How to create Active Directory user account with powershell

Question

I am constantly setting up research and development environments that require active directory accounts. Since we place these environments in isloated networks each environment needs its own active directory. How can I create a new active directory account using powershell.

score 19 · Accepted Answer · edited Sep 01 '15 at 21:41

19

I'm not sure if you are looking for a script that will take a list of names, passwords, etc, but the following command works to create one new user. UserPrincipalName is optional. In this case, email is not used.

New-ADUser -SamAccountName nnn2 -Name "nnn2" -UserPrincipalName nnn2@jj -AccountPassword (ConvertTo-SecureString -AsPlainText "somePassword" -Force) -Enabled $true -PasswordNeverExpires $true -Path 'CN=Users,DC=jjdomain,DC=net'

If you wish to create a user in a trusted domain, add -server dns.domain to above command

edited Sep 01 '15 at 21:41

KeyszerS

180
9

answered Sep 01 '09 at 01:12

sejong

366
1
4
9

1

This is v2-specific. Rob, are you using v1 or v2? – Doug Chase Sep 01 '09 at 15:43
4

"PasswordNeverExpires $true" !!!!!! :-) – pauska Jan 20 '12 at 14:53
You need the PowerShell module if you don't have it: – northben Sep 06 '12 at 20:06
1

`add-windowsfeature rsat-ad-powershell;` `ipmo activedirectory` – northben Sep 06 '12 at 20:08

score 6 · Answer 2 · answered Sep 02 '09 at 20:20

I would recommend investigating Quest's AD cmdlets:

http://www.quest.com/powershell/activeroles-server.aspx

A new AD user would be:

new-QADUser -name 'user1' -ParentContainer 'OU=companyOU,DC=company,DC=com' -samAccountName 'user1' -UserPassword 'P@ssword'

However, for 'pure' Powershell, Shay's suggestion of Idera's scripts would save you using additional cmdlets. Mind you, if you are to go to the trouble of downloading the scripts you might as well download the Quest cmdlets.

score 5 · Answer 3 · edited Aug 25 '12 at 00:33

I took Brad's answer above and added a bit more detail below (thanks Brad for getting me thinking in this direction):

Input CSV file:

cn,givenname,sn,sAMAccountName,displayname,UserPrincipalName
Joe Smith,Joe,Smith,jsmith,Joe Smith,jsmith@domain.com
Susan Johnson,Susan,Johnson,sjohnson,Susan Johnson,sjohnson@domain.com

Code:

$inputFile = Import-CSV  <insert filepath here>

foreach($line in $inputFile)
{
    ## need to add quotes around DSN        
    $dsn = "`"cn="+$line.cn+",ou=userou,dc=domain,dc=com`""
    $samid = $line.sAMAccountName
    $ln = $line.sn
    $fn = $line.givenname
    $dn = $line.displayname
    ## need to add quotes around display name
    $dn2 = "`"$dn`""
    $upn = $line.UserPrincipalName

    cmd /c "dsadd user $dsn -samid $samid -ln $ln -fn $fn -display $dn2
    -upn $upn -mustchpwd yes -pwd TempP@assw0rd"

    write-host `n
}

Good luck!

score 2 · Answer 4 · answered Sep 02 '09 at 21:11

if you're just setting up the same users on different networks/domains, a plain old .cmd file should do the trick. Just issue calls to the dsadd command for each user.

a call to dsadd or dsmod would work in the middle of a powershell script as well. you could even have a CSV file of username/passwords which you could import with a powershell script and loop through each line with a call to dsadd or dsmod like this:

$inputFile = Import-CSV  <insert filepath here>

foreach($line in $inputFile)
{
    dsadd user -samid $line.Username -pwd $line.Password
}

The ds commands (dsadd, dsmod, etc) get installed with the active directory role, so they're available once you have AD up and running.

How to create Active Directory user account with powershell

4 Answers4

Linked

Related