Bulk populate an AD using a CSV file and New-ADUser, including Passwords - Microsoft Exchange pour Tous V2 - Microsoft Exchange made simple - Site Home - TechNet Blogs

Microsoft Exchange pour Tous V2 - Microsoft Exchange made simple

Nouveautés, principes, évolution, trucs et astuces - News, principles, evolution, tips and tricks

Bulk populate an AD using a CSV file and New-ADUser, including Passwords

Bulk populate an AD using a CSV file and New-ADUser, including Passwords

  • Comments 8
  • Likes

Problem : New-ADUser is not working as expected to populate a password coming from a CSV file (the account stays disabled) here is the example and the reason:

Prerequisites: Import the Active Directory module on your powershell session using Import-Module ActiveDirectory

 

 

Here is my BulkAddADUsers.csv file sample :

 

GivenNAme,Surname,Name,SamAccountNAme,Description,Department,EmployeeID,Path,Enabled,Password,PasswordNeverExpires
User,Test1,UserTest1,UserTest1,UserTest1,IT,189478,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test2,UserTest2,UserTest2,UserTest2,IT,187516,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test3,UserTest3,UserTest3,UserTest3,IT,134530,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test4,UserTest4,UserTest4,UserTest4,IT,162455,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test5,UserTest5,UserTest5,UserTest5,IT,121901,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test6,UserTest6,UserTest6,UserTest6,IT,170221,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test7,UserTest7,UserTest7,UserTest7,IT,128669,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test8,UserTest8,UserTest8,UserTest8,IT,108705,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test9,UserTest9,UserTest9,UserTest9,IT,106381,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test10,UserTest10,UserTest10,UserTest10,IT,193922,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test11,UserTest11,UserTest11,UserTest11,IT,174066,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test12,UserTest12,UserTest12,UserTest12,IT,105871,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test13,UserTest13,UserTest13,UserTest13,IT,126670,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test14,UserTest14,UserTest14,UserTest14,IT,124671,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test15,UserTest15,UserTest15,UserTest15,IT,118935,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test16,UserTest16,UserTest16,UserTest16,IT,183367,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test17,UserTest17,UserTest17,UserTest17,IT,185662,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test18,UserTest18,UserTest18,UserTest18,IT,118972,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test19,UserTest19,UserTest19,UserTest19,IT,187421,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test20,UserTest20,UserTest20,UserTest20,IT,167020,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True

 The following command will create the users with the attributes defined above, but since the Password is not encrypted, the account will be deactivated.

[PS] C:\users\Administrator.DOMAINA\Desktop>import-CSV .\BulkAddADUsers.csv|New-ADUser

 

image

 

Note the AD accounts are not enabled, because the password was not taken from the CSV file, as New-ADUser requires a Secure String for the Password. Here is what you get when you try to enable it :

image ==> image

 

 

Solution : Type a longer command line using all New-ADUser properties + the ConvertTo-SecureString commandlet

[PS] C:\users\Administrator.DOMAINA\Desktop>import-csv .\BulkAddADUsers.csv | % {New-ADUser -GivenName $_.GivenName -Surname $_.Surname -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}

 

image

 

Quod erat demonstrandum.

Sam

Comments
  • So how do you fix it?

  • Unfortunately there is no fix for that. The only workaround is to type the New-ADUser commandlet using all the commandlet properties like this :

    import-csv .\BulkAddADUsers.csv | % {New-ADUser -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}

  • Thanks a lot for this, helped a lot!

  • Whats the command for adding display name.. i tried. but end up with some errors.

  • @Mahesh: Hi Mahesh, to add the display name, you must have an additional column in your CSV file which I recommend to name "DisplayName", populate the value for each of your users (or you can use a formula in Excel to auto-populate the "DisplayName" column with for example a concatenation of FirstName and LastName that you would have added as new columns)

    Then take the above New-ADUser command, and with all the properties already there, add the "-DisplayName $_.DisplayName" property set, without the double quotes. Pay attention to put the above stuff before the final curly bracket.

    That should work, if no, give me the error you get.

    Cheers,

    Sam

  • @Mahesh (example followup of my answer)

    - So first add a column (or field) on your CSV file named "DisplayNAme"

    Then populate this column with the displayname you would like for your users

    - Then take the article's code line with the import-csv / New-ADUser cmdlets, and add the "-DisplayName $_.DisplayNAme" at the very end (you can add it anywhere after the "New-ADUser" commandlet, but it's easier to add it at the end), before the last curly bracket. You will have something like this:

    import-csv .\BulkAddADUsers.csv | % {New-ADUser -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True -DisplayName $_.DisplayName}

  • I wanted to point out that it seems the only "required" field is Description.  I say "required" because it should really not be required at all.  The only way we were able to get accounts to work was to include description.

    new-aduser -name test -SamAccountName "test" -Description "test of description" -AccountPassword (read-host -AsSecureString)

    Further, you don't seem to need "SamAccountName" either.

    Further

  • Hey SammyKrosoft
    Is -PassThru parameter require?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Search Blogs