You can create new user accounts in Active Directory using the New-ADUser cmdlet. This guide covers single account creation, bulk creation, and importing from CSV files.
Getting the Syntax
To get the full syntax for the cmdlet:
Get-Command New-ADUser –Syntax
Creating a Simple User Account
The easiest way to create a user account:
New-ADUser B.Johnson
Default Properties
Accounts created this way have the following default properties:
- Account is created in the “Users” container
- Account is disabled
- Account is a member of Domain Users group
- No password is set
- User must reset the password at the first logon
Creating a Usable Account
To make a new account that’s actually usable, you need to:
- Enable it using
Enable-ADAccountcmdlet - Give it a password using
Set-ADAccountPasswordcmdlet
Example: Creating a Complete User Account
Let’s create a new account with these attributes:
- Name: Jack Robinson
- Given Name: Jack
- Surname: Robinson
- Account Name: J.Robinson
- User Principal Name: J.Robinson@enterprise.com
- Path: “OU=Managers,DC=enterprise,DC=com”
- Password Input: Required
- Status: Enabled
New-ADUser -Name "Jack Robinson" -GivenName "Jack" -Surname "Robinson" `
-SamAccountName "J.Robinson" `
-UserPrincipalName "J.Robinson@enterprise.com" `
-Path "OU=Managers,DC=enterprise,DC=com" `
-AccountPassword(Read-Host -AsSecureString "Input Password") `
-Enabled $true
Note: The Read-Host parameter will ask you to input a new password. The password must meet the length, complexity and history requirements of your domain security policy.
Creating Multiple Users in Bulk
Method 1: Using a Loop with Default Password
Create 10 similar users with a default password (P@ssw0rd), using ConvertTo-SecureString:
$path="OU=IT,DC=enterprise,DC=com"
$username="ITclassuser"
$count=1..10
foreach ($i in $count) {
New-AdUser -Name $username$i -Path $path -Enabled $True `
-ChangePasswordAtLogon $true `
-AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -force) `
-passThru
}
Method 2: Interactive Number Input
To make the script more flexible, add prompts for username and count:
$path="OU=IT,DC=enterprise,DC=com"
$username=Read-Host "Enter name"
$n=Read-Host "Enter Number"
$count=1..$n
foreach ($i in $count) {
New-AdUser -Name $username$i -Path $path -Enabled $True `
-ChangePasswordAtLogon $true `
-AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -force) `
-passThru
}
Importing Users from CSV File
This option is great when you have a list of users with predefined personal details.
CSV File Format
The CSV file must be in UTF8 encoding and contain these columns:
- firstname
- lastname
- username
- department
- password
- ou
Example CSV:
Import Script
#Enter a path to your import CSV file
$ADUsers = Import-csv C:\scripts\newusers.csv
foreach ($User in $ADUsers) {
$Username = $User.username
$Password = $User.password
$Firstname = $User.firstname
$Lastname = $User.lastname
$Department = $User.department
$OU = $User.ou
#Check if the user account already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username}) {
#If user does exist, output a warning message
Write-Warning "A user account $Username has already exist in Active Directory."
}
else {
#If a user does not exist then create a new user account
#Account will be created in the OU listed in the $OU variable;
#don't forget to change the domain name in the "-UserPrincipalName" variable
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName "$Username@yourdomain.com" `
-Name "$Firstname $Lastname" `
-GivenName $Firstname `
-Surname $Lastname `
-Enabled $True `
-ChangePasswordAtLogon $True `
-DisplayName "$Lastname, $Firstname" `
-Department $Department `
-Path $OU `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force)
}
}
Result
After script execution, the new users will appear in Active Directory:
Creating Computer Accounts
To create a computer object, use the New-ADComputer cmdlet.
Single Computer
Create a computer object with “WKS932” as its name:
New-ADComputer –Name "WKS932" –SamAccountName "WKS932"
Importing Computers from CSV
If you have a list of computers to import, save them to a CSV file with the heading “computer” and the list of computer names below it.
$File="C:\scripts\Computers.csv" # Specify the import CSV position
$Path="OU=Devices,DC=enterprise,DC=com" # Specify the path to the OU
Import-Csv -Path $File | ForEach-Object {
New-ADComputer -Name $_.Computer -Path $Path -Enabled $True
}