Sign in

PowerShell Automation: Creating Active Directory User Accounts

Kenneth Tong, Fang Jie Lim

3 min read
PowerShell Automation: Creating Active Directory User Accounts

Throughout many of our managed IT projects, we frequently receive requests to set up multiple user accounts at once within a standard Windows Active Directory environment. In fact, there was one project where we needed to create nearly 100 user accounts in a single batch. Instead of manually adding each account through the Active Directory Users and Computers Console—which can be both time-consuming and labour-intensive—let’s look at how we can streamline and automate this process using PowerShell scripting.

Cmdlets

To automate the creation of Active Directory user accounts, we utilize two essential PowerShell cmdlets: Import-Csv and New-ADUser.

The Import-Csv cmdlet reads data from a CSV file and converts each row into a PowerShell object. This enables easy access to user information, such as names and email addresses, which can then be used in scripts for tasks like account creation.

Import-Csv (Microsoft.PowerShell.Utility) - PowerShell
The Import-Csv cmdlet creates table-like custom objects from the items in CSV files. Each column in the CSV file becomes a property of the custom object and the items in rows become the property values. Import-Csv works on any CSV file, including files that are generated by the Export-Csv cmdlet. You can use the parameters of the Import-Csv cmdlet to specify the column header row and the item delimiter, or direct Import-Csv to use the list separator for the current culture as the item delimiter. You can also use the ConvertTo-Csv and ConvertFrom-Csv cmdlets to convert objects to CSV strings (and back). These cmdlets are the same as the Export-Csv and Import-Csv cmdlets, except that they work with data from the pipeline instead of from files. If a header row entry in a CSV file contains an empty or null value, PowerShell inserts a default header row name and displays a warning message. Starting with PowerShell 6.0, Import-Csv now supports the W3C Extended Log File Format.
Microsoft Learnsdwheeler

The New-ADUser cmdlet is used to create new user accounts in Active Directory. It allows administrators to specify various attributes for each user, such as their name, username, and organizational unit placement, facilitating efficient and consistent account provisioning.

New-ADUser (ActiveDirectory)
Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
Microsoft Learnrobinharwood

Assembling the Script

Now that we have gathered the necessary tools (or cmdlets in this case), let's begin crafting our user account creation script.

  1. We read user account data from a CSV file, which contains details like usernames, full names, and other relevant information by invoking Import-Csv.
  2. We iterate over each row in the CSV to retrieve the attributes for each user.
  3. We use these attributes to add the user to the Active Directory domain by invoking New-ADUser.

This process repeats for every user listed in the CSV file, ensuring efficient and consistent account creation across all users. After assembling the steps together, we get the following script:

$companyDomain = "company.com" # Replace company.com with your Active Directory domain name
$newUsersFilePath = "NewUsers.csv"

Import-Csv $newUsersFilePath | ForEach-Object {
    New-ADUser `
        -Name $_.FullName `
        -GivenName $_.FirstName `
        -Surname $_.LastName `
        -Department $_.Department `
        -Title $_.JobTitle `
        -SamAccountName $_.Username `
        -UserPrincipalName ("$($_.Username)@$companyDomain") `
        -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) `
        -Enabled $true `
        -ChangePasswordAtLogon $true
}

Running the Script

To run the script, we will need to perform several steps in series.

  1. Copy the PowerShell code and save it as Create-Users.ps1 on a system with the necessary privileges to add new Active Directory user accounts.
  2. Modify the companyDomain variable by replacing it with the domain name of your Active Directory domain.
  3. Create a CSV file named NewUsers.csv with the following headers:
    1. FullName
    2. FirstName
    3. LastName
    4. Department
    5. JobTitle
    6. Username
    7. Password
  4. Add the users' details to the corresponding columns in the CSV file.
  5. Run Create-Users.ps1.

Summary

In conclusion, automating the creation of Active Directory user accounts using PowerShell and CSV files significantly enhances efficiency and consistency in IT operations. By leveraging cmdlets like Import-Csv and New-ADUser, administrators can streamline the onboarding process, reduce manual errors, and save valuable time. If you need assistance with automating your IT tasks, please fill in the "Contact Us" form on our main site, and our team of professionals will get back to you soon!

Sign up for more like this.

Enter your email
Subscribe