I’m working on a project that requires us to setup a portal and make it public which customer (other companies) should able to access from their own local PC or from their own office. To make our life easy, we use SharePoint as based portal and setup some certificate to make it secured site (https) and then make it public using company domain etc….
The challenge here is how customers can access the site and what account they’re going to use?. Well, with the help of an architect, we come up to setup a separate Domain Controller for our customers only and these customers will use their own account created by us.
To make the story short, another challenge came up. This is how to create those accounts knowing there were more than 200+ customer company and each of them might have 100 users or more.
At the start, we manually created an AD account for them for each of the user. Then we feel that its very tedious to do so. I look for any possible solution to make our task easier 🙂 Thank you Mr. Google for the help.
Here is the solution:
- Put all your user information to CSV.
- Create PowerShell script that will import them to Active Directory.
- User account should be created and be added to their specified Active Directory Security Group.
- Done 🙂
Simple right? For you to visualize here are the steps.
1. We have list of users with their information like username, first name, surname, title, department, company name etc. In your CSV file, use the first column as header following the Active Directory attribute (to avoid confusion during scripting). Save the file as “CustomerUser.csv”.
Here is a snapshot.Note:
OrgUnit column was not an attribute in Active Directory. I inserted it there for me to know which Active Directory group (Security Group) where the user should be added.
2. Here is the exciting part.. PowerShell scripting… (I’m not good at it but at least it works). If you are using windows 7 or 8 you can use the editor in All Programs > Accessories > Windows PowerShell > Windows PowerShell ISE.
Create a new file then copy the script below and save it as “CreateUserFromCSV.ps1”.
write-host “Start Process” “Start Process”
write-host “Start Process” “————————————-“
$csvPath = “C:\ImportUser\CustomerUser.csv”
$csvData = import-csv $csvPath
write-host “Reading the CSV file……”
#Loop through all items in the CSV items
ForEach ($user In $csvData)
#Check if the User exists
$ADuser = Get-ADUser -LDAPFilter “(sAMAccountName=$saMAccountName)”
If ($ADuser -eq $Null)
$path = ‘OU=’ + $user.OrgUnit + ‘,OU=Customer,DC=chikchok,DC=net’
$userPrincipalName = $user.sAMAccountName + “@chikchok.net”
New-ADUser -Name $user.cn
-AccountPassword (ConvertTo-SecureString “p@ssw0rd” -AsPlainText -Force)
write-host “Start Process” “Message: ” $($_.Exception.Message) -ForegroundColor red
write-host “Start Process” “————————————-“
write-host “Start Process” “End Process”
3. Copy both the csv file and PowerShell script into your AD server. I created a folder name “ImportUser” in drive C.
4. Open the Active Directory Users and Computers. And see the structure that we have.
I have an Organizational Unit (OU) “Customer” and under that I have separate Organizational Unit for each of the customer company. Then on the same level of “Customer”, I have created the “CustomerGroup” and inside it I added Active Directory group (Security Group) for each of the customer. The goal is, create the user and put it in Customer > [Customer Name] organizational unit. Then that user should be added in the security group in CustomerGroup > [Customer Name]
Make sure that the Organizational Units and Security Groups are already crated. The PowerShell script above doesn’t have any instructions for creating the OU and the Security Group. (I will update this as soon as I have created and tested the script)
5. Open the Windows PowerShell as Administrator.
6. Before we can run the script, we need to make sure that the “Execution Policy” allows you to execute the script.
To check the execution policy type this “get-executionpolicy”
If the result is “Restricted” which will not allow you to run your script, run this command “set-executionpolicy remotesigned” then press “Y” or “y”.
8. Verify the result.
Check if user is created on its designated OU. The user Tim Jones AD account was created under Customer > CustomerA OU.. which is correct.
Tim Jones is also added as member of CustomerA security group.
I know there are more areas of improvements in this article like how to add logs, create OU if not exists, create Security Group if not exists.
Well, follow this blog and once I have it, I will definitely update this.
And there you go 🙂
If this helped you, please like this page and share it.. Thanks 🙂