In some very, very small circles, people ask me for advice using PowerShell. I know, it makes NO sense. Regardless, I like the attention and it pushes me to be a better person.
In today’s example of my pathetic PowerShell skills I’ll share the script I use to create Active Directory accounts in my SharePoint test environments. I build a lot of test environments, so it’s handy to be able to crank out lots of users quickly. I’ve used a variety of PowerShell solutions, but this is the first one that hasn’t sucked so much that I’m afraid to share it. It actually does a couple of cool things. Before I share this amazing code with you, let me tell you about a few of its finer features.
1) It checks to see if there’s a problem creating the user, and if there is, reports it. This is handy for two reasons. First, the user you’re running the script as may not have permission to create users. With the error checking in this script you get a message saying “Access Denied” so you know it’s a permissions error. Also, this allows it to gracefully skip users that already exist. This is great because as you need to add new users to your environment you can just add them at the end of the existing users.csv file you use and run the script again.
2) It can handle accounts that have managers and ones that don’t. Being SharePoint admins we all get to experience the User Profile Service. That gives us the fancy employee hierarchy thing, which needs each accounts’ Manager field to be populated. One of things this script gives us is the ability to put our service accounts and our user accounts in the same users.csv file. In previous version of this I had two CSV files and changed the script to not try to add the Manager attribute for service accounts and bosses. In this version I don’t need to do that.
3) It can add user pictures to Active Directory. Regardless of whether the user already exists or not, the script will look in the local directory to see if a file with the name user.jpg exists. If it’s there, the script adds it to the user. Since the creation part gracefully skips existing users, you can gradually drop JPGs into this folder and run the script over and over to add user’s pictures. This part doesn’t have any of the Try-Catch error checking (yet), so if you don’t have permission edit AD users, you might get some angry red text here.
Pretty cool, huh? Are you really excited to get your hands on this super-cool script? I thought you would be. Here it is:
1 # Script to create Active Directory accounts
2 # v2 9/12/2012
3 # Todd Klindt
4 # http://www.toddklindt.com
5
6 # Add the Active Directory bits and not complain if they're already there
7 Import-Module ActiveDirectory -ErrorAction SilentlyContinue
8
9 # set default password
10 # change pass@word1 to whatever you want the account passwords to be
11 $defpassword = (ConvertTo-SecureString "pass@word1" -AsPlainText -force)
12
13 # Get domain DNS suffix
14 $dnsroot = '@' + (Get-ADDomain).dnsroot
15
16 # Import the file with the users. You can change the filename to reflect your file
17 $users = Import-Csv .\users.csv
18
19 foreach ($user in $users) {
20 if ($user.manager -eq "") # In case it's a service account or a boss
21 {
22 try {
23 New-ADUser -SamAccountName $user.SamAccountName -Name ($user.FirstName + " " + $user.LastName) `
24 -DisplayName ($user.FirstName + " " + $user.LastName) -GivenName $user.FirstName -Surname $user.LastName `
25 -EmailAddress ($user.SamAccountName + $dnsroot) -UserPrincipalName ($user.SamAccountName + $dnsroot) `
26 -Title $user.title -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true `
27 -AccountPassword $defpassword -PassThru `
28 }
29 catch [System.Object]
30 {
31 Write-Output "Could not create user $($user.SamAccountName), $_"
32 }
33 }
34 else
35 {
36 try {
37 New-ADUser -SamAccountName $user.SamAccountName -Name ($user.FirstName + " " + $user.LastName) `
38 -DisplayName ($user.FirstName + " " + $user.LastName) -GivenName $user.FirstName -Surname $user.LastName `
39 -EmailAddress ($user.SamAccountName + $dnsroot) -UserPrincipalName ($user.SamAccountName + $dnsroot) `
40 -Title $user.title -manager $user.manager `
41 -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true `
42 -AccountPassword $defpassword -PassThru `
43 }
44 catch [System.Object]
45 {
46 Write-Output "Could not create user $($user.SamAccountName), $_"
47 }
48 }
49 # Put picture part here.
50 $filename = "$($user.SamAccountName).jpg"
51 Write-Output $filename
52
53 if (test-path -path $filename)
54 {
55 Write-Output "Found picture for $($user.SamAccountName)"
56
57 $photo = [byte[]](Get-Content $filename -Encoding byte)
58 Set-ADUser $($user.SamAccountName) -Replace @{thumbnailPhoto=$photo}
59 }
60 }
If you’d like to download the code. You can grab it here. You can grab a sample CSV file here.
As always, be very, very afraid of any PowerShell you download from the Internet. Especially mine! While this script might very work as is in your test environment, you should really just consider it something to reference when you write your own script. This script might destroy your Active Directory, format your server, and replace your fresh brewed coffee with Folger’s Crystals. You have been warned.
Let me know what you think. Be kind. I cry easily.
tk
ShortURL: http://www.toddklindt.com/PoshMakeUsers
Edited 9/3/2013 to add link to sample CSV files