Import users into Active Directory with PowerShell

Home Blog Import users into Active Directory with PowerShell

4sysops - The online community for SysAdmins and DevOps

      5
In my last article I discussed a few techniques for exporting user accounts from Active Directory using PowerShell. The obvious next step is to see how to import user accounts into Active Directory.
Contents
  1. Importing objects
  2. When properties don’t line up
  3. Summary
Latest posts by Jeffery Hicks (see all)

I am going to use the New-ADUser cmdlet from the Microsoft Active Directory provider. As you’ll see this can be a simple and seamless process and it doesn’t really matter if you are importing from a CSV file or XML. What matters is the object.

When you look at help for New-ADUser you’ll see that almost all of the parameters accept pipeline input by property name. That means if the incoming object has a property, like Title, that matches the parameter name, the cmdlet will use that property value for the parameter value.

The only other step you will most likely have to take is to define an initial password for the user account. You can create a user without specifying a password but that seems like extra work to me. The minor obstacle is that New-ADUser needs a secure string for the password property. So I’ll define one.

$pass = ConvertTo-SecureString -String "P@ssw0rd" -AsPlainText –Force

Use –Force to suppress the confirmation prompt. As an alternative, you can use Read-Host and prompt for the password.

$pass = Read-Host "Enter an initial password" –AsSecureString

I’ll show you where to use this and how to force the user to change password. Now we can begin.

Importing objects

PowerShell can import any CSV file. It will use the header for property names.

PS C:\> import-csv s:\newglobousers.csv

Import CSV with PowerShell

Import CSV with PowerShell

The property names (i.e. the CSV header) for the most part match the parameter names for New-ADUser. This means I could get by with something as simple as this:

Import-CSV s:\newGloboUsers.csv | New-ADUser -Path "OU=Testing,DC=Globomantics,DC=Local" -AccountPassword $pass -Enabled $True -ChangePasswordAtLogon $True

The only parameters I had to specify was the path for the new accounts, password parameters and something to enable the account. Even though I am using a CSV file here, I could just as easily have used an XML file or document. All that matters is that the objects you get when importing match up.

But let me take this a step further. Suppose I need each user to be placed in the OU that corresponds to their department. I also want to define a few other properties that aren’t part of the original, imported user object.

Import-CSV -Path $csv | Select *,
@{Name="Path";Expression={Get-ADOrganizationalUnit -Filter "name -eq '$($_.department)'"}}, 
@{Name="Description";Expression={"4Sysops"}},
@{Name="Enabled";Expression={ $True }},
@{Name="AccountPassword";Expression={ $pass}},
@{Name="ChangePasswordAtLogon";Expression={ $True }} | 
New-ADUser -Otherattributes @{"info"="Created $(Get-Date) by $env:userdomain\$env:username"}  –passThru

As each user is imported, I use custom hash tables to define some additional properties that will bind to New-ADUser by property name. I’ve moved my other parameters like Enabled into the object and added some additional ones for description. The OtherAttributes will set the Info (or Note) property so I can record when the account what created and by whom. For some reason, and I assume it must be a bug, I couldn’t define OtherAttributes as part of the incoming object so I used it as a regular parameter. But it works.

Description       : 4Sysops
DistinguishedName : CN=Erich Ratti,OU=Marketing,OU=Sales and Marketing,OU=
                    Departments,OU=Employees,DC=GLOBOMANTICS,DC=local
Enabled           : True
GivenName         : Erich
Info              : Created 02/19/2014 11:52:59 by GLOBOMANTICS\jeff
Name              : Erich Ratti
ObjectClass       : user
ObjectGUID        : ea06de9c-503e-4a66-a1db-4eb11ea390d3
Office            : RM 476
SamAccountName    : E.Ratti
SID               : S-1-5-21-2552845031-2197025230-307725880-12379
Surname           : Ratti
Title             : Marketing Specialist
UserPrincipalName : E.Ratti@Globomantics.com

When properties don’t line up

Unfortunately you may not always get perfectly formatted CSV or XML files. Perhaps your CSV file only gives you something like in the screenshot below.

 Property names don’t match

Property names don’t match

The property names don’t match and keys like samAccountname and UserPrincipalName are missing. Here’s one way. For this example, I’m going to import all of the accounts into the same location.

$pass = ConvertTo-SecureString -String "P@ssw0rd" -AsPlainText -Force
$ou = "OU=Employees,DC=globomantics,DC=local"
$users = import-csv s:\10Users.CSV

I will need to process each user account to come up with properties I can pass to New-ADUser.

foreach ($user in $users) {

#define a hashtable to splat to New-ADUser
 $hash = @{
  Name = "$($user.firstname) $($user.lastname)"
  Displayname = "$($user.firstname) $($user.lastname)"
  Path = $ou
  Surname = $user.lastname
  GivenName = $user.firstname
  Samaccountname = "$($user.firstname[0])$($user.lastname)"
  UserPrincipalName = "$($user.firstname[0])$($user.lastname)@globomantics.local"
  Title = $user.title
  Office = $user.office
  OfficePhone = $user.telephone
  Department = $user.Department
  AccountPassword = $pass
  Enabled = $True
  ChangePasswordAtLogon = $True
  Description = "10Users"
  otherattributes = @{"info"="Created $(Get-Date) by $env:userdomain\$env:username"}
 }

 New-ADUser @hash -PassThru 
} #foreach user

For each user in the collection of imported users I’m creating a hashtable. Each key corresponds to a parameter for New-ADuser. Some of the properties, like Title, I can simply use the existing value. But others, like samAccountname, I construct on the fly based on existing properties. This hash table will be splatted to New-ADUser so that each key/value pair lines up with the corresponding parameter. In literally a second, I’ve created 10 populated Active Directory user accounts.

Summary

Importing account data from a CSV or XML file into Active Directory will make you look like a hero. What could take hours to accomplish manually can be achieved in literally seconds. You can use the same principles and techniques I’ve shown here to modify or even remote user accounts.

Related Articles
5 Comments
  1. Pat Canterino 7 years ago

    Can the exported file be modified before it is imported?  Does it matter if it is from another domain/network?

    Reply
    • Robert Löfgren 7 years ago

      Pat, you can import / export between networks and domains without any issue.

      Also, you can modify the .csv file in Excel (or notepad) before importing.

      Reply
  2. MIke 7 years ago

    What about unix attributes? I’ve tried using this process, but it ignores uidNumber, gidNumber, unixHomeDirectory, etc when the users get imported to the new domain. I can see those fields in ADSI edit, but New-ADUser doesn’t want to set those.

    It seems that Set-ADUser will let you  modify the unix attributes. But is there any way to set them with New-ADUser? Adding all necessary attributes at once with New-ADUser would greatly simplify things.

    Reply
  3. dharmatkj 7 years ago

    My file csv can you help to import my file.pliss source code

    IMAGES FILE CSV

    Reply
  4. Nazrul Islam 3 years ago

    how can change users company user by PowerShell

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account