Windows PowerShell New-AdUser Cmdlet![PowerShell New-AdUser](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMDgiIGhlaWdodD0iMTcxIiB2aWV3Qm94PSIwIDAgMTA4IDE3MSI+PHJlY3Qgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgc3R5bGU9ImZpbGw6I2NmZDRkYjtmaWxsLW9wYWNpdHk6IDAuMTsiLz48L3N2Zz4=)
The emphasis on this page is on getting started, learning how to create a script that generates new accounts in Active Directory.
Once you have mastered the basics of New AdUser then you can expand your horizons with Import-CSV, or copying existing users with the -Instance parameter.
Topics PowerShell New-AdUser
- Preparation: Checklist for New-AdUser
- Example 1: New-AdUser Basic Syntax
- Example 2: New-AdUser -enable and -passwordNotRequired
- Example 3: New-AdUser Copy an Existing Account with -Instance
- Example 4: New-AdUser -accountPassword
♣
Preparation: Checklist for New-AdUser
a) Logon: At a Domain Controller
b) Find: Active Directory Module for Windows PowerShell
c) Launch: The PowerShell executable
d) Run: Import-Module activedirectory
Example 1: New-AdUser Basic Syntax
To get started with PowerShell’s New-AdUser cmdlet you only need to provide values for the -name and -path parameters.
#PowerShell New-AdUser simple example
$Box = "OU=Raglan,DC=burrium,DC=usk"
$i
$Newbie ="Eddie" + $i
New-AdUser -name $Newbie -path $Box -passThru
$i++
Note 1: I have introduced the variables $Newbie and $Box to encourage you to change these mandatory values to suit your domain.
Note 2: The $i variable just enables us to run the script again and again without getting duplicate user errors. When testing I like to append -passThru so that PowerShell displays what it has just created.
Example 2: New-AdUser -enable and -passwordNotRequired
This example makes the account ready for use with -enable $True. To prevent errors it also sets the value of password to a random value.
# PowerShell New-AdUser
$Box = "OU=Raglan,DC=burrium,DC=usk"
$i
$Newbie ="Eddie" + $i
New-AdUser $Newbie -Path $Box `
-enable $True -passwordNotRequired $True -passThru
$i++
Note 3: Usually, I prefer to explicitly include the -name parameter, rather than just implying that $Newbie is the LDAP name property from its position (1st). The reason I omitted here is so that I could draw attention to the fact that -name and -SamAccountName are two different properties, in these examples they just happen to have the same values.
Guy Recommends: SolarWinds’ Free Bulk Import Tool![Free Download Solarwinds Bulk Import Tool](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxODEiIGhlaWdodD0iMTQ2IiB2aWV3Qm94PSIwIDAgMTgxIDE0NiI+PHJlY3Qgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgc3R5bGU9ImZpbGw6I2NmZDRkYjtmaWxsLW9wYWNpdHk6IDAuMTsiLz48L3N2Zz4=)
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive application analysis software,
Download a free trial of SAM (Server & Application Monitor)
Example 3: New-AdUser Copy an Existing Account with -Instance
Here is a neat technique to copy an existing ‘template’ account, and just substitute the unique values for this new user.
Clear-Host
$Template = Get-AdUser -identity "Worker"
$n
$Newbie = "Betty" +$n
New-AdUser -name $Newbie -Instance $Template `
-enable $True -passwordNotRequired $True -passThru
$n++
Note 4: It’s worth studying how this script employs the $Template variable to get details of an account with a SamAccountName of "Worker".
Note 5: The crucial parameter here is -Instance, it reads all the LDAP values from the "Worker" account and merely substitutes the -name. Naturally, for a production script you could add other LDAP properties such as Surname, and replace the -passwordNotRequired parameter with -accountPassword.
Example 4: New-AdUser -accountPassword
Because setting account passwords can be tricky, until now, I have swerved the problem with -passwordNotRequired. When you try setting a real password, not only could there be ultra-complex policies in force, but also the ConvertTo-SecureString syntax is by no means straightforward.
The crucial addition to previous scripts is this parameter:
-accountPassword (ConvertTo-SecureString -AsPlainText "P@ssword2" -Force)
#PowerShell New-AdUser -accountPassword example
Clear-Host
$Box = "OU=Raglan,DC=burrium,DC=usk"
$i
$Newbie ="Eddie" + $i
New-AdUser $Newbie -Path $Box -enable $True `
-accountPassword (ConvertTo-SecureString -AsPlainText "P@ssword2" -Force) -passThru
$n++
Note 6: As with the other examples, you may wish to amend the value of $Box, and indeed, modify "P@ssword2".
Note 7: If you wish to find out more about setting passwords with New-AdUser, the key parameter begins with ‘a’ for accountPassword, and not ‘p’.
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM)
v11.5
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Download a free trial of Solarwinds’ Network Performance Monitor
Troubleshooting New-AdUser
If you cannot get these PowerShell examples to work, instead you get a message saying:
The term ‘New-AdUser’ is not recognized ….. then I suggest you troubleshoot with these two commands:
# PowerShell Check for Active Directory Services
Get-Service ad*
Get-Module
If you suspect that the Active Directory Module for Windows PowerShell has not loaded, then see more about installing activedirectory modules.
Learn About New-AdUser With Get-Help -full
This is how I discovered the -enable and -passwordNotRequired parameters.
# PowerShell New-AdUser help and examples
Clear-Host
Get-Help New-AdUser -full
Note 8: Amongst the zillions of parameters you maybe interested in trying -passThru. What it does is display information about the object(s) that you have just created.
Researching Similar Active Directory Cmdlets
Once you have mastered New-AdUser, you may wish to know more about similar active directory tools. To obtain a comprehensive list of the AD cmdlets try this command:
Clear-Host
Get-Command -Noun ad*
Amongst the results you should see:
- Add-AdGroupmember
- Enable-AdAccount
- Get-AdUser
- Move-AdComputer
- New-AdComputer
- Set-AdUser
- Remove-AdGroup
- UnLock-AdAccount
Note 9: Naturally, you can also use these verbs and nouns in other combinations.
Summary of PowerShell New-AdUser
My mission is to get you started with New-AdUser. Once you can create one user account, then it’s not too difficult to expand the principles to create really useful scripts, -Instance saves work by copying a template user.
If you like this page then please share it with your friends
See more PowerShell Active Directory Cmdlets
• PowerShell Home • Get-AdUser -filter • Get-AdUser • New-AdUser • Get-AdComputer
• Export-CSV • Import CSV • PowerShell Active Directory • New-AdComputer
• PowerShell Codeplex • PowerShell Ad Cmdlets • Free Import User CSVDE Tool
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.