Subscribe to Windows IT Pro
August 27, 2008 12:00 AM

Managing AD User Accounts with PowerShell

Use free AD cmdlets to find, report on, create, and modify user accounts
Lost Viking Lost Viking
Windows IT Pro
InstantDoc ID #99760
Rating: (3)

Creating User Accounts
Many systems administrators would probably like an effortless way to create user accounts for newly hired employees. After all, who wants to repeatedly perform this routine task each time HR hires a new employee? To automate this task, you can use the New-QADUser cmdlet. For example, the command 

New-QADUser -Name dsotnikov
  -ParentContainer quest.com/users
  -UserPassword 'P@ssw0rd'
creates a new user account named dsotnikov in the quest.com/users container. Although -Name and -ParentContainer are the only two mandatory parameters for the New-QADUser cmdlet, the account will be created disabled unless you also specify a password with New-QADUser’s -UserPassword parameter. Alternatively, you can set a password later by using the Set- QADUser cmdlet and enable the account with the Enable-QADUser cmdlet.

If you want to create a user account that has more attributes set, you can specify them in a New-QADUser command such as 

New-QADUser -Name 'Dmitry Sotnikov'
  -ParentContainer quest.com/users
  -DisplayName 'Dmitry Sotnikov'
  -UserPassword 'P@ssw0rd'
  -sAMAccountName dsotnikov
  -FirstName Dmitry
  -LastName Sotnikov |
  Set-QADUser
  -UserMustChangePassword $true
At the end of this command, note how the new user object is piped to the Set-QADUser cmdlet and its -UserMustChangePassword parameter is set to $true ($true and $false are the Power- Shell way of expressing the corresponding Boolean values). This part of the command makes sure that the user is asked to reset the password at the first logon.

Now, typing all that information isn’t exactly quick and painless, especially if you need to create many user accounts. Fortunately, PowerShell comes with commaseparated value (CSV) file support. The Import-CSV cmdlet opens a CSV file and assumes the first row in the file has the names of the object properties that are listed in subsequent rows.

If the CSV file’s column names coincide with the names of the New-QADUser parameters, like in the following sample file 

Name,sAMAccountName,UserPassword
First User,FUser,P@ssw0rd
Second User,SUser,P@ssword
you can simply pipe the CSV file’s contents to New-QADUser. You just need to use the 
Import parameter, as in
  Import-CSV 'C:\provision.csv' |
  New-QADUser -Import
  -ParentContainer quest.com/users
  -City Columbus
As this example shows, you can add other parameters (in this case, -ParentContainer and -City) to the New-QADUser cmdlet.

With this setup, you can tell HR to put the information about new employees in a CSV file in an agreed-on location and you can schedule a command like the one just given to run daily. Because you won’t have to manually create those accounts anymore, you’ll have more time for other administrative tasks.

If you want to try the New-QADUser cmdlet in a test environment, you can use the command 

1..500 | ForEach-Object {
  New-QADUser
  -ParentContainer quest.test/test
  -Name "testuser$_"
  -SamAccountName "testuser$_"
  -UserPrincipalName
  "testuser$_@example.com"
  -FirstName "testUser$_"
  -LastName "example$_"
  -UserPassword "P@ssword@_$_"
}
to quickly create 500 test user accounts with unique attributes. This code uses Power- Shell’s range operator (..) to get a collection of 500 numbers (1 through 500). The collection is piped to the ForEach-Object cmdlet, which cycles though the collection, putting each number inside the various parameters’ string values so that, for example, testuser$_ becomes testuser1 in the first loop, testuser2 in the second loop, testuser3 in the third loop, and so on. Note the use of the double quotes around the string values. The double quotes tell PowerShell to automatically evaluate the $_ variable inside the strings. (If you’re unfamiliar with the $_ variable, see “PowerShell 101, Lesson 2.") Using single quotes won’t work.

Easily Manage User Accounts and a Lot More
As you can see, ActiveRoles Management Shell for Active Directory contains many cmdlets that you can use to manage user accounts. It also contains many more cmdlets. Version 1.1 has 40 cmdlets for managing not only users but also groups, group memberships, computers, permissions, Windows Server 2008 fine-grained password policies, and more. To see the full list of cmdlets and what they do, you can download the “ActiveRoles Management Shell for Active Directory - Administrator’s Guide” from www.quest.com/powershell/activerolesserver. aspx or visit the online reference at wiki.powergui.org/index.php/QAD_ cmdlets_reference.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Dmitry
    4 years ago
    Sep 24, 2008

    Wi!!y,

    It is hard to tell what exactly is happening in your environment based on the information you posted.

    What I would recommend you do is go to the Active Directory and PowerShell discussion forum at http://powergui.org/forum.jspa?forumID=173 and post the exact command you are using and the error you are getting there.

    Dmitry

  • ashok
    4 years ago
    Sep 18, 2008

    Check out our list of Free Email Newsletters!

  • WILLIAM
    4 years ago
    Sep 17, 2008

    When I try to use the New-QADUser command I receive a constraint error. Does anyone know why?

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.