Skip Ribbon Commands
Skip to main content

Quick Launch

Todd Klindt's home page > Todd Klindt's Office 365 Admin Blog > Posts > The PowerShell script I use to create Active Directory users
September 12
The PowerShell script I use to create Active Directory users

In some very, very small circles, people ask me for advice using PowerShell. I know, it makes NO sense. Regardless, I like the attention and it pushes me to be a better person.

In today’s example of my pathetic PowerShell skills I’ll share the script I use to create Active Directory accounts in my SharePoint test environments. I build a lot of test environments, so it’s handy to be able to crank out lots of users quickly. I’ve used a variety of PowerShell solutions, but this is the first one that hasn’t sucked so much that I’m afraid to share it. It actually does a couple of cool things. Before I share this amazing code with you, let me tell you about a few of its finer features.

1) It checks to see if there’s a problem creating the user, and if there is, reports it. This is handy for two reasons. First, the user you’re running the script as may not have permission to create users. With the error checking in this script you get a message saying “Access Denied” so you know it’s a permissions error. Also, this allows it to gracefully skip users that already exist. This is great because as you need to add new users to your environment you can just add them at the end of the existing users.csv file you use and run the script again.

2) It can handle accounts that have managers and ones that don’t. Being SharePoint admins we all get to experience the User Profile Service. That gives us the fancy employee hierarchy thing, which needs each accounts’ Manager field to be populated. One of things this script gives us is the ability to put our service accounts and our user accounts in the same users.csv file. In previous version of this I had two CSV files and changed the script to not try to add the Manager attribute for service accounts and bosses. In this version I don’t need to do that.

3) It can add user pictures to Active Directory. Regardless of whether the user already exists or not, the script will look in the local directory to see if a file with the name user.jpg exists. If it’s there, the script adds it to the user. Since the creation part gracefully skips existing users, you can gradually drop JPGs into this folder and run the script over and over to add user’s pictures. This part doesn’t have any of the Try-Catch error checking (yet), so if you don’t have permission edit AD users, you might get some angry red text here.

Pretty cool, huh? Are you really excited to get your hands on this super-cool script? I thought you would be. Here it is:

  1 # Script to create Active Directory accounts
  2 # v2 9/12/2012
  3 # Todd Klindt
  4 #
  6 # Add the Active Directory bits and not complain if they're already there
  7 Import-Module ActiveDirectory -ErrorAction SilentlyContinue
  9 # set default password
 10 # change pass@word1 to whatever you want the account passwords to be
 11 $defpassword = (ConvertTo-SecureString "pass@word1" -AsPlainText -force)
 13 # Get domain DNS suffix
 14 $dnsroot = '@' + (Get-ADDomain).dnsroot
 16 # Import the file with the users. You can change the filename to reflect your file
 17 $users = Import-Csv .\users.csv
 19 foreach ($user in $users) {
 20         if ($user.manager -eq "") # In case it's a service account or a boss
 21             {
 22                 try {
 23                     New-ADUser -SamAccountName $user.SamAccountName -Name ($user.FirstName + " " + $user.LastName) `
 24                     -DisplayName ($user.FirstName + " " + $user.LastName) -GivenName $user.FirstName -Surname $user.LastName `
 25                     -EmailAddress ($user.SamAccountName + $dnsroot) -UserPrincipalName ($user.SamAccountName + $dnsroot) `
 26                     -Title $user.title -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires  $true `
 27                     -AccountPassword $defpassword -PassThru `
 28                     }
 29                 catch [System.Object]
 30                     {
 31                         Write-Output "Could not create user $($user.SamAccountName), $_"
 32                     }
 33             }
 34             else
 35              {
 36                 try {
 37                     New-ADUser -SamAccountName $user.SamAccountName -Name ($user.FirstName + " " + $user.LastName) `
 38                     -DisplayName ($user.FirstName + " " + $user.LastName) -GivenName $user.FirstName -Surname $user.LastName `
 39                     -EmailAddress ($user.SamAccountName + $dnsroot) -UserPrincipalName ($user.SamAccountName + $dnsroot) `
 40                     -Title $user.title -manager $user.manager `
 41                     -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires  $true `
 42                     -AccountPassword $defpassword -PassThru `
 43                     }
 44                 catch [System.Object]
 45                     {
 46                         Write-Output "Could not create user $($user.SamAccountName), $_"
 47                     }
 48              }
 49         # Put picture part here.
 50         $filename = "$($user.SamAccountName).jpg"
 51         Write-Output $filename
 53         if (test-path -path $filename)
 54             {
 55                 Write-Output "Found picture for $($user.SamAccountName)"
 57                 $photo = [byte[]](Get-Content $filename -Encoding byte)
 58                 Set-ADUser $($user.SamAccountName) -Replace @{thumbnailPhoto=$photo} 
 59             }
 60    }

If you’d like to download the code. You can grab it here. You can grab a sample CSV file here.

As always, be very, very afraid of any PowerShell you download from the Internet. Especially mine! While this script might very work as is in your test environment, you should really just consider it something to reference when you write your own script. This script might destroy your Active Directory, format your server, and replace your fresh brewed coffee with Folger’s Crystals. You have been warned.

Let me know what you think. Be kind. I cry easily.



Edited 9/3/2013 to add link to sample CSV files


Creating sample users

Just for the twist - I have a similar script to create users for a test env - but I also have a little script, that would create a bunch of random users as well to feed to the AD:
 on 9/27/2012 2:18 AM

Another PowerShell question

Since you are sooo good at PowerShell, do you know if there is a PS command that would give me all the settings in Central Admin. That sounds like a huge task, but I've been asked so I'm asking you!
 on 10/24/2012 8:12 AM

Re: Another PowerShell question

Thanks for your kind words, and let me be clear, flattery will get you everywhere.

But there are A LOT of settings in Central Admin. I don't know of a way to get them all. This script probably gets you close,

I hope that helps,
Todd O. KlindtNo presence information on 11/2/2012 10:13 PM

Get Fake User

When you need fake user names is this a good adress
 on 11/22/2012 7:38 AM

Re: Get Fake User

Interesting site. Kinda scary, but interesting.

Todd O. KlindtNo presence information on 11/24/2012 3:13 PM

Accent Marks

Thanks for sharing this script, I switched jobs and forgot to back up scripts ahead of time.  This helped me get started on a new one.  I was curious if you had any hints on dealing with names like Aurèle and Eléna?  The PowerShell processing doesn't seem to handle them well.  Is it the encoding of CSV or something else?
 on 8/5/2013 4:06 PM

Oops, should have done more testing

In case anyone else needs to know make sure the file is Unicode Enocding and not ANSI.  That seemed to fix it.
 on 8/5/2013 4:08 PM

Re: Oops, should have done more testing

Shouldn't we all? :) Thanks for the followup.

Todd O. KlindtNo presence information on 8/7/2013 1:58 PM

Sample CSV

Hey Todd do you have a sample csv file I can steal off you?  I'm lazy!
 on 9/3/2013 2:41 PM

Re: Sample CSV

I hate to incent laziness, but you're right, I should provide a sample CSV. I linked to one in the article right after the code sample.

Todd O. KlindtNo presence information on 9/3/2013 9:20 PM
1 - 10Next

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.


Body *

Today's date *

Select a date from the calendar.
Please enter today's date so I know you are a real person


Want a message when I reply to your comment? Put your Twitter handle here.