How do I create a PowerShell home directory?

The easiest way to create a new user in an Active Directory domain is using the Active Directory Users and Computers MMC snap-in. However, what if you need to create multiple user accounts in bulk, or ADUC is not available for some reason? In this article, we explain several ways to create Active Directory user accounts with PowerShell using the New-ADUser cmdlet.

Create New User Accounts using the New-ADUser Cmdlet

So what is the PowerShell cmdlet used to create user objects? Its the New-ADUser cmdlet, which is included in the Active Directory PowerShell module built into Microsoft Windows Server 2008R2/2012 and above. Therefore, the first thing we need to do is enable the AD module:

Import-Module ActiveDirectory

Now lets take a closer look at cmdlet New-ADUser. We can get its full syntax by running the following command:

Get-Command New-ADUser Syntax

When you know the syntax, its easy to add users to Active Directory:

New-ADUser B.Johnson

Now lets check whether the user was added successfully by listing all Active Directory users using the following script:

Get-ADUser -Filter * -Properties samAccountName | select samAccountName

There it is, the last one in the list!

Create a New Active Directory User Account with Password

Accounts are created with the following default properties:

• Account is created in the Users container.
• Account is disabled.
• Account is a member of Domain Users group.
• No password is set.
• User must reset the password at the first logon.

Therefore, to make a new account thats actually usable, we need to enable it using the Enable-ADAccount cmdlet and give it a password using the Set-ADAccountPassword cmdlet.

So lets create a new account with the following attributes:

• Name Jack Robinson
• Given Name Jack
• Surname Robinson
• Account Name J.Robinson
• User Principal Name
• Path address OU=Managers,DC=enterprise,DC=com
• Password Input
• Status Enabled

Heres the script well use:

New-ADUser -Name "Jack Robinson" -GivenName "Jack" -Surname "Robinson" -SamAccountName "J.Robinson" -UserPrincipalName "" -Path "OU=Managers,DC=enterprise,DC=com" -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true

The Read-Host parameter will ask you to input new password. Note that the password should meet the length, complexity and history requirements of your domain security policy.

Now lets take a look at the results by running the following cmdlet:

Get-ADUser J.Robinson -Properties CanonicalName, Enabled, GivenName, Surname, Name, UserPrincipalName, samAccountName, whenCreated, PasswordLastSet | Select CanonicalName, Enabled, GivenName, Surname, Name, UserPrincipalName, samAccountName, whenCreated, PasswordLastSet

Create AD Users in Bulk with a PowerShell Script

Now, lets make our task a little bit harder and create ten similar Active Directory accounts in bulk, for example, for our companys IT class, and set a default password (P@ssw0rd) for each of them. To send the default password in a protected state, we must use the ConvertTo-SecureString parameter. Heres the script to use:

$path="OU=IT,DC=enterprise,DC=com" $username="ITclassuser" $count=1..10 foreach ($i in $count) { New-AdUser -Name $username$i -Path $path -Enabled $True -ChangePasswordAtLogon $true ` -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -force) -passThru }

Now lets make our script more flexible by adding the Read-Host parameter, which will ask for the name and number of users:

Import AD Users from a CSV File

Another option for creating users in AD is to import them from a CSV file. This option is great when you have a list of users with predefined personal details such as:

• FirstName
• LastName
• Username
• Department
• Password
• OU

The CSV file must be in UTF8 encoding and contain contact data that looks like this:

The following script will create enabled user objects for any users in the CSV that dont already have accounts in AD. The Reset password at the next logon option will be enabled for the new accounts, so you can use your default password:

#Enter a path to your import CSV file $ADUsers = Import-csv C:\scripts\newusers.csv foreach ($User in $ADUsers) { $Username = $User.username $Password = $User.password $Firstname = $User.firstname $Lastname = $User.lastname $Department = $User.department $OU = $User.ou #Check if the user account already exists in AD if (Get-ADUser -F {SamAccountName -eq $Username}) { #If user does exist, output a warning message Write-Warning "A user account $Username has already exist in Active Directory." } else { #If a user does not exist then create a new user account #Account will be created in the OU listed in the $OU variable in the CSV file; dont forget to change the domain name in the"-UserPrincipalName" variable New-ADUser ` -SamAccountName $Username ` -UserPrincipalName "$" ` -Name "$Firstname $Lastname" ` -GivenName $Firstname ` -Surname $Lastname ` -Enabled $True ` -ChangePasswordAtLogon $True ` -DisplayName "$Lastname, $Firstname" ` -Department $Department ` -Path $OU ` -AccountPassword (convertto-securestring $Password -AsPlainText -Force) } }

After script execution, we have two new users, Edward Franklin and Bill Jackson, in our Active Directory domain:

Lets take a look at their details by running Get-ADUser cmdlet again:

Get-ADUser E.Franklin -Properties CanonicalName, Enabled, GivenName, Surname, Name, UserPrincipalName, samAccountName, whenCreated, PasswordLastSet | Select CanonicalName, Enabled, GivenName, Surname, Name, UserPrincipalName, samAccountName, whenCreated, PasswordLastSet

Conclusion

Now you know how to create users in Active Directory using PowerShell scripts. Try performing some account creations, bulk account creations and CSV imports yourself on local or remote systems. Remember, the ADUC MMC snap-in is great for creating a few users with extended attributes, but PowerShell is much better for importing a large number of user accounts in bulk.

Video