none
Creating new users from a CSV that copy a template account

    Question

  • Hi all,

    I have a powershell script that imports users in bulk from a csv file that contains "cn sAMAccountName FirstName Lastname" (shown below) which works fine and I have used several times.

    However as our company is quite large with several departments, I would like the ability to create bulk users from a csv that clone the account properties of a template user that we have (group memberships etc).

    We have several template users already setup, for example finance_template, hr_template, appsupport_template. The script I am using currently is as below

    $OU=[ADSI] "LDAP://OU=Users,OU=Data Management,dc=test,dc=it"
    $dataSource=import-csv "PSUsers.csv"
    
    foreach($dataRecord in $datasource) {
    	$cn=$dataRecord.cn
    	$sAMAccountName=$dataRecord.sAMAccountName
    	$givenName=$dataRecord.FirstName
    	$sn=$dataRecord.LastName
    	$displayName=$sn + ", "+ $givenName
    	$userPrincipalName=$givenName + "." + $sn + "@test.it"
    
    	$NewUser=$OU.Create("user","CN="+$cn)
    	$NewUser.put("sAMAccountName",$sAMAccountName)
        $NewUser.put("userPrincipalName",$userPrincipalName)
        $NewUser.put("displayName",$displayName)
    	$NewUser.put("givenName",$givenName)
    	$NewUser.put("sn",$sn)
    	$NewUser.SetInfo()
    	$NewUser.SetPassword("Password2013")
    	$NewUser.psbase.InvokeSet("AccountDisabled",$false)
        $NewUser.put("company","test")
    	$NewUser.SetInfo()
    }

    I am not sure how to perform this operation however using powershell. I have found scripts online that copy group memberships from one user to another but I do not seem to be able to add this part of the script into the foreach() section of the code.

    Any help would be greatly appreciated!

    Wednesday, July 31, 2013 12:07 PM

Answers

  • You'll have to specify the -Identity in add-adgroupmember.  I didn't do that in my mock-up.

        Get-ADUser hr_template -Properties memberof | select -ExpandProperty memberof | % { 
            Add-ADGroupMember -Identity $_ -Members $_.samaccountname
        }

    I'm not sure about the first error you received. 


    G. Samuel Hays, MCT, MCSA 2012, MCITP: Enterprise Admin, MCSE

    Wednesday, July 31, 2013 3:40 PM

All replies

  • I see that you're not using the RSAT Tools (with cmdlets like new-aduser). Is there any reason that these cannot be leveraged? It'd make your life quite a lot easier.

    If not, you can probably still accomplish the stated goals - but it'll just be a bit uglier.


    G. Samuel Hays, MCT, MCSA 2012, MCITP: Enterprise Admin, MCSE

    Wednesday, July 31, 2013 1:03 PM
  • Thank you for the quick reply, I am able to use the RSAT Tools, the script that copies group memberships from one individual account to another uses these cmdlets - but I was not able to get it to work in conjunction to the above.

    Any help you can provide would be greatly appreciated!

    Wednesday, July 31, 2013 2:21 PM
  • Outside of group memberships, anything else that should be copied from the template account?

    G. Samuel Hays, MCT, MCSA 2012, MCITP: Enterprise Admin, MCSE

    Wednesday, July 31, 2013 2:29 PM
  • It is just the group memberships that are needed at this point, the remaining information is added at a later point by HR. 
    Wednesday, July 31, 2013 2:43 PM
  • Okay - I did a little mock-up. See if this'd help:

    import-csv .\templatetest.csv |  % {
        New-ADUser `
            -Name $_.cn `
            -AccountPassword (ConvertTo-SecureString -AsPlainText "P@ssw0rd" -Force) `
            -UserPrincipalName "$($_.cn)@test.it"
            # etc
        Get-ADUser templateAccount -Properties memberof | select -ExpandProperty memberof | % { 
            Add-ADGroupMember -Members $_.samaccountname
        }
    }
    



    G. Samuel Hays, MCT, MCSA 2012, MCITP: Enterprise Admin, MCSE

    Wednesday, July 31, 2013 2:46 PM
  • This looks great, I will get testing and let you know how it goes! Thank you in advance.
    Wednesday, July 31, 2013 2:55 PM
  • No problem - I didn't test it, but I believe that'd probably do the trick.

    You may want to consider specifying which server to use because of possible replication latency. 


    G. Samuel Hays, MCT, MCSA 2012, MCITP: Enterprise Admin, MCSE

    Wednesday, July 31, 2013 2:57 PM
  • Had a few errors when running the script; I have listed then below as well as the current version of it I am using;

    import-csv c:\powershell\copyuserscsv.csv |  % {
        New-ADUser `
            -Name $_.cn `
    		-givenName $_.firstname `
    		-surname $_.lastname `
            -AccountPassword (ConvertTo-SecureString -AsPlainText "P@ssw0rd" -Force) `
            -UserPrincipalName "$($_.firstname + "." + $_.surname)@test.it" `
    		-path 'CN=Test,OU=Data Management,DC=test,dc=it' `
            # etc
        Get-ADUser hr_template -Properties memberof | select -ExpandProperty memberof | % { 
            Add-ADGroupMember -Members $_.samaccountname
        }
    }

    copyuserscsv.csv contains  cn, firstname, lastname fields of tester.testerson / tester / testerson (original I know) 

    Errors I received are as follows;

    PS C:\> C:\Powershell\CopyUsersCSV.ps1
    New-ADUser : Directory object not found
    At C:\Powershell\CopyUsersCSV.ps1:2 char:15
    +     New-ADUser <<<<  `
        + CategoryInfo          : ObjectNotFound: (CN=tester.teste...DC=test,dc=it:String) [New-ADUser], ADIdentityNotFoundException
        + FullyQualifiedErrorId : Directory object not found,Microsoft.ActiveDirectory.Management.Commands.NewADUser
     
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Powershell\CopyUsersCSV.ps1:11 char:35
    +         Add-ADGroupMember -Members <<<<  $_.samaccountname
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
     
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Powershell\CopyUsersCSV.ps1:11 char:35
    +         Add-ADGroupMember -Members <<<<  $_.samaccountname
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
     
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Powershell\CopyUsersCSV.ps1:11 char:35
    +         Add-ADGroupMember -Members <<<<  $_.samaccountname
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
     
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Powershell\CopyUsersCSV.ps1:11 char:35
    +         Add-ADGroupMember -Members <<<<  $_.samaccountname
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
     
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Powershell\CopyUsersCSV.ps1:11 char:35
    +         Add-ADGroupMember -Members <<<<  $_.samaccountname
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
     
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Powershell\CopyUsersCSV.ps1:11 char:35
    +         Add-ADGroupMember -Members <<<<  $_.samaccountname
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
     
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At C:\Powershell\CopyUsersCSV.ps1:11 char:35
    +         Add-ADGroupMember -Members <<<<  $_.samaccountname
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
     



    • Edited by DalamarUK83 Wednesday, July 31, 2013 3:57 PM Typo
    Wednesday, July 31, 2013 3:36 PM
  • You'll have to specify the -Identity in add-adgroupmember.  I didn't do that in my mock-up.

        Get-ADUser hr_template -Properties memberof | select -ExpandProperty memberof | % { 
            Add-ADGroupMember -Identity $_ -Members $_.samaccountname
        }

    I'm not sure about the first error you received. 


    G. Samuel Hays, MCT, MCSA 2012, MCITP: Enterprise Admin, MCSE

    Wednesday, July 31, 2013 3:40 PM