How To Create a New Domain User Account with PowerShell
How To Create a New Domain User Account with PowerShell

powershell-logoAnyone who has ever had to manually create hundreds of Active Directory user account knows that it can become tedious and boring very quickly.  However, using the Active Directory Users and Computers snap-in is convenient for making accounts, so long as you don’t have to make a lot of them.  Most system administrators, however, would much prefer using a PowerShell script to create domain accounts.  Scripting dramatically speeds up the process.

Enabling the AD Module in PowerShell

This first thing you need to do is enable PowerShell’s built-in Active Directory module.

  • Import-Module ActiveDirectory

Understanding the New-ADUser cmdlet

Now that the AD Module is loaded, we can take a look at the New-ADUser cmdle.  We will use this to create our new users.  New-ADUser is very powerful and can be used to configure many different settings.  The full syntax of New-ADUser can be seen by entering the following:

  • Get-Command New-ADUser -syntax

Your output will resemble that in the screenshot to the below:

screen shot of powershell new-aduser syntax

Take a look at the New-ADUser syntax in the image above.  It will give you a good idea of how to accomplish your desired tasks using New-ADUser.

Creating a New Domain User Account with PowerShell

  • New-ADUser jsmith
    • This will create an account called ‘jsmith’.  It will be disabled by default.
    • To create user accounts with spaces in them, please use quotes around the account name

You have now built a basic, disabled user account called jsmith.

While the above was easy to accomplish, most times you will want to include more information and configuration settings in your script.

Using New-ADUser cmdlet to Create Fully Configured User Accounts in AD

Ask a hundred different people what a fully configured Active Directory user account is and you might get a hundred different answers.  We have chosen the below criteria for creating user account.  Accounts must include:

  • Username
  • Password
  • First Name
  • Last Name
  • Change Password at First Login
  • OU
  • Employee ID

The syntax for the above would be:

  • New-ADUser -Name “John Smith” -GivenName “John” -Surname “Smith” -SamAccountName “jsmith” -Path “OU=VPs,DC=company,DC=com” -AccountPassword(“password” -AsSecureString) -ChangePasswordAtLogin $true -EmployeeID “0001”-Enabled $true

This PowerShell command will create a new user in Active Directory and enable to account so it can be used.  When John Smith logins in for the firs time, he will be prompted to change his password.

Using PowerShell to Create Active Directory Users in Bulk

Importing AD Users from CSV with PowerShell

Importing new user account data from a CSV file using PowerShell is an effective way to create bulk users in Active Directory.  This allows you to enter your data into an Excel spreadsheet, save it as a CSV and upload it to AD through PowerShell.  AD only requires five fields for a new user account, which are:

  • FirstName
  • LastName
  • Username
  • Password
  • OU

In Microsoft Excel, open a new CSV file.  Ensure that the encoding is UTF8.  Setup the columns as shown in the screenshot below.  Save the file as c:\scripts\newadusers.cvs

CSV-File

Use the script below to create the new user accounts in AD.  Your new users will be prompted to change their passwords on the next login.

PowerShell Script to Create Bulk Users

#Enter a path to your import CSV file
$ADUsers = Import-csv C:\scripts\newadusers.csv

foreach ($User in $ADUsers)
{

       $Username    = $User.username
       $Password    = $User.password
       $Firstname   = $User.firstname
       $Lastname    = $User.lastname
    $Department = $User.department
       $OU           = $User.ou

       #Check if the user account already exists in AD
       if (Get-ADUser -F {SamAccountName -eq $Username})
       {
               #If user does exist, output a warning message
               Write-Warning “A user account $Username has already exist in Active Directory.”
       }
       else
       {
              #If a user does not exist then create a new user account
          
        #Account will be created in the OU listed in the $OU variable in the CSV file; don’t forget to change the domain name in the”-UserPrincipalName” variable
              New-ADUser `
            -SamAccountName $Username `
            -UserPrincipalName “$Username@yourdomain.com” `
            -Name “$Firstname $Lastname” `
            -GivenName $Firstname `
            -Surname $Lastname `
            -Enabled $True `
            -ChangePasswordAtLogon $True `
            -DisplayName “$Lastname, $Firstname” `
            -Department $Department `
            -Path $OU `
            -AccountPassword (convertto-securestring $Password -AsPlainText -Force)

       }
}

Execute the script from within PowerShell to create your new users.

Hopefully this article has taught you how to create new AD user accounts with PowerShell.  If you enjoyed this article, please check out our other ones in our Knowledge Base.