POWERSHELL SCRIPT FOR BULK LOADING USERS

THE POWERSHELL SCRIPT FOR BULK LOADING USERS

The Powershell Script

The PowerShell script for bulk loading users is as follows below.  The script below can be copied and pasted into Notepad or the PowerShell ISE for editing or it can be downloaded here:

https://cmit220.ronniekupfer.com/wp/wp-content/uploads/2021/04/CreatUsersScript3.txt

# Import active directory module for running AD cmdlets
Import-Module activedirectory

#Store the data from ProjectUsers.csv in the $ProjectUsers variable
$ProjectUsers = Import-csv “C:\Users\Administrator\Desktop\ProjectUsers2.csv”

#Loop through each row containing user details in the CSV file
foreach ($User in $ProjectUsers)
{
#Read user data from each field in each row and assign the data to a variable as below

$Firstname = $User.FirstName
$Lastname = $User.LastName
$Username = $User.UserName
$Password = $User.Password
$OU = $User.OU
$email = $User.Email
$streetaddress = $User.StreetAddress
$city = $User.City
$zipcode = $User.ZipCode
$state = $User.State
$country = $User.Country
$telephone = $User.Telephone
$jobtitle = $User.JobTitle
$company = $User.Company
$department = $User.Department
#$Password = $User.Password

#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user does exist, give a warning
Write-Warning “A user account with username $Username already exist in Active Directory.”
}
else
{
#User does not exist then proceed to create the new user account

New-ADUser `
-SamAccountName $Username `
-UserPrincipalName “$Username@ronniekupfer.org” `
-Name “$Firstname $Lastname” `
-GivenName $Firstname `
-Surname $Lastname `
-Enabled $True `
-DisplayName “$Lastname, $Firstname” `
-Path $OU `
-City $city `
-Company $company `
-State $state `
-Country $country `
-PostalCode $zipcode `
-StreetAddress $streetaddress `
-OfficePhone $telephone `
-EmailAddress $email `
-Title $jobtitle `
-Department $department `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True
}
}

PowerShell scripts use the # symbol to denote comments.  This means the line of text following the # symbol will not be processed by PowerShell. 

The $ symbol indicates that the continuous text following it is a variable.

The “Import-Module activedirectory” module allows us to use the “Import-csv” cmdlet. 

The “Import-csv” reads the content of the .CSV file at the path designated and stores it in the variable  $ProjectUsers.  The “Import-csv” cmdlet creates a table like structure when reading in the .CSV file into the variable $ProjectUsers.  This feature also allows it to understand the first row of the .CSV file is the header file and interprets each column header name as the property name.  To get the UNC path of the file location of the .CSV file (or any file), click once on the file to select it, hold the shift key and right click the file.  In the menu that appears there will be an option to Copy as path.  Select this and paste it into the script.  See image below for clarity.

The script then uses a foreach loop (which is just a type of for loop) to read the data in the variable $ProjectUsers.  It uses the variable $User to store one line of data from the .CSV file stored in $ProjectUsers.  The { } symbols indicate where the foreach loop begins { and ends }.  As the foreach loop reads the line of data, it stores each property in a script variable, for instance: $Firstname = $User.FirstName

 $User is the foreach loop variable, .FirstName is the property defined in the .CSV file to contain the users first name, and the first name is now stored in the script variable $Firstname.  This means that the property names in the .CSV file can be whatever the script writer/.CSV file creator want them to be as long as the property names match in the script.  As the foreach loop reads each property for one line it stores the property in its defined script variable.  All of the properties read in a line define an AD User.

The foreach loop does not close yet, the script moves to an if statement.  The if statement “if (Get-ADUser -F {SamAccountName -eq $Username})” checks to see if the user already exists in the domain.  The -F command is shorthand for Filter and is filtering for on all the SamAccountName(s).  The -eq performs a string comparison between $Username and the SamAccountName.  If it finds a SamAccountName that exists, it generates warning and does not write the user account.  

If the If statement does not find an existing user, the “New-ADUser” cmdlet is called.  The foreach loop script variable values are then assigned to the New-ADUser cmdlet parameter values that define an AD user.  For instance the New-ADUser cmdlet parameter for a user’s first name is GivenName.  The value of the script variable $Firstname is now assigned to the GivenName parameter of AD by the line “-GivenName $Firstname `”.  Note that the ” ` ” (backtick) character allows the commands to be wrapped to the next line.  Also, the ” – ” (hyphen) is used to designate a parameter, in this case a New-ADUser cmdlet parameter.

The line “-AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True” assigns the value in the $Password variable to the New-ADUser cmdlet parameter and forces the user to change their password at first login. 

At this point the first user has been written to the AD domain.  The foreach loop will then read the next line of .CSV data and write the new user to the AD domain and so on and so forth until the last line of user data is read and written.  This is an advantage of a foreach loop over a for loop.  This foreach loop will “understand” when the last line of data is written and will end cleanly.  In a for loop, the user must tell the loop where the last line is (how many iterations of the loop exist).

Running The Script

After the PowerShell script is created, running it is trivial.  Right click on the script and select Run with PowerShell or Edit.  For this project, Edit will be used and brings up the following window.

This window allows you to see the script.  Click the green button that is circled in the image to run the script.  After running the script, the users will be added to the active directory domain.  Go to the AD Management console to verify the users have been added as below.

Select a user and review their properties to make sure the script added the user data appropriately as shown in the next four images.

The last image shows the check box for “User must change password at next logon” has been selected as the PowerShell script designated. 

The users have now been accurately created in the AD domain.  

Assigning The Login Script With Minimal Mouse Clicks

After placing the login script (login.bat) on the server at the following location: 

C:\Windows\SYSVOL\sysvol\ronniekupfer.org\scripts

Highlight all the new users added in the specified OU (in this case Project220) by clicking on one user and pressing CTRL + A.  Then right click on one of the users and select Properties as shown below.

Select the Profile tab > check the Logon script: box > and type “login.bat” in the field as shown below.

Click Apply and OK and the login script will be added to all the selected users.  There are two videos showing how all this is done in the PowerShell Script For Exporting Users page:

POWERSHELL SCRIPT FOR EXPORTING USERS