The Intro
Tired of always trying to remember which fields you need to enter in AD and clicking through all the different tabs to fill them out? Or need consistency on how the AD fields are filled out from all techs? Or need HR to fill out the fields they know, then you just add the “IT” fields? This little script is for you. I’ll walk you through each step of the way, and if you have any questions feel free to reach out.
The Prep
- Find the fields you want to include in your template
- I recommend finding an already created user(or create one) who fits the template you want to use – and screenshot those fields to start with. As you can see below the field names don’t always match up with the exported headers.
- Export that User to CSV to see how they are entered
$ADUserInfo = Read-Host "Enter user name for all information"
$FileName = Read-Host "Template name"
Get-ADUser $ADUserInfo -Properties * | Select-Object * | Export-Csv ".\$FileName.csv" -NoTypeInformation
Read-Host -Prompt "Press Enter to exit"
Note This will export all fields associated with this user, and there will be many you do not use.
- Create a CSV (Named NewHire-Template.csv) with the header names of the fields you want to populate
- I’d recommend copying and pasting the header fields from your export to make sure there are no spelling errors. Placement of the fields doesn’t matter, but I’d keep them in logical order for readability. (See Figure 1.1)
- Input test user information
- Fill out the fields test user’s information then save. (See Figure 1.2)
The Script
- Open up your favorite Powershell editor(I’m using VSCode which I’d highly recommend)
- Create a file name “Add-ADUserCSVTemplate.ps1”
- First we need to make sure we have the ActiveDirectory Module
#Import active directory module for running AD cmdlets
Import-Module ActiveDirectory
- Import the users information from the CSV you created earlier NewHire-Template.csv – Feel free to change the location if needed
#Store the data from NewHire-Template.csv in the $ADUsers variable
$ADUsers = Import-Csv "C:\scripts\NewHire-Template.csv"
- Define your UserPrincipleName, this will be your email domain
# Define Domain
$Domain = "yourdomain.com"
- Now we will match the CSV Headers with the AD Attributes and import them in for each user.
# Loop through each row containing user details in the CSV file
foreach ($User in $ADUsers) {
#Read user data from each field in each row and assign the data to a variable as below
$username = $User.UserName
$password = $User.password
$firstname = $User.firstname
$lastname = $User.lastname
$initials = $User.initials
$OU = $User.ou #This field refers to the OU the user account is to be created in
$email = $User.email
$streetaddress = $User.streetaddress
$city = $User.city
$zipcode = $User.postalcode
$state = $User.state
$telephone = $User.officephone
$mobilephone = $User.mobilephone
$jobtitle = $User.jobtitle
$company = $User.company
$department = $User.department
$homepage = $User.website
$HomeDirectory = $User.HomeDirectory
$HomeDrive = $User.HomeDrive
$ScriptPath = $User.LogonScript
$mailnickname = $User.mailnickname
Note The $User.xxxxx is the field that will be pulling from the csv, so you can name those csv headers whatever you want, but make sure it matches here and it will pull it into the corresponding variable.
- Lets check to make sure the user isn’t already there – This searches for the username as the SamAccountName and if it exists state it already exists
# Check to see if the user already exists in AD
if (Get-ADUser -F { SamAccountName -eq $username }) {
# If user does exist, give a warning
Write-Warning "A user account with username $username already exists in Active Directory."
}
- If user hasn’t been created, use the below information
else {
$newUserParams = @{
GivenName = $firstname
Surname = $lastname
Name = "$firstname $lastname"
DisplayName = "$firstname $lastname"
Initials = $initials
SamAccountName = $username
UserPrincipalName = "$username@$Domain"
EmailAddress = $email
Title = $jobtitle
StreetAddress = $streetaddress
City = $city
State = $state
PostalCode = $zipcode
Country = $country
Company = $company
OfficePhone = $telephone
MobilePhone = $mobilephone
Path = $OU
HomePage = $HomePage
Department = $department
HomeDirectory = $HomeDirectory
HomeDrive = $HomeDrive
Enabled = $True
}
- Create new user while not sending the password in plain text
# Account will be created in the OU provided by the $OU variable read from the CSV file
New-ADUser @newUserParams -AccountPassword (ConvertTo-secureString $password -AsPlainText -Force)
- Once user is created set the mailnickname and login script fields. I haven’t found an easy way to put it in the above parameters so that is why I have it seperated out here. Also in our environment we have to set mailnickname or hiding a user from the addressbook won’t work.
#Sets Mailnickname and Logon Script
Set-ADUser -identity $username -Replace @{mailnickname="$mailnickname"; ScriptPath="$scriptpath"}
- Now that we have all of the standard information and the new user is created, display that the user is created
# If user is created, show message.
Write-Host "The user account $username is created." -ForegroundColor Cyan
}
}
- Then I like to put a pause at the end so I can see what was created and can exit when I want to
Read-Host -Prompt "Press Enter to exit"
Conclusion
You did it! You created your first script to import bulk users into AD in there correct OU with all fields filled out. Now you or your colleagues do not have to guess what fields need to be filled out. Feel free to add/remove fields for your organization. What I would recommend if you have multiple OUs and locations is to create a CSV or if you have documentation for each role and copy the AD field information for that user so you don’t have to keep typing it. Eventually, I’ll have it automatically input from just typing in a number that is associated for that OU and for that location. If you only have one location, you could pre set that location and not need to put it into the CSV. Once that script is created, I’ll be sure to share.
Next Steps
A few ideas you could add besides the couple I just mentioned
- Add to security groups
- Add to distribution groups
- Email HR that the email is ready
- Add licensing
- Trigger next step in the process
Hope this was helpful and makes your life easier! Let me what you think and how you changed it!