Jake Charman

Resident Geek of Nitrous Junkie Racing



Bulk Importing Users To Active Directory, The Easy Way…

Mon 5 Sep 2016


So I’ve just had one of the most painful experiences of my life, trying to import 129 new users into AD from a .CSV file.

I spent forever trying to use other people’s scripts with no results other than thousands of errors flying up my PowerShell window. Then I decided that this clearly wasn’t working and decided to do a bit of reading and start from nothing.

I used an Excel formula to build usernames from these names and also to build email addresses from the usernames. Most of the other fields from this point are duplicate.

I ended up with the following CSV headings,

GivenName – The user’s first name
SamAccountName – The “User logon name (pre-Windows 2000)” (e.g. “user”)
Surname – The user’s surname
Name – The user’s full name
Displayname – The user’s full name
EmailAddress – The email address for the new user
UserPrincipleName – The “User logon name” (NOT pre-Windows 2000, e.g. “[email protected]”)
Description – The description for the AD object

I also had “Mail Domain” which was just used to add the domain to the username to generate email addresses, it wasn’t actually read by the PowerShell script.

The best thing to do at this point is to add one user’s information to the CSV then check that PowerShell is reading the file correctly using the “Import-Csv” command with the filename on the end, in my case this was

Import-Csv .teststudent.csv

This will list the details alongside the column heading. Unfortunately, there’s no point me showing you a screenshot since I’m using real user data here so I’d have to blur out all of the important parts.

The next step is to import your one test user into AD and check that the account is set up to your liking.

This was the command I used:

Import-Csv .teststudent.csv | New-ADUser -AccountPassword (ConvertTo-SecureString [PASS] -AsPlainText -force)

It simply uses the options set in the CSV and sets a common password ([PASS]) for all accounts.

Due to a quirk in the PowerShell Cmdlet we’re using, you can’t specify the “User must change password at next login” option so this needs to be done with a separate command.

I moved all the newly added users (which are placed in the built-in “Users” OU to begin with) into their own OU and ran this command:

Get-ADUser -SearchBase “[OU string]” | Set-ADUser -ChangePasswordAtLogon 1 -Filter *

To set the option on for all users in the OU. If you don’t know what I mean by an OU string, it’s fairly simple to figure out yours.

If you have a domain with an OU inside users, so the tree looked like this

root.domain
|————–Users
|                   |——-Sample

Then the OU string for Sample would be

“OU=Sample,OU=Users,DC=root,DC=domain”

Just work backwards.

Once you have one user done, It’s just a case of filling up the CSV with users and running the commands again.

It’s well worth having a read of this page:

https://technet.microsoft.com/en-us/library/ee617253.aspx

To find out exactly what options you have at your disposal before starting out, You just set the column heading to the parameter you want to set and input the data, It would be fairly easy to set randomized passwords this way using an excel macro if you wanted to be extra hot on security.

Be warned that there is no output on any of these commands by default so no news is good news, cross your fingers and refresh the AD tree when they complete.

If there’s any indication as to how quick and easy the process is once you know how, I spotted a mistake in my CSV half way through writing this post, deleted and recreated 129 users in about 2 minutes.