This script will create users in Active Directory based on the settings in the input file (see the Excel / CSV file below this script for an example of the input file used). These settings can, of course, be changed or extended (check this Microsoft Technet Link to get an over.
Author:HicanNL
###########################################################
# AUTHOR : Marius / Hican - http://www.hican.nl - @hicannl
# DATE : 26-04-2012
# EDIT : 07-08-2014
# COMMENT : This script creates new Active Directory users,
# including different kind of properties, based
# on an input_create_ad_users.csv.
# VERSION : 1.3
###########################################################
# CHANGELOG
# Version 1.2: 15-04-2014 - Changed the code for better
# - Added better Error Handling and Reporting.
# - Changed input file with more logical headers.
# - Added functionality for account Enabled,
# PasswordNeverExpires, ProfilePath, ScriptPath,
# HomeDirectory and HomeDrive
# - Added the option to move every user to a different OU.
# Version 1.3: 08-07-2014
# - Added functionality for ProxyAddresses
# ERROR REPORTING ALL
Set-StrictMode -Version latest
#----------------------------------------------------------
# LOAD ASSEMBLIES AND MODULES
#----------------------------------------------------------
Try
{
Import-Module ActiveDirectory -ErrorAction Stop
}
Catch
{
Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
Exit 1
}
#----------------------------------------------------------
#STATIC VARIABLES
#----------------------------------------------------------
$path = Split-Path -parent $MyInvocation.MyCommand.Definition
$newpath = $path + "\import_create_ad_users.csv"
$log = $path + "\create_ad_users.log"
$date = Get-Date
$addn = (Get-ADDomain).DistinguishedName
$dnsroot = (Get-ADDomain).DNSRoot
$i = 1
#----------------------------------------------------------
#START FUNCTIONS
#----------------------------------------------------------
Function Start-Commands
{
Create-Users
}
Function Create-Users
{
"Processing started (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
Import-CSV $newpath | ForEach-Object {
If (($_.Implement.ToLower()) -eq "yes")
{
If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq ""))
{
Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n"
"[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append
}
Else
{
# Set the target OU
$location = $_.TargetOU + ",$($addn)"
# Set the Enabled and PasswordNeverExpires properties
If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
# A check for the country, because those were full names and need
# to be land codes in order for AD to accept them. I used Netherlands
# as example
If($_.Country -eq "Netherlands")
{
$_.Country = "NL"
}
Else
{
$_.Country = "EN"
}
# Replace dots / points (.) in names, because AD will error when a
# name ends with a dot (and it looks cleaner as well)
$replace = $_.Lastname.Replace(".","")
If($replace.length -lt 4)
{
$lastname = $replace
}
Else
{
$lastname = $replace.substring(0,4)
}
# Create sAMAccountName according to this 'naming convention':
# <FirstLetterInitials><FirstFourLettersLastName> for example
# htehp
$sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower()
Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
Catch { }
If(!$exists)
{
# Set all variables according to the table names in the Excel
# sheet / import CSV. The names can differ in every project, but
# if the names change, make sure to change it below as well.
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
Try
{
Write-Host "[INFO]`t Creating user : $($sam)"
"[INFO]`t Creating user : $($sam)" | Out-File $log -append
New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials `
-Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) `
-Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail `
-StreetAddress $_.StreetAddress -City $_.City -State $_.State `
-PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
-Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID `
-Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager
#[SNAP]DOWNLOAD THE SCRIPT FOR THE REST OF THE CODE[/SNAP]
}
"--------------------------------------------" + "`r`n" | Out-File $log -append
}
Write-Host "STARTED SCRIPT`r`n"
Start-Commands
Write-Host "STOPPED SCRIPT"
# AUTHOR : Marius / Hican - http://www.hican.nl - @hicannl
# DATE : 26-04-2012
# EDIT : 07-08-2014
# COMMENT : This script creates new Active Directory users,
# including different kind of properties, based
# on an input_create_ad_users.csv.
# VERSION : 1.3
###########################################################
# CHANGELOG
# Version 1.2: 15-04-2014 - Changed the code for better
# - Added better Error Handling and Reporting.
# - Changed input file with more logical headers.
# - Added functionality for account Enabled,
# PasswordNeverExpires, ProfilePath, ScriptPath,
# HomeDirectory and HomeDrive
# - Added the option to move every user to a different OU.
# Version 1.3: 08-07-2014
# - Added functionality for ProxyAddresses
# ERROR REPORTING ALL
Set-StrictMode -Version latest
#----------------------------------------------------------
# LOAD ASSEMBLIES AND MODULES
#----------------------------------------------------------
Try
{
Import-Module ActiveDirectory -ErrorAction Stop
}
Catch
{
Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
Exit 1
}
#----------------------------------------------------------
#STATIC VARIABLES
#----------------------------------------------------------
$path = Split-Path -parent $MyInvocation.MyCommand.Definition
$newpath = $path + "\import_create_ad_users.csv"
$log = $path + "\create_ad_users.log"
$date = Get-Date
$addn = (Get-ADDomain).DistinguishedName
$dnsroot = (Get-ADDomain).DNSRoot
$i = 1
#----------------------------------------------------------
#START FUNCTIONS
#----------------------------------------------------------
Function Start-Commands
{
Create-Users
}
Function Create-Users
{
"Processing started (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
Import-CSV $newpath | ForEach-Object {
If (($_.Implement.ToLower()) -eq "yes")
{
If (($_.GivenName -eq "") -Or ($_.LastName -eq "") -Or ($_.Initials -eq ""))
{
Write-Host "[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n"
"[ERROR]`t Please provide valid GivenName, LastName and Initials. Processing skipped for line $($i)`r`n" | Out-File $log -append
}
Else
{
# Set the target OU
$location = $_.TargetOU + ",$($addn)"
# Set the Enabled and PasswordNeverExpires properties
If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
# A check for the country, because those were full names and need
# to be land codes in order for AD to accept them. I used Netherlands
# as example
If($_.Country -eq "Netherlands")
{
$_.Country = "NL"
}
Else
{
$_.Country = "EN"
}
# Replace dots / points (.) in names, because AD will error when a
# name ends with a dot (and it looks cleaner as well)
$replace = $_.Lastname.Replace(".","")
If($replace.length -lt 4)
{
$lastname = $replace
}
Else
{
$lastname = $replace.substring(0,4)
}
# Create sAMAccountName according to this 'naming convention':
# <FirstLetterInitials><FirstFourLettersLastName> for example
# htehp
$sam = $_.Initials.substring(0,1).ToLower() + $lastname.ToLower()
Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" }
Catch { }
If(!$exists)
{
# Set all variables according to the table names in the Excel
# sheet / import CSV. The names can differ in every project, but
# if the names change, make sure to change it below as well.
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
Try
{
Write-Host "[INFO]`t Creating user : $($sam)"
"[INFO]`t Creating user : $($sam)" | Out-File $log -append
New-ADUser $sam -GivenName $_.GivenName -Initials $_.Initials `
-Surname $_.LastName -DisplayName ($_.LastName + "," + $_.Initials + " " + $_.GivenName) `
-Office $_.OfficeName -Description $_.Description -EmailAddress $_.Mail `
-StreetAddress $_.StreetAddress -City $_.City -State $_.State `
-PostalCode $_.PostalCode -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
-Company $_.Company -Department $_.Department -EmployeeID $_.EmployeeID `
-Title $_.Title -OfficePhone $_.Phone -AccountPassword $setpass -Manager $_.Manager
#[SNAP]DOWNLOAD THE SCRIPT FOR THE REST OF THE CODE[/SNAP]
}
"--------------------------------------------" + "`r`n" | Out-File $log -append
}
Write-Host "STARTED SCRIPT`r`n"
Start-Commands
Write-Host "STOPPED SCRIPT"
0 Comments