Scenario / Questions

I am constantly setting up research and development environments that require active directory accounts. Since we place these environments in isloated networks each environment needs its own active directory. How can I create a new active directory account using powershell.

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

I’m not sure if you are looking for a script that will take a list of names, passwords, etc, but the following command works to create one new user. UserPrincipalName is optional. In this case, email is not used.

New-ADUser -SamAccountName nnn2 -Name "nnn2" -UserPrincipalName nnn2@jj -AccountPassword (ConvertTo-SecureString -AsPlainText "somePassword" -Force) -Enabled $true -PasswordNeverExpires $true -Path 'CN=Users,DC=jjdomain,DC=net'

If you wish to create a user in a trusted domain, add -server dns.domain to above command

Suggestion: 2

I would recommend investigating Quest’s AD cmdlets:

A new AD user would be:

new-QADUser -name 'user1' -ParentContainer 'OU=companyOU,DC=company,DC=com' -samAccountName 'user1' -UserPassword 'P@ssword'

However, for ‘pure’ Powershell, Shay’s suggestion of Idera’s scripts would save you using additional cmdlets. Mind you, if you are to go to the trouble of downloading the scripts you might as well download the Quest cmdlets.

Suggestion: 3

I took Brad’s answer above and added a bit more detail below (thanks Brad for getting me thinking in this direction):

Input CSV file:

Joe Smith,Joe,Smith,jsmith,Joe Smith,
Susan Johnson,Susan,Johnson,sjohnson,Susan Johnson,


$inputFile = Import-CSV  <insert filepath here>

foreach($line in $inputFile)
    ## need to add quotes around DSN        
    $dsn = "`"cn="+$",ou=userou,dc=domain,dc=com`""
    $samid = $line.sAMAccountName
    $ln = $
    $fn = $line.givenname
    $dn = $line.displayname
    ## need to add quotes around display name
    $dn2 = "`"$dn`""
    $upn = $line.UserPrincipalName

    cmd /c "dsadd user $dsn -samid $samid -ln $ln -fn $fn -display $dn2
    -upn $upn -mustchpwd yes -pwd TempP@assw0rd"

    write-host `n

Good luck!

Suggestion: 4

if you’re just setting up the same users on different networks/domains, a plain old .cmd file should do the trick. Just issue calls to the dsadd command for each user.

a call to dsadd or dsmod would work in the middle of a powershell script as well. you could even have a CSV file of username/passwords which you could import with a powershell script and loop through each line with a call to dsadd or dsmod like this:

$inputFile = Import-CSV  <insert filepath here>

foreach($line in $inputFile)
    dsadd user -samid $line.Username -pwd $line.Password

The ds commands (dsadd, dsmod, etc) get installed with the active directory role, so they’re available once you have AD up and running.