locked
PowerShell - Bulk-New-ADUser Creation via a csv file RRS feed

  • Question

  • This script creates bulk AD users via a csv file. The script creates & configures the user accounts correctly even though the following error message appears. How can I correct this?

    Set-Locaiton : Cannot find path 'AD:Mydomain,OU=MyDomain,DC=My,DC=Domain,DC=org' because it does not exist.

    Import-Module ActiveDirectory
    $csv = Import-CSV -Path "C:\Temp\CreateUsers.csv"
    cd AD:
    set-location -path "OU=MyDomain,DC=My,DC=Domain,DC=org" -PassThru
    
    foreach($Item in $csv){
        
                $newUserID=@{
                Name=$item.userID
                Description=$item.description
                GivenName=$item.UserID
                surName=$item.UserID
                DisplayName=$item.UserID
                UserPrincipalName=$item.UserID + "@MyDomain.org"
                EmployeeID=$item.Owner
                ScriptPath="login.cmd"
                   }
            Try{
                New-ADUser @newUserID -ErrorAction Stop  -AccountPassword (ConvertTo-SecureString $Item.Password -AsPlainText -Force) -PassThru
                Enable-ADAccount -Identity $item.userID
                Set-ADUser -Identity $item.userID -ChangePasswordAtLogon $true 
                Write-Host "UserID $($item.UserID) created!" -ForegroundColor green
               }
            Catch{
                Write-Host "There was a problem creating UserID $($item.UserID). The account was not created!" -ForegroundColor Red
                set-location -path "c:\temp"
            }
        }

    

    mamadukes

    Thursday, July 31, 2014 4:18 AM

Answers

  • There is not really and issue other than the approach.

    Here is a cleaner method that uses only one technique instead of mixing slightly dissimilar techniques.

    Import-Module ActiveDirectory
    $csv = Import-CSV -Path C:\Temp\CreateUsers.csv
    $targetOU='OU=usersOU,DC=My,DC=Domain,DC=org'
    
    foreach($Item in $csv){
        
        $newUserID=@{
            Name=$item.userID
            Description=$item.description
            GivenName=$item.UserID
            surName=$item.UserID
            DisplayName=$item.UserID
            UserPrincipalName="$($item.UserID)@MyDomain.org"
            EmployeeID=$item.Owner
            ScriptPath='login.cmd'
            Path=$TargetOU
            Enabled=$true
            ChangePasswordAtLogon=$true
            AccountPassword=(ConvertTo-SecureString $Item.Password -AsPlainText -Force)
        }
        Try{
            New-ADUser @newUserID -ErrorAction Stop 
            Write-Host "UserID $($item.UserID) created!" -ForegroundColor green
           }
        Catch{
            Write-Host "There was a problem creating UserID $($item.UserID). The account was not created!" -ForegroundColor Red
        }
    }

    Rather than trying to bounce between c:\temp and the AD provider just add the "Path" to the hash and the users will be created at that location.

    All of the settings can be done in one call.  No need to keep going back.


    ¯\_(ツ)_/¯


    • Edited by jrv Thursday, July 31, 2014 5:13 AM
    • Marked as answer by mamadukes2013 Friday, August 1, 2014 4:35 AM
    Thursday, July 31, 2014 5:11 AM

All replies

  • Here's the csv file:

    UserID,Owner,Description,Password
    TST_Posh100,1234,"Testing Bulk User ID Creation","Today2014"
    TST_Posh101,4531,"Testing Bulk User ID Creation","Today2014"


    mamadukes

    Thursday, July 31, 2014 4:23 AM
  • This statement

    UserPrincipalName=$item.UserID + "@MyDomain.org" indicates the domain is MyDomain.org

    statement should be

    set-location -path "OU=MyDomain,DC=MyDomain,DC=org" -PassThru

    Also does organizational unit "MyDomain" exists? if not

    set-location -path "DC=MyDomain,DC=org" -PassThru

     
    Thursday, July 31, 2014 4:39 AM
  • There is not really and issue other than the approach.

    Here is a cleaner method that uses only one technique instead of mixing slightly dissimilar techniques.

    Import-Module ActiveDirectory
    $csv = Import-CSV -Path C:\Temp\CreateUsers.csv
    $targetOU='OU=usersOU,DC=My,DC=Domain,DC=org'
    
    foreach($Item in $csv){
        
        $newUserID=@{
            Name=$item.userID
            Description=$item.description
            GivenName=$item.UserID
            surName=$item.UserID
            DisplayName=$item.UserID
            UserPrincipalName="$($item.UserID)@MyDomain.org"
            EmployeeID=$item.Owner
            ScriptPath='login.cmd'
            Path=$TargetOU
            Enabled=$true
            ChangePasswordAtLogon=$true
            AccountPassword=(ConvertTo-SecureString $Item.Password -AsPlainText -Force)
        }
        Try{
            New-ADUser @newUserID -ErrorAction Stop 
            Write-Host "UserID $($item.UserID) created!" -ForegroundColor green
           }
        Catch{
            Write-Host "There was a problem creating UserID $($item.UserID). The account was not created!" -ForegroundColor Red
        }
    }

    Rather than trying to bounce between c:\temp and the AD provider just add the "Path" to the hash and the users will be created at that location.

    All of the settings can be done in one call.  No need to keep going back.


    ¯\_(ツ)_/¯


    • Edited by jrv Thursday, July 31, 2014 5:13 AM
    • Marked as answer by mamadukes2013 Friday, August 1, 2014 4:35 AM
    Thursday, July 31, 2014 5:11 AM
  • Slight variation, populated from the AdventureWorks SQL database rather than a CSV

    Import-Module "SQLPS" -DisableNameChecking
    New-PSDrive -Name AWDB -PSProvider SQLServer -ROOT SQLSERVER:\sql\localhost\default\databases\adventureworks2012
    Set-Location  AWDB:\Tables
    $SQLText = "SELECT  e.BusinessEntityID, p.Title, p.FirstName, p.MiddleName, p.LastName, p.Suffix, "+
                       "e.JobTitle, d.Name AS Department, d.GroupName, edh.StartDate, e.LoginID"+
                " FROM  HumanResources.Employee AS e"+
          " INNER JOIN  Person.Person AS p ON p.BusinessEntityID = e.BusinessEntityID"+
          " INNER JOIN  HumanResources.EmployeeDepartmentHistory AS edh ON e.BusinessEntityID = edh.BusinessEntityID"+
          " INNER JOIN  HumanResources.Department AS d ON edh.DepartmentID = d.DepartmentID"+
               " WHERE (edh.EndDate IS NULL)"+
               "   AND (p.FirstName ='Brian')"
    $Query = Invoke-SQLCmd -Query $SQLText
    
    $Password = "P@assword1"
    
    foreach($Item in $Query)
    {
        $LoginID=$Item.LoginID
        $LoginID="CORP\"+($LoginID).Substring(16)
        $newUserID=@{
            Name=$item.FirstName+$Item.LastName
            Description="This is a test of a bulk user add"
            GivenName=$item.FirstName
            Surname=$item.LastName
            DisplayName=$item.FirstName+" "+$Item.LastName
            UserPrincipalName="$($item.FirstName+"."+$Item.LastName)@corp.contoso.com"
            EmployeeID=$item.BusinessEntityID
            ScriptPath='login.cmd'
            Company="Contoso"
            Department=$Item.Department
            EmailAddress="$($item.FirstName+"."+$Item.LastName)@corp.contoso.com"
            Title=$Item.JobTitle
         
        }
    $TargetOU="OU="+$item.Department+",DC=corp,DC=contoso,DC=com"
    
        Try{
            $newUserID
            New-ADUser @newUserID -Path $TargetOU -ErrorAction Stop -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Passthru
            Enable-ADAccount -Identity $newUserID.Name
            Set-ADUser -Identity $newUserID.Name -ChangePasswordAtLogon $true
            Write-Host "UserID $($newUserID.Name) created!" -ForegroundColor green
           }
        Catch{
            Write-Host "There was a problem creating UserID $($item.UserID). The account was not created!" -ForegroundColor Red
        }
    }

    No need to be on the PSDrive AD:, the OU can be specified in the Path parameter in the New-ADUser.

    This was done on a member server with SQL Server (not a domain controller).

    Thanks for your help
    Thursday, July 31, 2014 7:55 AM
  • Thank you for al the tips. This worked great!

    mamadukes

    Friday, August 1, 2014 4:36 AM
  • I could not get the script to work until I changed the OU= to CN=

    $targetOU='OU=usersOU,DC=My,DC=Domain,DC=org'  to

    $targetOU='CN=users,DC=My,DC=Domain,DC=org'

    I also changed the "usersOU" to just "users".

    And of course changed the specfics.


    • Edited by namwol55 Thursday, March 12, 2015 6:34 PM
    Thursday, March 12, 2015 6:32 PM
  • You should not be creating your users in "User".  They need to be created in an OU in order to correctly use Group Policy.

    ¯\_(ツ)_/¯

    Thursday, March 12, 2015 6:39 PM