Disclaimer
This is my personal blog. The opinions and views I express are my own. The information I provide is on an as-is basis. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this blog and will not be liable for any errors, omissions, or delays in this information or any losses, injuries or damages arising from its use.

Create New Active Directory Users in Bulk with Password verification

More Active Directory PowerShell goodness… this time, creating Active Directory User objects in bulk using a CSV file. You will see 2 different code blocks below. The first, is as simple as you can get using minimal parameters and code. The second code block includes more parameters and addresses the issue of storing clear text passwords in the PowerShell code. Some probably think that issue is not really an issue, from my perspective, storing passwords in PowerShell scripts = Bad.

This script is functional but it could use some more development to address a couple of issues. It needs another If statement to break the scripts when the entered passwords do not meet domain complexity requirements. It’s not a huge issue but I would like to figure it out at some point. The second issue is getting passwords from the console in clear text, not -AsSecureString even though the code to create the user object converts the password to a secure string before processing the object. Again, not a huge issue, however, if we’re going through the trouble to keep the password out of the script, we might as well get that information -AsSecureString from the start.

 

$ou = "OU=_Test_Users,DC=signalwarrant,DC=local"
$file = 'c:\scripts\users.csv'
$password = "P@ssword123456"

Import-CSV $file | ForEach {
        $user = New-ADUser `
            -Name ($_.Name) `
            -SamAccountName ($_.samAccountName) `
            -Path $ou `
            -AccountPassword (ConvertTo-SecureString -AsPlainText $password -force )`
            -Enabled $true `
            -ChangePasswordAtLogon $true
        }

 

#  *** THIS SCRIPT IS PROVIDED WITHOUT WARRANTY, USE AT YOUR OWN RISK ***
<#

.DESCRIPTION
	Creates Active Directory Users in Bulk using a CSV file. Requires a typed password
    and a confirmation that matches to execute.

.NOTES
	File Name: New-ADUser.ps1
	Author: David Hall
	Contact Info: 
		Website: www.signalwarrant.com
		Twitter: @signalwarrant
		Facebook: facebook.com/signalwarrant/
		Google +: plus.google.com/113307879414407675617
		YouTube Subscribe link: https://www.youtube.com/c/SignalWarrant1?sub_confirmation=1
	Requires: Appropriate AD permissions
	Tested: PowerShell Version 5, Windows 10 and Windows Server 2012 R2

.PARAMETER 
    None
		 
.EXAMPLE
    Run it from the ISE or console

#>

###############################################################
#
# Confirm-Password function
#
###############################################################
Function confirm-Password{
    $match = $false
    while($match -eq $false) {
        $PWD1 = Read-Host "ENTER PASSWORD"
        $PWD2 = Read-Host "CONFIRM PASSWORD"

        if($PWD1 -ne $PWD2) {
            Write-Warning "Passwords Do Not Match - Please Try Again ..."
            break
         } 
         
         if($PWD1 -eq "" -or $PWD2 -eq "")  {
            Write-Warning "Password Cannot be BLANK - Please Try Again ..."
            break
        } 
            return $PWD1
        }
    }
###############################################################
#
# End Confirm-Password function
#
###############################################################

$import = 'c:\scripts\users.csv'
$password = confirm-password

if($password -ne "") {
    Import-CSV $import | ForEach {
        $user = New-ADUser `
            -SamAccountName ($_.FName+"."+$_.Lname) `
            -Name ($_.FName+" "+$_.LName) `
            -Displayname ($_.FName+" "+$_.LName) `
            -UserPrincipalName ($_.UserPrincipalName) `
            -Surname ($_.LName) `
            -GivenName ($_.Fname)  `
            -Path ($_.ou) `
            -AccountPassword (ConvertTo-SecureString -AsPlainText $password -force )`
            -Enabled $true `
            -PasswordNeverExpires $false `
            -ChangePasswordAtLogon $true `
            -PassThru
        }
    }

 

1 Comment

  1. Daryl Payne | | Reply

    Thank you so much for this video snd your time. It helped me a bunch

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.