Home > View Post

Creating AD user accounts in PowerShell

I spent last week in the Microsoft UK Performance and Scalability labs with an ADC customer. We had to load test their web application which used windows auth but had a custom roleprovider. This meant that we needed to script out a bunch of AD accounts for our load tests to use. Needless to say, I turned to powershell :)

We created a list of users names and dropped them into a CSV file with just one column: UserName.

$users = import-csv "C:\usersToBeCreated.csv"
$container = [ADSI] "LDAP://cn=Users,dc=YourDomain,dc=local"
$users | foreach {
    $UserName = $_.UserName
    $newUser = $container.Create("User", "cn=" + $UserName)
    $newUser.Put("sAMAccountName", $UserName)
    $newUser.psbase.InvokeSet('AccountDisabled', $false)

This was all easy enough but once again, this script isn't perfect. The accounts the script created were disabled but I couldn't, for the life of me, get PowerShell to enable the scripts. It seems I should just have to say $newUser.AccountDisabled = $false? Anyway, we didn't have much time to waste so I simply popped into the AD GUI and selected all the accounts (all 6000 of them) and selected Enable. Done.

UPDATE - Thanks to BomBom's comment the script now enables the accounts propertly too! Thanks BomBom!

Note - this script was run on the domain controller itself.

Josh Post By Josh Twist
1:43 AM
30 Jun 2008

» Next Post: Updated Silverlight Uploader for SL2 Beta 2
« Previous Post: How to remove a file attribute in PowerShell

Comments are closed for this post.

Posted by Scott Dukes @ 30 Jun 2008 2:18 AM
Or you could just use Quest's (free) AD cmdlets - which rock :-)


Posted by BomBom @ 08 Jul 2008 3:29 AM
Do it like this:
$newUser.psbase.InvokeSet('AccountDisabled', $false)

Has to be done in the right order (create user, SetInfo, enable account, SetInfo)

Posted by josh @ 27 Jan 2009 12:41 AM
Thanks BomBom - post updated!

Posted by Naveed @ 22 Sep 2010 6:26 AM
Thanks for the code, can i define the custom users login ID using this code.


Posted by khaldun azar @ 13 Jul 2011 12:14 PM
please help i run a script as different way

$users = import-csv "C:\activedirectoryscript\users.csv"
$container = [ADSI] "LDAP://cn=companyOU,DC=bsa,DC=edu,DC=jo"
$users | foreach {
$UserName = $_.GivenName
$LastName = $_.Surname
$SamAccountName = $_.samAccountName
$DisplayName = $_.DisplayName
$UserPassword = $_.Password
i have a csv file entry like obove
johan,azar,johan.azar,johan azar
sami,gagish,sami.gagish,sami gagish

it executied but no entry inside OU in AD.
please help

Posted by Darryl @ 09 Aug 2011 5:42 AM
@khaldun azar

Josh is creating his users within the Built-in Users container, not an OU.

Try OU=, rather than CN=
$container = [ADSI] "LDAP://OU=companyOU,DC=bsa,DC=edu,DC=jo"

I think that's right, but I can't test it at the moment

© 2005 - 2022 Josh Twist - All Rights Reserved.