Create Bulk Users in Active Directory using Powershell

Hello World!

I’m working on a project that requires us to setup a portal and make it public which customer (other companies) should able to access from their own local PC or from their own office. To make our life easy, we use SharePoint as based portal and setup some certificate to make it secured site (https) and then make it public using company domain etc….

The challenge here is how customers can access the site and what account they’re going to use?. Well, with the help of an architect, we come up to setup a separate Domain Controller for our customers only and these customers will use their own account created by us.

To make the story short, another challenge came up. This is how to create those accounts knowing there were more than 200+ customer company and each of them might have 100 users or more.

At the start, we manually created an AD account for them for each of the user. Then we feel that its very tedious to do so. I look for any possible solution to make our task easier 🙂 Thank you Mr. Google for the help.
Here is the solution:

  1. Put all your user information to CSV.
  2. Create PowerShell script that will import them to Active Directory.
  3. User account should be created and be added to their specified Active Directory Security Group.
  4. Done 🙂

Simple right? For you to visualize here are the steps.

1. We have list of users with their information like username, first name, surname, title, department, company name etc. In your CSV file, use the first column as header following the Active Directory attribute (to avoid confusion during scripting).  Save the file as “CustomerUser.csv”.
Here is a snapshot.ImageNote:
OrgUnit column was not an attribute in Active Directory. I inserted it there for me to know which Active Directory group (Security Group) where the user should be added.

2. Here is the exciting part.. PowerShell scripting… (I’m not good at it but at least it works). If you are using windows 7 or 8 you can use the editor in All Programs > Accessories > Windows PowerShell > Windows PowerShell ISE.
Create a new file then copy the script below and save it as “CreateUserFromCSV.ps1”.

#Import the PowerShell module containing AD cmdlets
Import-Module ActiveDirectory
write-host “Start Process” “Start Process”
write-host “Start Process” “————————————-“
try
{

#Read the CSV file
$csvPath = “C:\ImportUser\CustomerUser.csv”
$csvData = import-csv $csvPath
write-host “Reading the CSV file……”
#Loop through all items in the CSV items
ForEach ($user In $csvData)
{

$saMAccountName = $user.sAMAccountName
#Check if the User exists
$ADuser = Get-ADUser -LDAPFilter “(sAMAccountName=$saMAccountName)”
If ($ADuser -eq $Null)
{

#Create user using New-ADUser cmdlet
$path = ‘OU=’ + $user.OrgUnit + ‘,OU=Customer,DC=chikchok,DC=net’
$userPrincipalName = $user.sAMAccountName + “@chikchok.net”
New-ADUser -Name $user.cn
-SamAccountName $sAMAccountName
-UserPrincipalName $userPrincipalName
-GivenName $user.givenname
-Surname $user.sn
-DisplayName $user.displayName
-EmailAddress $user.mail
-Company $user.company
-Title $user.title
-Department $user.department
-AccountPassword (ConvertTo-SecureString “p@ssw0rd” -AsPlainText -Force)
-PasswordNeverExpires $true
-Path $path
-Enabled $true

}
else
{

write-host “- ” $user.sAMAccountName “|Account Exists” -ForegroundColor yellow

}

}

}
catch
{

write-host “Start Process” “Error: ” $($_.CategoryInfo) -ForegroundColor red
write-host “Start Process” “Message: ” $($_.Exception.Message) -ForegroundColor red

}
write-host “Start Process” “————————————-“
write-host “Start Process” “End Process”


3. Copy both the csv file and PowerShell script into your AD server. I created a folder name “ImportUser” in drive C.

CopyCSVandPowerShellToADServer

4. Open the Active Directory Users and Computers. And see the structure that we have.

I have an Organizational Unit (OU) “Customer” and under that I have separate Organizational Unit for each of the customer company. Then on the same level of “Customer”, I have created the “CustomerGroup” and inside it I added Active Directory group (Security Group) for each of the customer. The goal is, create the user and put it in Customer > [Customer Name] organizational unit. Then that user should be added in the security group in CustomerGroup > [Customer Name]

AD

Note:
Make sure that the Organizational Units and Security Groups are already crated. The PowerShell script above doesn’t have any instructions for creating the OU and the Security Group. (I will update this as soon as I have created and tested the script)

5. Open the Windows PowerShell as Administrator.

OpenPowerShell

6. Before we can run the script, we need to make sure that the “Execution Policy” allows you to execute the script.

To check the execution policy  type this “get-executionpolicy”

If the result is “Restricted” which will not allow you to run your script, run this command “set-executionpolicy remotesigned” then press “Y” or “y”.

That’s it.

Get-Policy

7. Here is how to execute your PowerShell script. One option is to go to your folder directory where the PowerShell script located and run the command
ExecutePowerShell

8. Verify the result.

Check if user is created on its designated OU. The user Tim Jones AD account was created under Customer > CustomerA OU.. which is correct.

ADUserCreated

Tim Jones is also added as member of CustomerA security group.

ADUserAddedinADGroup

I know there are more areas of improvements in this article like how to add logs, create OU if not exists, create Security Group if not exists.

Well, follow this blog and once I have it, I will definitely update this.

And there you go 🙂

If this helped you, please like this page and share it.. Thanks 🙂

7 thoughts on “Create Bulk Users in Active Directory using Powershell

  1. During the early days of PowerShell people didn’t get why you’d ever want it over a GUI. I used the example of adding a user and how much better the GUI was to add a user than the CLI. Everyone agreed but didn’t understand why I made the point. I think said, “now imagine it’s Aug and you have to add the entire Freshman class”.

    Most people got it then. 🙂

    Jeffrey Snover[MSFT]
    @jsnover
    Distinguished Engineer and Lead Architect for Windows Server and System Center

    • Nice point Jeffrey… Well, it may depends on how people wanted to makes their life easy. So it’s a matter of choice between GUI or CLI. 🙂 As long as they have the point.

      Btw, nice article for using write-host…

  2. Thanks! cool script… i added my needed strings to the script and works smooth!!

  3. I’ll give this script a try and will come back with the results.

  4. I can create user with above script but why user always disable.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s