Using PowerShell to import test users into Active Directory

Posted Wednesday, July 7, 2010 7:55 AM by CoreyRoth

If you build a lot of virtual SharePoint environments, you might find yourself needing some test users in Active Directory to demonstrate various things such as people search or the new social features.  Sure, you can create these users by hand, but that’s very tedious.  I decided to look for a programmatic way to do it.  After searching the web, I found various approaches but many of them were antiquated using things like .vbs files.  I wanted something a bit more modern.  I wanted something in PowerShell.  I stumbled upon a post by Todd Klindt which set me in the right direction.  For my needs though, I needed to expand this approach just a little bit more.  I want to demonstrate the Organization Brower, so I need to set the user’s manager, title, and department properties.  Setting the manager property turned out to add a little bit of complexity.

Before, we can work with Active Directory in PowerShell, we have to import the Active Directory module.  This module is large enough to load that you actually get a progress indicator.  Load it by typing the command below.

Import-Module ActiveDirectory

To do this, I will create a .csv file that has all of my users but one.  I ran into one minor issue putting all of my users in it.  If you specify the manager property on the PowerShell command we use, it requires a value and it has to be an existing user.  This proved to be a problem for my fictitious CEO who did not have a manager.  So let’s create my CEO first.  His name is John Williams (real original I know).  We will also use this as an opportunity to look at the various parameters to the New-ADUser command which creates our new account in Active Directory.

New-ADUser -SamAccountName "john.williams" -UserPrincipalName "john.williams@sharepoint.local" -Name "John Williams" -DisplayName "John Williams" -GivenName "John" -SurName "Williams" -Title "CEO" -Department "Executive" -Path "OU=Test Users,DC=sharepoint,DC=local" -AccountPassword (ConvertTo-SecureString "test41;" -AsPlainText -force) -Enabled $True -PasswordNeverExpires $True -PassThru

The New-ADUser commandlet has a lot of options.  Only a few are required but we need to specify a few more so that when these accounts are imported into the profile store all fields are fully populated.  Some of the information may seem redundant but it has to be set.  When you create a new user through the Active Directory Users and Computers MMC snapin, it takes care of a lot of these defaults for you.  When you create an account with PowerShell though, you have to set it yourself.

Let’s look at the parameters now.  SamAccountName is the traditional NT4 login name that you have come to think of.  When logging in with a DOMAIN\USERNAME, it is the USERNAME.  UserPrincipalName is not required but it is the Windows 2000 style login that looks like an E-mail address.  Name is required and this is the name of the actual object in Active Directory (typically the user’s full name).  DisplayName is optional but it should be specified because the User Profile Store in SharePoint uses it.  If you don’t set the Display Name, none of your imported users in SharePoint will show a name.  Many of the other parameters correspond to property names in Active Directory.  GivenName is the first name.  SurName is the last name.  AccountPassword is the user’s password and has to be specified using the CovnertTo-SecureString commandlet.  In this case I am using the password test41;

You might have noticed I skipped a few parameters.  The rest really are completely optional.  I just specified them because I want them to show up in People Search.  This includes Title, Department, and Manager.  I want my test users in a specific OU in my Active Directory, so I specify the path in LDAP notation with the Path parameter.  Lastly, you need to enable the account with the Enabled parameter and for test accounts I recommend using PasswordNeverExpires

If you want more information on how to use New-ADUser, don’t forget you can use the Get-Help commandlet like this:

Get-Help New-ADUser

Now we’ll look at my CSV file.   Here is what mine looks like.  I simply started at the top of the org chart and added the users down the tree.

SamAccountName,Name,GivenName,SurName,Title,Department,Manager
christina.murphy,Christina Murphy,Christina,Murphy,CFO,Accounting,john.williams
frank.alcock,Frank Alcock,Frank,Alcock,CIO,Information Technology,john.williams
anna.stevenson,Anna Stevenson,Anna,Stevenson,Chief Legal Counsel,Legal,john.williams
joy.williams,Joy Williams,Joy,Williams,Director,Human Resources,john.williams
craig.johnson,Craig Johnson,Craig,Johnson,Accountant,Accounts Receivable,christina.murphy
jennifer.evans,Jennifer Evans,Jennifer,Evans,Accountant,Accounts Payable,christina.murphy
michael.adams,Michael Adams,Michael,Adams,IT Director,Information Technology,frank.alcock
chris.white,Chris White,Chris,White,Administrator,Help Desk,michael.adams
binh.le,Binh Le,Binh,Le,Technician,Help Desk,chris.white
paul.smith,Paul Smith,Paul,Smith,Director of Application Development,Application Development,frank.alcock
jose.cuervo,Jose Cuervo,Jose,Cuervo,Developer,Application Development,paul.smith
preet.ramakrishnan,Preet Ramakrishnan,Preet,Ramakrishnan,Junior Programmer,Application Development,paul.smith
richard.jackson,Richard Jackson,Richard,Jackson,Team Lead,Application Development,paul.smith

The way PowerShell can read CSV files is quite cool.  It automatically recognizes the header columns in the document and assigns them to variables that you can use with $_.  For example, the name column in the CSV file can be accessed with $_.name.  If you want to set other properties on AD user accounts, you can simply add them to your CSV file and set them later on your PowerShell command.  To import the CSV file into PowerShell, use the Import-Csv command.

Import-Csv .\users.csv

Executing this command by itself will display what it read from your file so that you can verify everything looks correct.  Here is what it looks like.

PowerShellImportCsv

If you are happy the way it looks.  We can then go to the next step by using the foreach-object command to create a new user for each row it found in the CSV file.  I’ll show what the rest of the script (contained in a .ps1 file) looks like and then I’ll explain what is going on.

Import-Csv .\users.csv | foreach-object {
$userprinicpalname = $_.SamAccountName + "@sharepoint.local"
New-ADUser -SamAccountName $_.SamAccountName -UserPrincipalName $userprinicpalname -Name $_.name -DisplayName $_.name -GivenName $_.GivenName -SurName $_.SurName -Manager $_.Manager –Title $_.Title -Department $_.Department -Path "OU=Test Users,DC=sharepoint,DC=local" -AccountPassword (ConvertTo-SecureString "test41;" -AsPlainText -force) -Enabled $True -PasswordNeverExpires $True -PassThru }

We start by doing the import and then piping its output to the foreach-object command.  Remember, when the .csv is imported the names of the columns (specified in the first row of the CSV automatically become variables that can be access with $_.  For example to get the user’s department I would do $_.Department.   As I mentioned above, I wanted to set the user principal name so I create this name by concatenating my domain name @sharepoint.local to the name of the SamAccountName specified in the .CSV file.  I then pass each variable to the corresponding parameters as you see above.  It executes this once for each row in the file until all my accounts are created.

That’s really all there is to it.  Save your script as a .ps1 file and execute it in PowerShell.  If all goes well, you should see a screen that is similar to the one below.

PowerShellImportUsers2

When building your own user import file, remember that if you are setting the manager property, that the manager’s account has to exist in Active Directory before you set that property on employee accounts.  I hope this PowerShell information is useful.  Feel free to use my fictitious employees.  If you add some to the list, feel free to share them. :-)

UPDATE: Found a bug in my script.  I left out the title.

Comments

# Twitter Trackbacks for Using PowerShell to import test users into Active Directory - Corey Roth - DotNetMafia.com - Tip of the Day [dotnetmafia.com] on Topsy.com

Pingback from  Twitter Trackbacks for                 Using PowerShell to import test users into Active Directory - Corey Roth - DotNetMafia.com - Tip of the Day         [dotnetmafia.com]        on Topsy.com

# re: Using PowerShell to import test users into Active Directory

Saturday, July 24, 2010 6:54 PM by Fabian Williams

really good post mate

Leave a Comment

(required) 
(required) 
(optional)
(required)