For all of you who need some powershell skills this post is about getting started with Powershell with a simple sample on how to import users from a Excel spreadsheet to Active Directory to a specific OU.

First you need to start a powershell session and you need to load all required modules. There is a module for Active Directory that you need to load using the command import-module. This command loads the specified module in your active powershell session.

Modules are packets of different elements including cmdlets, scripts, functions, variables and other tools and files. After importing a module you're able to use them within your session. In this sample here for example you're able to use New-ADUser which is part of the Active Directory module.

The final command looks like this: Import-Module ActiveDirectory

So after that you need to load the CSV file (comma separeted file). The file itself looks like this (the first row keeps the columns name, which is important as this is will be the source of variable names within the script)

LastName,FirstName,Email,Standard Title,Group

Huber,Andreas,ahuber,Consultant,Group1

Mueller,Wolfgang,wmueller,Senior Consultant,Group2

Bauer,Michael ,mbauer,Consultant,Group2

To load the file enter this command:

Import-CSV filename.csv

After that you can use a general functionality called piping to push the result of the last command to the next command as an input. For that we are using the | and add the next command to it. So we are now going to iterate over all the rows in the file and for each row we are going to create a new AD user account.

The following construct will explain it a little better:

import-csv Userliste2.csv | foreach {}

Within the brakets you're able to create more commands that will be executed for each row within the file. The creation of AD accounts will be done by New-ADUser from the Active Directory module, which we loaded before.

Sample:

New-ADUser -Surname “Rynes” -Name “Andreas Rynes” -SamAccountName “arynes” -GivenName “Andreas” -DisplayName “Andreas Rynes” -UserPrincipalName “arynes@microsoft.com” -AccountPassword (ConvertTo-SecureString -AsPlainText "pass@word1" -Force) -Enabled $true -Path "CN=Users,DC=dcsat,DC=global" -PasswordNeverExpires $false -ChangePasswordAtLogon $true

Now with that sample we see all the hardcoded values to create a new AD account. The command exists of a couple of parameters, which follows a general syntax within Powershell:

-[name of parameter] value

The name is part of the command within the module, the value itself needs to be defined during the execution. In case you need help for a specific account you're always able to use the Get-Help method to get detailed information about the command and its parameters.

Get-Help New-ADUser

This will list all options that are available for New-ADUser. There are a couple of other ways to get even more help, for example using Get-Help New-ADUser –examples will give you examples on how to use the command.

Das gesamte Skript für unsere Aufgabe sieht letztendlich dann wie folgt aus und muss für den Eigenbedarf natürlich angepasst werden, z.B. Spaltennamen innerhalb des CSV Files und die OU in dem die User angelegt werden (im Parameter Path):

import-module ActiveDirectory

import-csv Userliste.csv | foreach {

$Name = $_.Vorname + " " + $_.Nachname

$princ = $_.email + "@microsoft.com"

New-ADUser -Surname $_.Nachname -Name $Name -SamAccountName $_.email.ToLower() -GivenName $_.Vorname -DisplayName $Name -UserPrincipalName $princ -AccountPassword (ConvertTo-SecureString -AsPlainText "pass@word1" -Force) -Enabled $true -Path "CN=Users,DC=microsoft,DC=com" -PasswordNeverExpires $false -ChangePasswordAtLogon $true

}

Wie man außerdem im gesamten Skript sieht werden auch noch 2 Variablen definiert, die Vorname und Nachname mit einem Blank zur Variablen $Name vereinen. Des Weiteren wird auch noch der UserPrincipalName aus der Spalte „email“ und dem fixen Wert „@microsoft.com“ zusammengebaut. Diese beiden Variablen werden dann im New-ADUser verwendet um 2 Parameter zu befüllen.

Das Skript kann auch in ein Textfile mit der Endung ps1 gespeichert werden und als solches innerhalb der Powershell ausgeführt werden.

Eine Einführung zu Powershell und ein paar weiterführende Informationen finden sich hier:

http://technet.microsoft.com/de-de/scriptcenter/dd742419

http://technet.microsoft.com/de-de/library/dd347730.aspx