we are sending to HR
- New-Users_Returned.xlsx – The returned spreadsheet from HR
- NewUsers.csv – The CSV version of the New-Users_Returned.xlsx spreadsheet
- Add-NewUsers.ps1 – (rename by removing the trailing _.txt) Powershell script that will create the user accounts
Additional requirements:
- Quest ActiveRoles ADManagement Powershell Snapin
- .net Framework 3.5 with SP1 or higher
2. Create the files
Construct your New-Users_Sent.xlsx spreadsheet
Launch Excel and setup the basic spreadsheet structure. Or simply download the one I created.
Send the spreadsheet to whomever is in charge of new employees/students
When you receive the file back with all of the new user names, open it up to verify there are no errors or issues.
Save the file as New-Users_Returned.xlsx so you have a copy of the original file.
While the file is still open, do a Save-As and select CSV (Comma delimited) (*.csv), then name the file NewUsers.csv
Next we need to create the Powershell script.
You can either open up Powershell ISE or Notepad. In this tutorial, we will use Notepad.
Copy and paste the following code into a new text document:
Import-Csv "NewUsers.csv" | ForEach-Object {
$userPrinc = $_."Logon Username" + "@pca.hq"
New-QADUser -Name $_.Name `
-ParentContainer $_."Container" `
-SamAccountName $_."Logon Username" `
-UserPassword "pass123!ForWhat" `
-FirstName $_."First Name" `
-LastName $_."Last Name" `
-LogonScript "students.bat" `
-Description $_."Graduating Year" `
-UserPrincipalName $userPrinc `
-DisplayName $_."Name" ;`
Add-QADGroupMember -identity $_."Graduating Year" -Member $_."Logon Username" ;`
Set-QADUser -identity $_."Logon Username" `
-UserMustChangePassword $true `
}
Save the file as Add-NewUsers.ps1 – make sure you select All files (*.) in the Save as type: field
3. Install the remaining requirements
Download the Quest ActiveRoles ADManagement snapin for Powershell. Once the download is complete, install it by double clicking the downloaded .msi file and running through the wizard.
If you get an error about needing .net framework 3.5 with SP1 or later, visit your Server Manager and install it through Add Features.
Don’t forget to set your execution policy to unrestricted or you might see an error when you try and run the script. To set your execution policy:
Set-ExecutionPolicy Unrestricted
Once installed, we need to add the snapin to the your Powershell session.
Open up Powershell (make sure you run it elevated – right click on Powershell.exe and select RunAs Administrator)
At the promt, type the following:
Add-PSSnapin quest.activeroles.admanagement
At this point, lets double check that our OUs (Organizational Units) in Active Directory are ready to go, and that the spreadsheet data match the OU locations.
4. Run the script
If everything looks good to go, lets try running the script.
In Powershell, change your working directory to the directory where you stored your files. In my case, they are at C:\bin\
At this point, it’s as simple as just typing the name of the script and pressing enter.
.\Add-NewUsers.ps1
If the script completes without any errors, check your OUs to verify you have the new students imported. Also double check the custom fields you had automatically inputted.
If you do see any errors, read the errors carefully. They usually provide all the information you need to troubleshoot the problem. If you are stuck, please feel free to leave a comment below and I will be happy to assist.
5. Additional Fields / Stuff
Lets say you want to also include an H:\ for your users. With my tests, trying to include this within the script did not go well. The reason being the user account running the script was creating the folders on the network share and was having the permissions set under that account versus the actual user.
For this reason, it’s a fairly simple and quick process to highlight all the users in an OU, right click any of them, and select properties.
Click the Profile tab, select Home folder, select Connect, click the drop-down and select the drive letter, and then input the network share where your home folders are located. Use the environment variable %username% so that for each user, the folder will get named what the username is in Active Directory.
Click Apply and you should be done!
6. Summary
This worked very well for me recently in a real world environment. One of my main goals as a Systems Administrator Consultant, as well as my position at a hospital in the Information Systems department, is to try and reduce the time needed to perform repetitive tasks. Automation is key in this industry.
Don’t get left behind by not learning to automate some of your tasks using tools such as Powershell.
I hope this tutorial has helped you out in some form. Don’t be afraid to leave a comment below! Do you have a process you use that works well for you? Please share it by posting below!