- Use PowerShell splatting and PSBoundParameters to pass parameters - Wed, Nov 9 2022
- Using PowerShell with $PSStyle - Mon, Jan 24 2022
- Clean up user profiles with PowerShell - Mon, Jun 9 2014
I am going to use the New-ADUser cmdlet from the Microsoft Active Directory provider. As you’ll see this can be a simple and seamless process and it doesn’t really matter if you are importing from a CSV file or XML. What matters is the object.
When you look at help for New-ADUser you’ll see that almost all of the parameters accept pipeline input by property name. That means if the incoming object has a property, like Title, that matches the parameter name, the cmdlet will use that property value for the parameter value.
The only other step you will most likely have to take is to define an initial password for the user account. You can create a user without specifying a password but that seems like extra work to me. The minor obstacle is that New-ADUser needs a secure string for the password property. So I’ll define one.
$pass = ConvertTo-SecureString -String "P@ssw0rd" -AsPlainText –Force
Use –Force to suppress the confirmation prompt. As an alternative, you can use Read-Host and prompt for the password.
$pass = Read-Host "Enter an initial password" –AsSecureString
I’ll show you where to use this and how to force the user to change password. Now we can begin.
Importing objects
PowerShell can import any CSV file. It will use the header for property names.
PS C:\> import-csv s:\newglobousers.csv
Import CSV with PowerShell
The property names (i.e. the CSV header) for the most part match the parameter names for New-ADUser. This means I could get by with something as simple as this:
Import-CSV s:\newGloboUsers.csv | New-ADUser -Path "OU=Testing,DC=Globomantics,DC=Local" -AccountPassword $pass -Enabled $True -ChangePasswordAtLogon $True
The only parameters I had to specify was the path for the new accounts, password parameters and something to enable the account. Even though I am using a CSV file here, I could just as easily have used an XML file or document. All that matters is that the objects you get when importing match up.
But let me take this a step further. Suppose I need each user to be placed in the OU that corresponds to their department. I also want to define a few other properties that aren’t part of the original, imported user object.
Import-CSV -Path $csv | Select *, @{Name="Path";Expression={Get-ADOrganizationalUnit -Filter "name -eq '$($_.department)'"}}, @{Name="Description";Expression={"4Sysops"}}, @{Name="Enabled";Expression={ $True }}, @{Name="AccountPassword";Expression={ $pass}}, @{Name="ChangePasswordAtLogon";Expression={ $True }} | New-ADUser -Otherattributes @{"info"="Created $(Get-Date) by $env:userdomain\$env:username"} –passThru
As each user is imported, I use custom hash tables to define some additional properties that will bind to New-ADUser by property name. I’ve moved my other parameters like Enabled into the object and added some additional ones for description. The OtherAttributes will set the Info (or Note) property so I can record when the account what created and by whom. For some reason, and I assume it must be a bug, I couldn’t define OtherAttributes as part of the incoming object so I used it as a regular parameter. But it works.
Description : 4Sysops DistinguishedName : CN=Erich Ratti,OU=Marketing,OU=Sales and Marketing,OU= Departments,OU=Employees,DC=GLOBOMANTICS,DC=local Enabled : True GivenName : Erich Info : Created 02/19/2014 11:52:59 by GLOBOMANTICS\jeff Name : Erich Ratti ObjectClass : user ObjectGUID : ea06de9c-503e-4a66-a1db-4eb11ea390d3 Office : RM 476 SamAccountName : E.Ratti SID : S-1-5-21-2552845031-2197025230-307725880-12379 Surname : Ratti Title : Marketing Specialist UserPrincipalName : E.Ratti@Globomantics.com
When properties don’t line up
Unfortunately you may not always get perfectly formatted CSV or XML files. Perhaps your CSV file only gives you something like in the screenshot below.
Property names don’t match
The property names don’t match and keys like samAccountname and UserPrincipalName are missing. Here’s one way. For this example, I’m going to import all of the accounts into the same location.
$pass = ConvertTo-SecureString -String "P@ssw0rd" -AsPlainText -Force $ou = "OU=Employees,DC=globomantics,DC=local" $users = import-csv s:\10Users.CSV
I will need to process each user account to come up with properties I can pass to New-ADUser.
foreach ($user in $users) { #define a hashtable to splat to New-ADUser $hash = @{ Name = "$($user.firstname) $($user.lastname)" Displayname = "$($user.firstname) $($user.lastname)" Path = $ou Surname = $user.lastname GivenName = $user.firstname Samaccountname = "$($user.firstname[0])$($user.lastname)" UserPrincipalName = "$($user.firstname[0])$($user.lastname)@globomantics.local" Title = $user.title Office = $user.office OfficePhone = $user.telephone Department = $user.Department AccountPassword = $pass Enabled = $True ChangePasswordAtLogon = $True Description = "10Users" otherattributes = @{"info"="Created $(Get-Date) by $env:userdomain\$env:username"} } New-ADUser @hash -PassThru } #foreach user
For each user in the collection of imported users I’m creating a hashtable. Each key corresponds to a parameter for New-ADuser. Some of the properties, like Title, I can simply use the existing value. But others, like samAccountname, I construct on the fly based on existing properties. This hash table will be splatted to New-ADUser so that each key/value pair lines up with the corresponding parameter. In literally a second, I’ve created 10 populated Active Directory user accounts.
Summary
Importing account data from a CSV or XML file into Active Directory will make you look like a hero. What could take hours to accomplish manually can be achieved in literally seconds. You can use the same principles and techniques I’ve shown here to modify or even remote user accounts.
Can the exported file be modified before it is imported? Does it matter if it is from another domain/network?
Pat, you can import / export between networks and domains without any issue.
Also, you can modify the .csv file in Excel (or notepad) before importing.
What about unix attributes? I’ve tried using this process, but it ignores uidNumber, gidNumber, unixHomeDirectory, etc when the users get imported to the new domain. I can see those fields in ADSI edit, but New-ADUser doesn’t want to set those.
It seems that Set-ADUser will let you modify the unix attributes. But is there any way to set them with New-ADUser? Adding all necessary attributes at once with New-ADUser would greatly simplify things.
My file csv can you help to import my file.pliss source code
IMAGES FILE CSV
how can change users company user by PowerShell