Bulk populate an AD using a CSV file and New-ADUser, including Passwords - Microsoft Exchange pour Tous V2 - Microsoft Exchange made simple - Site Home - TechNet Blogs

Microsoft Exchange pour Tous V2 - Microsoft Exchange made simple

Nouveautés, principes, évolution, trucs et astuces - News, principles, evolution, tips and tricks

Bulk populate an AD using a CSV file and New-ADUser, including Passwords

Bulk populate an AD using a CSV file and New-ADUser, including Passwords

  • Comments 13
  • Likes

Problem : New-ADUser is not working as expected to populate a password coming from a CSV file (the account stays disabled) here is the example and the reason:

Prerequisites: Import the Active Directory module on your powershell session using Import-Module ActiveDirectory



Here is my BulkAddADUsers.csv file sample :



 The following command will create the users with the attributes defined above, but since the Password is not encrypted, the account will be deactivated.

[PS] C:\users\Administrator.DOMAINA\Desktop>import-CSV .\BulkAddADUsers.csv|New-ADUser




Note the AD accounts are not enabled, because the password was not taken from the CSV file, as New-ADUser requires a Secure String for the Password. Here is what you get when you try to enable it :

image ==> image



Solution : Type a longer command line using all New-ADUser properties + the ConvertTo-SecureString commandlet

[PS] C:\users\Administrator.DOMAINA\Desktop>import-csv .\BulkAddADUsers.csv | % {New-ADUser -GivenName $_.GivenName -Surname $_.Surname -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}




Quod erat demonstrandum.


  • So how do you fix it?

  • Unfortunately there is no fix for that. The only workaround is to type the New-ADUser commandlet using all the commandlet properties like this :

    import-csv .\BulkAddADUsers.csv | % {New-ADUser -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}

  • Thanks a lot for this, helped a lot!

  • Whats the command for adding display name.. i tried. but end up with some errors.

  • @Mahesh: Hi Mahesh, to add the display name, you must have an additional column in your CSV file which I recommend to name "DisplayName", populate the value for each of your users (or you can use a formula in Excel to auto-populate the "DisplayName" column with for example a concatenation of FirstName and LastName that you would have added as new columns)

    Then take the above New-ADUser command, and with all the properties already there, add the "-DisplayName $_.DisplayName" property set, without the double quotes. Pay attention to put the above stuff before the final curly bracket.

    That should work, if no, give me the error you get.



  • @Mahesh (example followup of my answer)

    - So first add a column (or field) on your CSV file named "DisplayNAme"

    Then populate this column with the displayname you would like for your users

    - Then take the article's code line with the import-csv / New-ADUser cmdlets, and add the "-DisplayName $_.DisplayNAme" at the very end (you can add it anywhere after the "New-ADUser" commandlet, but it's easier to add it at the end), before the last curly bracket. You will have something like this:

    import-csv .\BulkAddADUsers.csv | % {New-ADUser -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True -DisplayName $_.DisplayName}

  • I wanted to point out that it seems the only "required" field is Description.  I say "required" because it should really not be required at all.  The only way we were able to get accounts to work was to include description.

    new-aduser -name test -SamAccountName "test" -Description "test of description" -AccountPassword (read-host -AsSecureString)

    Further, you don't seem to need "SamAccountName" either.


  • Hey SammyKrosoft
    Is -PassThru parameter require?

  • Little help? I'm getting an error as follows.

    ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it
    is null.
    At line:1 char:139
    + ... o-SecureString $_.Password -AsPlainText -force) -ChangePasswordAtLogon
    $False -C ...
    + ~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], Param
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,M

  • Never mind. Figured it out. Thanks for this blog!

  • Hey guys, sorry for answering late, I just figured how to be notified when I receive comments ... my bad !

    @Jimil: Nope, the -PassThru parameter is usually used to tell the Powershell commandlet to "pass" the returned objects over the next pipe - if there is no next pipe, then it's usually printed on the console

    @Me: cool :) I think the $_.Password might have been blank or a number ... welcome, appreciate your comments !

  • What I do to circumvent this is create a function, set parameters that accept pipeline input, script the password part in there (I usually call system.web to create a random password actually, but by using a switch parameter you can have both) and then i just pipe the csv to the function

  • @bluuf: that's another good idea to workaround this encrypted string requirement, thanks bluuf !

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Search Blogs