Create

This topic contains 4 replies, has 3 voices, and was last updated by Russell Smith Russell Smith 4 days, 12 hours ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    makavelli12
    Participant
    #626706

    Hi All,

    Wonder if someone can help me here.

    What I am basically trying to do is to create multiple user accounts from an existing user account, with the group membership, and settings of the account.

    For example, the exiting user account is “TestUser1”, and is a member of the following groups: Domain Users, Workstation Users, Home Users

    The account has the settings the password cannot be changed and the password does not expire.

    As I have approx 30 User Accounts to create, I would like to use Powershell to do this for me.

    Whilst I am a newbie Powershell scripter, I came across this script from the Manning website:

    https://www.manning.com/books/learn-active-directory-management-in-a-month-of-lunches

    $secpass = Read-Host “Password” -AsSecureString
    $user = Get-ADUser -Identity jgreen -Properties memberof, office
    New-ADUser -Name “GREEN Bill” -SamAccountName bgreen
    -UserPrincipalName “[email protected]
    -AccountPassword $secpass -Path “cn=Users,dc=Manticore,dc=org”
    -Enabled:$true -Instance $user

    and adapted it to my use for testing the creation of a single user account:

    $secpass = Read-Host “Password” -AsSecureString
    $user = Get-ADUser -Identity TestUser1 -Properties memberof
    New-ADUser -Name “TestUser2” -SamAccountName testuser2
    -UserPrincipalName “[email protected]
    -AccountPassword $secpass -Path “cn=Users,dc=localtest,dc=net”
    -Enabled:$true -Instance $user

    When I try the script the account is created, but it does not assign the group memberships and the display name is also missing. So am working if someone with expert knowledge could advise me how I can do the following:

    1. Get the group membership working
    2. Set the Displayname to be testuser2
    3. Set the password cannot be changed
    4. Set the password does not expire

    If there is a way to do this for the 30 user accounts via a CSV file this would be even better.

    Hope this makes sense, and someone can advise.

    Thanks.

    Mak

    Avatar
    Ossian
    Moderator
    #626724

    From a quick look, your New-ADUser does not seem to use any properties of the existing user

    See if the fragments here help at all:
    https://mcpmag.com/articles/2018/12/03/using-powershell-to-copy-ad-users.aspx

    Avatar
    makavelli12
    Participant
    #626726

    Thanks Ossian,

    I saw this earlier this morning and am playing around with the properties at the moment to see if it works.

    Any ideas how I can do this using a CSV file?

    Thanks,

    Mak

    Avatar
    makavelli12
    Participant
    #626730

    So after trawling through the net and doing some trial & error, I was able to use the following command to create a single account:

    $secpass = ConvertTo-SecureString -String “Passw$rd” -AsPlainText -Force
    New-ADUser -Name “Testuser2” -GivenName “Testuser2” -SamAccountName Testuser2 -UserPrincipalName “[email protected]” -DisplayName “Testuser2” -CannotChangePassword:$true -PasswordNeverExpires:$true -AccountPassword $secpass -Path “cn=Users,dc=localtest,dc=net” -Enabled:$true

    This does most of what I need except for the group memberships, which I used the following command:

    Add-ADGroupMember -Identity “Workstation Users” -Members @(“Testuser2”,”Testuser3)

    Again this works fine, but now I would like to use a csv file which contains the password and username for all the users I need to create, and give them the group memberships

    Any advise would be appreciate.

    Thanks,

    Mak

    Russell Smith
    Russell Smith
    Participant
    #627216

    Look at the information here. You should be able to adapt this method for your needs. https://www.petri.com/create-new-active-directory-users-excel-powershell

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.