Create Test Users in a Test Active Directory Environment by Using PowerShell

Doctor Scripto

Summary: Microsoft Scripting Guy, Ed Wilson, creates a bunch of test users in a test AD DS environment by using Windows PowerShell.

Hey, Scripting Guy! Question Hey, Scripting Guy! I have a problem at work. It seems that the people who fill out titles and descriptions for the users in Active Directory do not follow a standard naming convention—heck, they do not even follow any sort of standard at all. For a decade, this was not really much of a problem as most people did not even know what Active Directory was, nor did they notice when you changed the name either. Anyway, our users are now using Outlook to try to search Active Directory to find people based upon job titles. The problem is these searches are not working very well. Here is why: Consider the title of Senior Network Engineer. In Active Directory, it appears in more than a dozen varieties. A few examples are Sr. Network Engineer, Sr. NetEng, Sr Net Eng, SR NETENG, SR. NETENG, SR. NETWORK ENG, SENIOR NETWORK ENGINEER, and so forth. This is just one job title, and our company has thousands of employees spread all over the globe with hundreds of job titles. Help!

—SH

Hey, Scripting Guy! AnswerHello SH,

Microsoft Scripting Guy, Ed Wilson, is here. I am sorry you are having problems with the user descriptions and titles in your AD DS environment. The long-term solution is to use something that limits the user’s ability to specify random titles. This is the great thing about a drop-down list because you are only permitted to select from specific values. A Windows PowerShell script that used parameter validation would also work to constrain the garbage from entering the system.

To come up with a script that will do what you need requires me to populate my test environment with similar types of data. This is one of those things where three scripts are required: a setup script, a solution script, and a cleanup script. The cleanup script will be required prior to the solution script because unless I get things perfect the first time, I can run my cleanup script. Today, I will write the setup script; tomorrow, the cleanup script; and the next day, I will write the solution script.

Creating an array of titles

I decided that the first thing I would do is create an array of titles. This is useful from a number of perspectives. Obviously, I will use it for creating the descriptions and the titles of the users; however, I will also use it when it comes time to check for bad titles, because arrays in Windows PowerShell have a contains method. I do not want to simply go through AD DS and change everyone’s title to Senior Network Engineer—although it might be a nice way to give everyone a promotion. Therefore, I need to know what bad titles are, and if I see one of the bad titles, then I will change it to a good title. If the title is not found, I will not make the change. Here is the array of bad titles.

$title = @(

 ‘Sr. NetEng’,

 ‘SR. NetEng’,

 ‘Senior NetEng’,

 ‘Sr. Network Engineer’,

 ‘sr. network engineer’,

 ‘sr. neteng’,

 ‘Senior Network Engineer’,

 ‘Sr. Net Eng’,

 ‘SR NET ENG’,

 ‘SR. NETENG’)

To illustrate using the contains method, I highlight and run only the above code block, and in the executable pane (immediate window) at the bottom of the Windows PowerShell ISE, I call the contains method. As appears here, it returns a Boolean value (true / false).

PS C:\> $title = @(

 ‘Sr. NetEng’,

 ‘SR. NetEng’,

 ‘Senior NetEng’,

 ‘Sr. Network Engineer’,

 ‘sr. network engineer’,

 ‘sr. neteng’,

 ‘Senior Network Engineer’,

 ‘Sr. Net Eng’,

 ‘SR NET ENG’,

 ‘SR. NETENG’)

 

PS C:\> $title.Contains(“sr neteng”)

False

 

PS C:\> $title.Contains(“sr net eng”)

False

 

PS C:\> $title.Contains(“sr. neteng”)

True

Creating an Organizational Unit

Now, I need to create the organizational unit (OU). In the ActiveDirectory module (available through the RSAT tools or by remoting into a domain controller), I use the New-ADOrganizationalUnit cmdlet. I need to specify the name of the OU, and the path where the OU will reside. In addition, because this is a test OU, I do not want it protected from accidental deletion, so I assign false to the -ProtectedFromAccidentalDeletion:$false parameter. This command is shown here.

IPMO *active*

 New-ADOrganizationalUnit -Name Testou -Path ‘dc=iammred,dc=net’ `

    -ProtectedFromAccidentalDeletion:$false

If I do not unprotect the OU from accidental deletion, then it is more trouble to delete it when the time comes (and it is very difficult to delete it from the GUI tools).

Create 100 users with random titles in a specific OU

Next, I need to create 100 users with random titles. The first thing I do is use the range operator to create 100 numbers in an array, then I pipe the numbers to the Foreach-Object cmdlet. Inside the Scriptblock for the Foreach-Object cmdlet (the curly brackets), I first call the Get-Random cmdlet to get a random number between 1 and 9. I will use that random number to index into the array of bad titles when I create the new user. Next, I call the New-ADUser cmdlet and specify a name by using NewTestUser as the root of the name and the next range operator number to distinguish the name. I need to use the OtherAttributes parameter to supply attributes of the user object other than the main ones. The OtherAttributes parameter accepts a hash block of information—the attribute name and the value for that attribute. I decided to use the bad title for both the description and the title attributes. This is because the description shows up more easily on the user object when viewed in Active Directory Users and Computers. Here is the code to accomplish the task of creating 100 users with random titles. I use the path parameter to ensure the users appear in the appropriate test OU, and not in the root of Active Directory.

1..100 | Foreach-Object {

 $r = Get-Random -Minimum 0 -Maximum 10

 New-ADUser -Name “newtestuser$_” `

  -OtherAttributes @{title=$title[$r];Description=$title[$r]} `

  -Path “ou=testou,dc=iammred,dc=net” }

The complete script

The complete script is shown here.

$title = @(

 ‘Sr. NetEng’,

 ‘SR. NetEng’,

 ‘Senior NetEng’,

 ‘Sr. Network Engineer’,

 ‘sr. network engineer’,

 ‘sr. neteng’,

 ‘Senior Network Engineer’,

 ‘Sr. Net Eng’,

 ‘SR NET ENG’,

 ‘SR. NETENG’)

 

 IPMO *active*

 New-ADOrganizationalUnit -Name Testou -Path ‘dc=iammred,dc=net’ `

    -ProtectedFromAccidentalDeletion:$false

 

 1..100 | Foreach-Object {

 $r = Get-Random -Minimum 0 -Maximum 10

 New-ADUser -Name “newtestuser$_” `

  -OtherAttributes @{title=$title[$r];Description=$title[$r]} `

  -Path “ou=testou,dc=iammred,dc=net” }

When I run the script, it creates a new OU named TestOU, and inside the OU it creates 100 test users with random titles and descriptions. The users, OU, and descriptions in Active Directory Users and Computers are shown in the following figure.

Screenshot of Active Directory Users and Computers

SH, that is all there is to using Windows PowerShell to create a bunch of test users in AD DS and to assign random titles and descriptions to the users. Active Directory week will continue tomorrow when I will talk about changing the descriptions and the titles to match a standard naming convention.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

0 comments

Discussion is closed.

Feedback usabilla icon