The emphasis on this page is on getting started, learning how to create
a script that generates new accounts in Active Directory.
Once you have mastered the basics of New AdUser then you can expand your
horizons with Import-CSV, or copying existing users with the -instance
parameter.
a)
Logon: At a Domain Controller b) Find: Active Directory Module for Windows PowerShell
c) Launch: The PowerShell
executable d) Run: Import-Module activedirectory
Note 1: I have introduced the variables $Newbie
and $Box to encourage you to change these mandatory values to suit your
domain.
Note 2: The $i variable just enables us to run the script
again and again without getting duplicate user errors. When testing I
like to append -passThru so that PowerShell displays what it has just
created.
Note 3: Usually, I prefer to explicitly include the
-name parameter, rather than just implying that $Newbie is the LDAP name
property from its position (1st). The reason I omitted here is so
that I could draw attention to the fact that -name and -SamAccountName
are two different properties, in these examples they just happen to have
the same values.
Guy Recommends: SolarWinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click to import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in this free download, and all 3 have been approved by Microsoft:
Note 4: It's worth studying how this script employs the
$Template variable to get details
of an account with a SamAccountName of "Worker".
Note 5: The crucial parameter here is -instance, it reads all
the LDAP values from the "Worker" account and merely substitutes the -name.
Naturally, for a production script you could add other LDAP properties such
as Surname, and replace the -passwordNotRequired parameter with
-accountPassword.
Because setting account passwords can be tricky, until now, I have swerved
the problem with -passwordNotRequired. When you try setting a real
password, not only could there be ultra-complex policies in force, but also
the ConvertTo-SecureString syntax is by no means straightforward.
The crucial addition to previous scripts is this parameter: -accountPassword
(ConvertTo-SecureString -AsPlainText "P@ssword2" -Force)
Note 6: As with the other examples, you may wish to amend the value of $Box,
and indeed, modify "P@ssword2".
Note 7: If you wish to find out more about setting
passwords with New-AdUser, the key parameter begins with 'a' for
accountPassword, and not 'p'.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of SolarWinds' offer.
If you cannot get these PowerShell examples to work, instead you get a message saying: The term
'New-AdUser' is not recognized ..... then I suggest you
troubleshoot with these two commands:
# PowerShell Check for Active Directory Services Get-Service ad*
Get-Module
If you suspect that the Active Directory Module for Windows
PowerShell has not loaded, then see more about
installing activedirectory modules.
Learn About New-AdUser With
Get-Help -full
This is how I discovered the -enable and -passwordNotRequired parameters.
# PowerShell New-AdUser help and examples Clear-Host Get-Help
New-AdUser
-full
Note 8: Amongst the zillions of parameters you maybe
interested in trying -passThru. What it does is display information
about the object(s) that you have just created.
Researching
Similar Active Directory Cmdlets
Once you have mastered New-AdUser, you may wish to know more about
similar active directory tools. To obtain a comprehensive list of the AD
cmdlets try this command:
Note 9: Naturally, you can also use these verbs and nouns in
other combinations.
»
Summary of PowerShell New-AdUser
My mission is to get you started with New-AdUser. Once you can
create one user account, then it's not too difficult to expand the
principles to create really useful scripts, -instance saves work by
copying a template user.
If you like this page then please share it with your friends
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, SolarWinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
