The other day I was lurking on the PowerShell forum and found a question about importing an Excel spreadsheet to use for AD user account creation. It looked like a quick fix so I decided to give it a go. I am new to PowerShell so real world ideas like this one provide a great way for me to learn while also helping out in the community. Needless to say, I found out that it wasn’t the quick fix that I thought it would be.
I decided to use a CSV file as the source rather than Excel since I was working on a server that did not have Excel installed and pretty quickly got the script to work using the ActiveDirectory module provided by Microsoft. When I went to verify the results, however, all of the programmatically created users were disabled. What good is a ‘working’ script if the output doesn’t provide the required functionality. All of the accounts were created, but, I was unable to even manually enable the account due to an error that the password did not meet my domains complexity requirements. I verified that the password used in the script, was actually a valid password. I could reset the user’s password to the one in the csv file and enable the AD account without any errors. This pointed to an issue with the way I was setting the password in the script. I googled the issue and low and behold there was a blog written about this exact issue.
After integrating the code snippet from the above blog post, I was able to successfully create enabled and functional AD users. Here is the script and a sample CSV file that can be used as a starting point. Since there are so many fields that can be set for an AD user, I created a very small sample but this can be expanded to include any attributes that are required by your organization.
1: # CreateADUsers.ps1
2: Set-ExecutionPolicy Unrestricted
3: Import-Module ActiveDirectory
4: $csvpath = "c:scriptsNewusers.csv"
5: $date = Get-Date
6: $logfile = "c:scriptscreate_AD_users.log"
7: $i=0
8:
9: # Specify parent container for all new users.
10: $OU = "OU=UsersOU,DC=domain,DC=com"
11:
12: Import-Csv $csvpath | ForEach-Object {
13: $sam = $_.Username
14: Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
15: Catch { }
16: If(!$exists)
17: {
18: $Password = $_.Password
19: New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials -Surname $_.SN -DisplayName $_.DisplayName -EmailAddress $_.EmailAddress -passthru |
20: ForEach-Object {
21: $_ | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $Password -Force)
22: $_ | Enable-ADAccount }
23:
24: # Set an ExtensionAttribute
25: $dn = (Get-ADUser $sam).DistinguishedName
26: $ext = [ADSI]"LDAP://$dn"
27: $ext.SetInfo()
28: Move-ADObject -Identity $dn -TargetPath $OU
29:
30: $newdn = (Get-ADUser $sam).DistinguishedName
31: Rename-ADObject -Identity $newdn -NewName $_.DisplayName
32:
33: $output = $i.ToString() + ") Name: " + $_.UserName + " sAMAccountName: "
34: $output += $sam + " Pass: " + $_.Password
35: $output | Out-File $logfile -append
36: }
37: Else
38: {
39: "SKIPPED - ALREADY EXISTS OR ERROR: " + $_.CN | Out-File $logfile -append
40: }
41: "----------------------------------------" + "`n" | Out-File $logfile -append
42: }
This is the sample CSV (newusers.csv) data that I used in testing the script.
GivenName,Initials,SN,DisplayName,EmailAddress,UserName,Password
“Susan”,”SU”,”User”,”Susan User”,”susan@tdvm.me”,”susan”,”~RP:hoV.ZmE4tS6Z”
“James”,”JU”,”User”,”James User”,”james@tdvm.me”,”james”,”~RP:hoV.ZmE4tS6Z”
“Ronnie”,”RU”,”User”,”Ronnie User”,”ronnie@tdvm.me”,”ronnie”,”~RP:hoV.ZmE4tS6Z”
I hope you find this script useful and it saves you time when needing to create bulk AD users in your production or test environments.
Terri is a Support Specialist at OrcsWeb, a hosted server company providing managed hosting solutions.
IIS and More 
2 thoughts on “Creating AD users in bulk with PowerShell”