Weekend Scripter: Use PowerShell to Create Users in Active Directory


Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to read a CSV file and create users in Active Directory.

Microsoft Scripting Guy, Ed Wilson, is here. Yesterday in Oh No! Oh Wait...PowerShell for the Win!, I created a CSV file from a Word document that I had been given. Today, I take the next logical step and create the users.

When I have a working CSV file, I can begin the process of writing a script that will create the users in Active Directory.

Note  The CSV file that I was given had more than 1,200 lines in it. Although I gave it a quick “once over glance,” I did not check every single line in the file. So, I fully expect that there will be some potential problems with the data.

The first thing I want to do is to import the Active Directory module. I do this because I know that I am going to be using a few cmdlets from that module, so I may as well install it. This is actually a bit faster.

Note  I am working on a domain-joined computer running Windows 8.1. I have access to the Active Directory module because I installed the Remote Server Admin Tools (RSAT). For more information about RSAT, including how to obtain the correct version and install the tools, see Install Free PowerShell Remote Server Admin Tools.

The next thing I do is check to see if the organizational unit (OU) I intend to install is present. If the OU (named DataImport) is not present, then I create the OU. When I create it, I do so without setting the ProtectedFromAccidentalDeletion flag. (That is because I want to be able to delete this OU without having to do anything special.) Here are the first couple of lines of code:

Import-Module ActiveDirectory

If(!(Get-ADObject -Filter "name -eq 'DataImport'"))

 {

  New-ADOrganizationalUnit -Name dataImport -Description "for data import" `

   -ProtectedFromAccidentalDeletion:$false}

The next thing I do is import my CSV file:

$names = Import-Csv -Encoding Unicode -Path C:DataInNames_Out.CSV 

Now, I walk through the CSV file and create all of the parameters I will use when I create my users. The DisplayName property is composed of the first name, the middle name (if it exists), and the last name. I pick up these values from my CSV file. The column headers are Fname (for first name), Mname (for middle name) and Lname (for last name). This is shown here:

foreach($name in $names)

{

 $Params = @{

  DisplayName = "$($name.Fname) $($name.Mname) $($name.Lname)"

I then specify the GivenName property. The GivenName property corresponds to the Fname field in my CSV file. Here is that assignment:

GivenName = $name.Fname 

I use the first letter from the middle name to assign to the Initials property. To do this, I index into the array of letters that make up the middle name and choose the first one (it begins counting at 0). This is shown here:

Initials = $name.Mname[0] 

The Surname property receives the Lname field from my CSV file. As shown here, this is a straightforward value assignment:

Surname = $name.Lname

When I ran the script the first time, I received 21 error messages. This is because some of the names were too long. So I decided to cheat a bit and select only the first couple of letters from the first name and combine it with the last name. Here is the code I use to do this:

Name = "$($name.Fname.Substring(0,2)) $($name.Lname)"

I used the same logic for the SamAccountName property. The code appears here:

SamAccountName = "$($name.Fname.Substring(0,2)).$($name.Lname)"

I then assign the path to the organizational unit I will use to hold my newly created user accounts:

Path = "ou=DataImport,DC=Nwtraders,Dc=Com"

 }

Because I expect the script to run into a few issues (for example, I do not check for duplicate account names), I use Try/Catch/Finally. The first thing I do is set the Error Action Preference to Stop. This will catch non-terminating errors. Then I create the new users, and if an error occurs, I display the display name. Finally, I set the value of the $ErrorActionPreference variable to SilentlyContinue.

The reason for setting the error action to SilentlyContinue, is that I do not check for the length of first names when I use SubString to select only the first two letters. In my data, I discovered that some user names did not include a complete first name, but rather, only had a first initial. This was causing a few of my initial errors. So because I knew about the issue, I decided to hide the error messages.

The code is shown here:

$ErrorActionPreference = "Stop"

 Try {New-ADUser @Params}

 Catch { "Error creating ... " ;$params.DisplayName }

 Finally {$ErrorActionPreference = "silentlycontinue"}

}

Here is the complete script:

Import-Module ActiveDirectory

If(!(Get-ADObject -Filter "name -eq 'DataImport'"))

 {

  New-ADOrganizationalUnit -Name dataImport -Description "for data import" `

   -ProtectedFromAccidentalDeletion:$false}

$names = Import-Csv -Encoding Unicode -Path C:DataInNames_Out.CSV

foreach($name in $names)

{

 $Params = @{

  DisplayName = "$($name.Fname) $($name.Mname) $($name.Lname)"

  GivenName = $name.Fname

  Initials = $name.Mname[0]

  Surname = $name.Lname

  Name = "$($name.Fname.Substring(0,2)) $($name.Lname)"

  SamAccountName = "$($name.Fname.Substring(0,2)).$($name.Lname)"

  Path = "ou=DataImport,DC=Nwtraders,Dc=Com"

 }

 $ErrorActionPreference = "Stop"

 Try {New-ADUser @Params}

 Catch { "Error creating ... " ;$params.DisplayName }

 Finally {$ErrorActionPreference = "silentlycontinue"}

}

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

Comments (0)

Skip to main content