For years I’ve had a AD user import VBS script as part of my toolkit, I thought it was about time to update it to PowerShell as well as add a few new features.
This utility is available to download from the Microsoft TechNet Gallery and GitHub.
If you’d like to get in touch with me please use the comments, Twitter (you can tweet me and my DMs are open) or my contact form.
Please consider donating to support my work:
Thank you!
-Mike
Features and Requirements
This utility will create Active Directory user accounts based on information provided in a CSV file. All other options are added via command line switches. Options include:
- Organisation Unit in which to create the users.
- The UPN that user accounts should have.
- Home Drive location.
- Home Drive Letter.
- Membership of an Active Directory Group.
- Account Expiry Date.
This utility has been tested running on Windows Server 2016 and Windows Server 2012 R2 Domain Controller’s and on a Windows 10 client. This utility requires the Active Directory PowerShell modules to be installed.
The -file Parameter
When running the script via Schedule Tasks or the command prompt be sure to use the -file parameter before specifying the script, so you can use “double quotes” for the command line switches that need them, if you do not use -file, then you should use ‘single quotes’.
CSV File Formatting
The first line of the CSV file should be the column names so the script (and you) know what each column is for.
The structure of the CSV file is as follows:
Firstname,Lastname,SAM,Password Joe,Bloggs,jbloggs,P@ssw0rd1 Jane,Bloggs,janeb,P@ssw0rd2
Generating A Password File
The password used for SMTP server authentication must be in an encrypted text file. To generate the password file, run the following command in PowerShell, on the computer that is going to run the script and logged in with the user that will be running the script. When you run the command you will be prompted for a username and password. Enter the username and password you want to use to authenticate to your SMTP server.
Please note: This is only required if you need to authenticate to the SMTP server when send the log via e-mail.
$creds = Get-Credential $creds.Password | ConvertFrom-SecureString | Set-Content c:\scripts\ps-script-pwd.txt
After running the commands, you will have a text file containing the encrypted password. When configuring the -Pwd switch enter the path and file name of this file.
Configuration
The table below shows all the command line options available with descriptions and example configurations.
| Command Line Switch | Mandatory | Description | Example |
| -Csv | Yes | Location and name of the CSV file containing the user accounts to be created. | C:\foo\new-users.csv |
| -Ou | Yes | Enter the DN (Distinguished Name) of the OU that you wish to put the new users in. The DN must be surrounded by “double quotes.” | “ou=Imported_Accounts,dc=contoso,dc=com” |
| -Upn | Yes | Enter the string you wish to use for the users UPN. | contoso.com |
| -HomeLetter | No* | Enter the drive letter to use for the Home Drive. *This setting must be set along with the -HomePath. | H: |
| -HomePath | No* | Enter the UNC path to use for the location of the home drive. The users folder will be created automatically. *This setting must be set along with the -HomeLetter. | \\server\share |
| -Group | No | Enter the DN (Distinguished Name) of a group that the users should be added to, if required. | “cn=Marketing,ou=UserGroups,dc=contoso,dc=com” |
| -Expire | No | Enter the date the accounts should expire if required. The date format should be the same as the local systems format. | 31/12/2018 |
| -L | No | Location to store the optional log file. The name of the log file is automatically generated. | C:\foo |
| -Subject | No | The subject line that the email should have. Encapsulate with single or double quotes. | ‘Server: Notification’ |
| -SendTo | No | The email address to send the log file to. | me@contoso.com |
| -From | No* | The email address that the log file should be sent from.
*This switch isn’t mandatory but is required if you wish to email the log file. |
example@contoso.com |
| -Smtp | No* | SMTP server address to use for the email functionality.
*This switch isn’t mandatory but is required if you wish to email the log file. |
mail01.contoso.com
OR smtp.live.com OR smtp.office365.com |
| -User | No* | The username of the account to use for SMTP authentication.
*This switch isn’t mandatory but may be required depending on the configuration of the SMTP server. |
example@contoso.com |
| -Pwd | No* | The location of the file containing the encrypted password of the account to use for SMTP authentication.
*This switch isn’t mandatory but may be required depending on your SMTP server. |
c:\foo\ps-script-pwd.txt |
| -UseSsl | No* | Add this option if you wish to use SSL with the configured SMTP server.
Tip: If you wish to send email to outlook.com or office365.com you will need this. *This switch isn’t mandatory but may be required depending on the configuration of the SMTP server. |
N/A |
Change Log
2019-09-04 v1.6
- Added custom subject line for e-mail.
2017-10-16 v1.5
- Changed SMTP authentication to require an encrypted password file.
- Added instructions on how to generate an encrypted password file.
2017-10-07 v1.4
- Added necessary information to add the script to the PowerShell Gallery.
2017-09-13 v1.3
- Added check for existence of user before attempting to create user.
- Improved logging to handle the above change.
2017-07-22 v1.2
- Improved code commenting for documentation purposes.
- Added authentication and SSL options for e-mail notification.
Good Job with the Script!
But it dont want to work for me, maybe because of the Windowsupdate last Weekend.
Trying to get it to work with Windows Server 2012r2 but geting this error every time:
AUSFÜHRLICH: Ausführen des Vorgangs “New” für das Ziel “CN=srogers0203,Teilnehmer”.
New-ADUser : Die Syntax des Objektnamens ist ungültig
In C:\Users\Administrator\Desktop\Unbenannt2.ps1:64 Zeichen:9
+ New-ADUser -Name $sam -DisplayName “$displayname” -SamAccountName $sam – …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (CN=srogers0203,Teilnehmer:String) [New-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8335,Microsoft.ActiveDirectory.Management.Commands.NewADUser
LikeLike
Hi Georg, I’ll try to help. I don’t think it’s due to a Windows Update, as I last tested it on the weekend. I could do with a bit more information but based on what you’ve posted it looks like that the script is stopping at the point where it creates the user. Does the CSV file have any extra characters that might be stopping it from completing, or perhaps the CSV file doesn’t have the correct formatting. The CSV file should be laid out like this: Firstname,Lastname,SAM,Password.
Hope that helps, but let me know more information if you can.
LikeLike