Bulk populate an AD using a CSV file and New-ADUser, including Passwords

Problem : New-ADUser is not working as expected to populate a password coming from a CSV file (the account stays disabled) here is the example and the reason:

Prerequisites: Import the Active Directory module on your powershell session using Import-Module ActiveDirectory

 

 

Here is my BulkAddADUsers.csv file sample :

 

GivenNAme,Surname,Name,SamAccountNAme,Description,Department,EmployeeID,Path,Enabled,Password,PasswordNeverExpires
User,Test1,UserTest1,UserTest1,UserTest1,IT,189478,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test2,UserTest2,UserTest2,UserTest2,IT,187516,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test3,UserTest3,UserTest3,UserTest3,IT,134530,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test4,UserTest4,UserTest4,UserTest4,IT,162455,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test5,UserTest5,UserTest5,UserTest5,IT,121901,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test6,UserTest6,UserTest6,UserTest6,IT,170221,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test7,UserTest7,UserTest7,UserTest7,IT,128669,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test8,UserTest8,UserTest8,UserTest8,IT,108705,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test9,UserTest9,UserTest9,UserTest9,IT,106381,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test10,UserTest10,UserTest10,UserTest10,IT,193922,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test11,UserTest11,UserTest11,UserTest11,IT,174066,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test12,UserTest12,UserTest12,UserTest12,IT,105871,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test13,UserTest13,UserTest13,UserTest13,IT,126670,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test14,UserTest14,UserTest14,UserTest14,IT,124671,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test15,UserTest15,UserTest15,UserTest15,IT,118935,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test16,UserTest16,UserTest16,UserTest16,IT,183367,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test17,UserTest17,UserTest17,UserTest17,IT,185662,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test18,UserTest18,UserTest18,UserTest18,IT,118972,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test19,UserTest19,UserTest19,UserTest19,IT,187421,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test20,UserTest20,UserTest20,UserTest20,IT,167020,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True

 The following command will create the users with the attributes defined above, but since the Password is not encrypted, the account will be deactivated.

[PS] C:\users\Administrator.DOMAINA\Desktop>import-CSV .\BulkAddADUsers.csv|New-ADUser

 

image

 

Note the AD accounts are not enabled, because the password was not taken from the CSV file, as New-ADUser requires a Secure String for the Password. Here is what you get when you try to enable it :

image ==> image

 

 

Solution : Type a longer command line using all New-ADUser properties + the ConvertTo-SecureString commandlet

[PS] C:\users\Administrator.DOMAINA\Desktop>import-csv .\BulkAddADUsers.csv | % {New-ADUser -GivenName $_.GivenName -Surname $_.Surname -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}

 

image

 

Quod erat demonstrandum.

Sam