If you need to create a large number of new user accounts in a domain at once, using the graphical console Active Directory Users and Computers is inefficient (ADUC). We’ll look at a basic PowerShell script that imports user data from a CSV/XLS file and creates accounts for them in the Active Directory domain in this article.
To begin, open Excel and create a NewUser.xlsx file with the following header structure:
FullName;sn;givenName;company;department;title;telephoneNumber;City;sAMAccountName;Password
Fill the Excel file with the data of all users that you want to create in Active Directory (usually this data is provided from the personnel accounting system).
Save the Excel file as a CSV file with commas as separators (File > Save as > CSV). File name: new as users.csv, file type: CSV). You must provide the -delimiter “;” parameter to the Import-CSV cmdlet if you wish to utilise “;” as a separator.
We’ll use the New-ADUser cmdlet from the Active Directory for Windows PowerShell module to create new users in the domain, so make sure this module is installed on the server/computer where you’ll be importing users before running the PowerShell script.
Create an import_ad_users.ps1 file with the following PowerShell code (change the name of your domain and the active directory organizational unit in which you want to create users):
Import-Module ActiveDirectory
$Domain="@solutionviews.cpm"
$UserOu="OU=Users,OU=UK,DC=solutionviews,DC=com"
$NewUsersList=Import-CSV "C:\PS\new_as_users.csv"
ForEach ($User in $NewUsersList) {
$FullName=$User.FullName
$Company=$User.company
$Department=$User.department
$Description=$User.description
$givenName=$User.givenName
$title=$User.title
$City=$User.City
$telephoneNumber=$User.telephoneNumber
$sAMAccountName=$User.sAMAccountName
$sn=$User.sn
$userPrincipalName=$User.sAMAccountName+$Domain
$userPassword=$User.Password
$expire=$null
New-ADUser -PassThru -Path $UserOu -Enabled $True -ChangePasswordAtLogon $True -AccountPassword (ConvertTo-SecureString $userPassword -AsPlainText -Force) -CannotChangePassword $False -City $City -Company $Company -Department $Department –title $title –OfficePhone $telephoneNumber -DisplayName $FullName -GivenName $givenName -Name $FullName -SamAccountName $sAMAccountName -Surname $sn -UserPrincipalName $userPrincipalName
}Optional information -ChangePasswordAtLogon $True forces the user to change their password the first time they log in, whereas -CannotChangePassword $False allows the user to change their password on their own. You can specify -ChangePasswordAtLogon $False, -CannotChangePassword $True while creating service accounts.
Open the ADUC console and verify that new users appeared in the chosen OU after running the script from the PowerShell command prompt.
As you can see, this PowerShell script enables for a quick mass import of people into Active Directory. Any user attributes from AD can be removed or added to the script and CSV/Excel file. The following cmdlet displays an entire list of accessible user attributes in your domain schema:
Get-ADUser –identity administrator –filter * -properties *|fl
