Bulk Create AD User

This topic contains 5 replies, has 5 voices, and was last updated by  Adam Bertram 1 week, 4 days ago.

  • Author
    Posts
  • #84979

    Chris
    Participant

    Hi all, this is my first PowerShell script. The purpose is to use a CSV file to speed up and improve accuracy of single and multiple user account creations for a client.

    Here is the script.

    # Import Modules for Active Directory and to sync to 365
    Import-Module ActiveDirectory
    Import-Module DirSync
     
    # Prompt for CSV path
    $csvfilepath = Read-Host -Prompt "Please enter the path to the CSV file"
     
    # Import the file into a variable
    $users = Import-Csv $csvfilepath
     
    # Pass through the file to gather information
    foreach ($user in $users){
     
        # Define user information variables
        $FNAME = $user.'First Name'
        $LNAME = $user.'Last Name'
        $DN = $user.'First Name' + " " + $user.'Last Name'
        $UN = $user.'First Name' + "." + $user.'Last Name'
        $SP = $user.'ScriptPath'
        $OU = $user.'OU Path'
      
        #Create password
        $PW = $user.Password | ConvertTo-SecureString -AsPlainText -Force
     
        # Create the AD
        New-ADUser -Name $DN -GivenName $FNAME -Surname $LNAME -DisplayName $DN -UserPrincipalName $UN@domain.co.uk -SAMAccountName $UN -EmailAddress $UN@domain.co.uk -Path $OU -AccountPassword $PW -ChangePasswordAtLogon $True -Enabled $True -ScriptPath $SP -OtherAttributes @{proxyAddresses="SMTP:$UN@domain.co.uk","smtp:$UN@domain.onmicrosoft.com"} 
    
        # Output
        echo "Account created $UPN in $OU"
    }
    
    # Command to sync to 365
    Start-OnlineCoexistenceSync
    

    There are a couple of things I am struggling with however.

    Because the client is synced to 365 I need to populate the proxyAddresses and targetAddress attribute fields. I've managed to get the proxyAddresses to work but I am not sure how to add the targetAddress as well.

    Another thing I need assistance with is being able to specify AD groups for the users in question. For example, User 1 needs to be a member of; All Users, Department 1 Share, Allow Removable USB Devices. And User 2; All Users, Department 1 Share

    Any advice would be greatly appreciated.

  • #84982

    Jon
    Participant

    Look into using new-remotemailbox to handle the proxy and target addresses.

    https://technet.microsoft.com/en-us/library/ff607480(v=exchg.160).aspx

    For the groups, you could use AD user templates.

    • #85021

      postanote
      Participant

      Firstly, welcome to the PowerShell world, and good job on your first attempt.

      However, FYI... a quick way to get a script written for you (even with zero knowledge of PowerShell) is to use the tools provided by Microsoft before running at it from scratch.

      In Windows Server 2008 R2 and higher, there is a management console called, ADAC (Active Directory Administrative Center).
      You click through the steps to do X action, it writes the script for you that you can use as is or ()copy and paste into the PowerShell ISE, VSCode, or editor of your choice tweak for your use case.

      Introduction to Active Directory Administrative Center Enhancements (Level 100)
      'docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements–level-100-'

      Use Active Directory Administrative Center to Create PowerShell Commands in Windows Server 2012
      'petri.com/use-active-directory-administrative-center-create-powershell-commands'

      Step-By-Step: Utilizing PowerShell History Viewer in Windows Server 2012 R2
      'blogs.technet.microsoft.com/canitpro/2015/03/04/step-by-step-utilizing-powershell-history-viewer-in-windows-server-2012-r2'

    • #85039

      Chris
      Participant

      Thank you, I'll be sure to check those out!

  • #85000

    Matt Howard
    Participant

    In the OtherAttributes parameter, this is a hash table, so you just need to use a semicolon to separate proxyAddresses and targetAddress:

    -OtherAttributes @{proxyAddresses="SMTP:user@domain1.com","smtp:user@domain2.com";targetAddress="user@domain1.com"}

    For the group memberships, add logic based on attributes such as department, division or title. You could also add a column to the CSV with True/False values for non-attribute groups (like the USB drive group you mentioned). For example, the column 'AllowUSB' has TRUE for User1 and FALSE for User2. Then use a switch or if/else statement to handle the logic to add to the group. The same would go for a department group: if department equals "Department 1", add to the appropriate department group(s).

    Hope this helps!

  • #85199

    Adam Bertram
    Moderator

    Moving to correct forum.

You must be logged in to reply to this topic.