Create AD User using PowerShell

Here we will see how to create single and bulk AD users using PowerShell

  1. Import Active Directory module
  2. Use New-ADUser cmdlet with proper syntax

Run PowerShell as Administrator

1. Import Active Directory module:

To work on Active Directory cmdlets a separate module needs to be imported. Any AD cmdlets will be available only after this module is imported. To import module, use below cmdlet

Import-Module ActiveDirectory
PowerShell

2. Check AD user creation cmdlets:

To find the PowerShell cmdlets available for AD User management use below cmdlet.

Get-Command -Name *Aduser*
  • ‘Get-Command’ will fetch the commands (cmdlets) available by name.
  • The wild-cards(*) character represents any characters that appear before and after “Aduser” word
PowerShell

3. Create AD user

First we will see how to create single AD user using PowerShell cmdlet

For creating user ‘New-ADUser’ cmdlet along with various parameters. To find parameters available for New-ADUser cmdlet use below cmdlets

Get-Help New-ADUser
	or
Get-Command New-ADUser -Syntax
PowerShell

Below is the cmdlet example for creating new AD user

New- Aduser
-Name “Dinesh Karthik”
-SamAccountName “Dinesh Karthik”
-DisplayName “Dinesh Karthik”
-GivenName “Dinesh”
-Surname “Karthik”
-UserPrincipalName dinesh.karthik@abc.com
-AccountPassword (Read-Host -AsSecureString “Enter Password”)
-Enabled $true	
  • The parameter -AccountPassword is set to input the password using ‘Read-Host’ cmdlet at user. This will allow you to enter the password after running the cmdlet. Make sure the password meets required length and complexity policy.
  • The '-AsSecureString' converts your entered password string to encrypted standard string
  • Whenever the user account is created using PowerShell by-default the account is not enabled. Hence, we need to user ‘-Enabled’ parameter with ‘$true’. Please note the ‘$’sign as it is a Boolean value
  • Parameters 'GivenName', 'SurName' and 'DisplayName' are optional
PowerShell

Validate the user created:

Use 'Get-AdUser' cmdlet with '-Filter' and '-Properties' parameters to fetch the user list.

Get-Aduser -filter * -Properties * | select Name
The above cmdlet :
  • 'Get-AdUser' is used to get all the list of users
  • '-Filter' for filter (mandatory). I have set it * as I need all filters
  • '-Properties' to set the required properties.
  • Select is used to display by ‘Name’ property. You can use multiple properties separated by comma (,)
PowerShell

A graphical output is here

PowerShell

Create bulk users using CSV file

To create AD users in bulk create a list of users with all requrired fields/attributes and user details and save file in .CSV format. Please note PowerShell will only support .CSV file.

PowerShell

Now use below script and save as .ps1 file.


		$UserList = Import-Csv "C:\User List\UserList.csv";

		foreach($User in $UserList)
		{
			$samAccount = $user.samaccountname
			$FirstName = $User.FirstName
			$LastName = $User.LastName
			$OU = $User.OU
			$DisplayName = $User.DisplayName
			$upn = $User.Mail
			$Password = (ConvertTo-SecureString $Password -AsPlainText -Force)

			#Check if user already exists
			if(Get-AdUser -Filter {SamAccountName -eq $samAccount})
			{
			  
			  Write-Warning "User $DisplayName already exists. Please choose different user name"

			}
			  else		   
		   {

			  New-ADUser -SamAccountName $samAccount `
			 -UserPrincipalName $upn `
			 -Name $DisplayName `
			 -EmailAddress $samAccount `
			 -Path $OU `
			 -AccountPassword $Password `
			 -Enabled $true       
			 
			}      			
		}	
	
  • 'Import-Csv' is used to import the CSV file
  • 'foreach($User in $UserList)' this is a for each loop. $User is a variable used to point each of the rows in the $UserList. i.e. CSV file imported above.
  • Note hat we have used back-tick (') which is also called wordwrap operator since we have written cmdlet to next line rather than a single line.
PowerShell

Leave a Reply

Your email address will not be published.