I had a project that required me to make over 40 domain accounts. I decided that it was time to create all the domain accounts with a Powershell script. The script I came up with uses an import csv file with all the accounts and info I needed in it. Make sure you take the time to plan a naming convention for your AD accounts. In this case, they were a type of service account for many different environments. To keep it quick, I decided to not auto-gen the passwords so I simply put them in the csv file and removed them when I was done. Well, it took me a day or so to figure out my script to create ad accounts because I had problems…

My troubleshooting was a bit flawed but I didn’t know it until the very end (After running for all the users). I was having problems with the script ending in error . This is a very generic error. I knew that my accounts had spaces in them for $GivenName $Surname and $Name. So, I went through the trouble making sure that my variable properties with spaces had “” around them. Yes, that’s a pair of double quotes. My Display name I wanted to use had GivenName and Surname in it with a space. So it looks like this: Displayname = ($User.”GivenName”+” “+$User.”Surname”). The quotes around “GivenName” allowed me to use two names in the GivenName column of the .csv file and the same for “Surname”. This way I can create an account that looks like: First Second Third Forth. In other words, my “GivenName” in my CSV was First Second so I had to put “” around it in the script so it would read it as one word. What I missed is after everything was put together, the fields were over 20 characters. Well, the limit on Windows 2008 Account “Names” is 20 characters. Until I ran my script and found that it didn’t create about 1/2 of them, I started analyzing the .csv file to figure out why it didn’t work. I found out that the ones that didn’t get created are the ones that were over 20 characters.

Here is the script. You will notice that I’ve got a comment in the script for the .csv file’s header fields. You can add to them or remove as needed. I think it’s easier to view the powershell references on Microsoft’s site. Here is the link to Set-ADUser cmdlet: http://technet.microsoft.com/en-us/library/ee617215.aspx. For each property, you need it in the script and in the .csv file. If there are special characters or spaces. Remember to use the “” around it in the script. Also, make sure you are not exceeding the field length in AD for each property. The sAMAccountName (pre-Windows 2000 logon name) is limited to 20 characters for user objects. This is what got me a few times 🙁

Let me know if you need anything below explained! I’ll answer all comments on this the same day if I can.

# REQUIRE DA ACCOUNT  
if (! ($ENV:USERNAME).ToUpper().EndsWith("ADM"))
{
	throw "SCRIPT MUST BE RUN WITH ADMIN ACCOUNT"
}
 
# IMPORTING AD MODULE
if (! @(get-module -name ActiveDirectory).count) 
{
	import-module ActiveDirectory
}
 
# GETTING USERS FROM CSV FILE
 
### NOTE: The Account Column CAN NOT be more than 20 characters or it will fail on them!
 
$Users = Import-CSV C:\CreateADUsers.csv 
# columns are: GivenName,Surname,Name,Account,Password,Department,Description
 
 
# CREATING USERS
# If you don't have two word attributes, you can remove some of the "" below after the $User.
foreach($User in $Users)
{
	$Params = @{
		SamAccountName = $User.Account
		Name = $User."Name"
		GivenName = $User."GivenName"
		Surname = $User."Surname"
		Displayname = ($User."GivenName"+" "+$User."Surname")
		UserPrincipalName = ($User.Account+"@domain.com")
		Department = $User."Department"
		Description = $User."Description"
		Path = "OU=Your OU,DC=domain,DC=com"
		PasswordNeverExpires = $true
		AccountPassword = (ConvertTo-SecureString $User.Password -AsPlainText -Force)
		Enabled = $true
	}
	new-ADUser @Params
}

I’m a seasoned Systems Administrator with experience starting in the early 90’s when 286 computers with 20 and 30 Mhz processors running Windows 3.1 which was the newest operating system.

…and that’s the way Ed does it 🙂 — Thanks Scott J. for that 🙂