Adding Multiple Users into AD (Windows Server 2008 R2) With Powershell

I'm having a little trouble adding multiple users into AD at once using powershell.
I have created a csv file that has all the user information and a powershell script that will take the data within that csv and create users in AD.

Everything is working correctly except setting the password and "account disabled" information for the users. Again, the users are being created and all the information that I have set to be pulled is being taken from the csv and put into the user info in AD EXCEPT the password and "account disabled info".

I'm attaching the csv, and a screenshot of the error I get. No worries about confidentiality issues because the server is a dummy test server and the data is fake. The powershell code is below:

#Add Multiple Users to Active Directory
#Modified Powershell Script by Jacques Laroche
#Last updated on 10/6/2013
#Tested with Windows Server 2008 R2

$dataSource=import-csv “New-Users_Test.csv”; #What is the name of the CSV File you are importing from? (File must be in same directory as the PowerShell Script)
foreach($dataRecord in $datasource) {
$cn=$dataRecord.FirstName + ” ” + $dataRecord.LastName
$description=$dataRecord.Description
$mail=$dataRecord.Email
$telephoneNumber=$dataRecord.Telephone
$sAMAccountName=$dataRecord.FirstName + “.” + $dataRecord.LastName
$givenName=$dataRecord.FirstName
$sn=$dataRecord.LastName
$sAMAccountName=$dataRecord.UserName
$displayName=$givenName + “ ” + $sn
$description=$dataRecord.Description
$physicalDeliveryOfficeName=$dataRecord.Office
$department=$dataRecord.Department
$userPrincipalName=$sAMAccountName + “@brain.local”; #Enter your Domain here!

#Place the user in a specific OU based on what 'Department' they are listed as within the CSV file
#If the user is not assigned a 'Department' within the CSV, they will be placed within the default User OU in AD
#NOTE: YOU MUST ENTER DOMAIN CONTROLLER AND OU ROUTING INFORMATION FOR YOUR ENVIRONMENT BELOW

If($department -match “IT”) {
   $objOU=[ADSI]“LDAP://OU=IT,OU=The Organization,DC=Brain,DC=local”
 } elseif ($department -match “Management”) {
   $objOU=[ADSI]“LDAP://OU=Management,OU=The Organization,DC=Brain,DC=local”
 } elseif ($department -match “Marketing”) {
   $objOU=[ADSI]“LDAP://OU=Marketing,OU=The Organization,DC=Brain,DC=local”
 } elseif ($department -match “Sales”) {
   $objOU=[ADSI]“LDAP://OU=Sales,OU=The Organization,DC=Brain,DC=local”
 } elseif ($department -match “Accounting”) {
   $objOU=[ADSI]“LDAP://OU=Accounting,OU=The Organization,DC=Brain,DC=local”
 } else {
 $objOU=[ADSI]"LDAP://CN=Users,DC=Brain,DC=local"
 }

#Additional Attributes:
$objUser=$objOU.Create(“user”,“cn=” + $cn)
$objUser.Put(“sAMAccountName”,$sAMAccountName)
$objUser.Put(“userPrincipalName”,$userPrincipalName)
$objUser.Put(“displayName”,$displayName)
$objUser.Put(“givenName”,$givenName)
$objUser.Put(“sn”,$sn)
$objUser.Put(“telephoneNumber”,$telephoneNumber)
$objUser.Put(“mail”,$mail)
$objUser.Put(“description”,$description)
$objUser.Put(“physicalDeliveryOfficeName”,$physicalDeliveryOfficeName)
$objUser.Put(“department”,$department)

#Place the additional attributes into the record:
$objUser.SetInfo()
$objUser.SetPassword(“Temp0raryPassw0rd!”) ; #Choose the password all users will be given!
$objUser.psbase.InvokeSet(“AccountDisabled”,$false)
$objUser.SetInfo()
}
New-Users-Test.csv
Error.jpg
MurrayHillITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
Since you have 2008 R2 (I assume you mean DCs), I would use the MS AD cmdlets to simplify things.  And I probably wouldn't use so many intermediate variables.  I have simplified the script a little, but haven't taken it all the way.  It's just an example of what you could do.
import-csv newusers.txt | % {
    $cn=$_.FirstName + ” ” + $_.LastName
    $givenName=$_.FirstName
    $sn=$_.LastName
    $sAMAccountName=$_.UserName
    $displayName=$givenName + “ ” + $sn
    $department=$_.Department

    If($department -match “IT”) {
       $objOU=“OU=IT,OU=The Organization,DC=Brain,DC=local”
     } elseif ($department -match “Management”) {
       $objOU=“OU=Management,OU=The Organization,DC=Brain,DC=local”
     } elseif ($department -match “Marketing”) {
       $objOU=“OU=Marketing,OU=The Organization,DC=Brain,DC=local”
     }
    
    new-aduser -Name $cn -GivenName $givenName -LastName $sn -displayname $displayname -department $department -path $objOU -samaccountname $samaccountname -password (ConvertTo-SecureString "Temp0raryPassw0rd!” -AsPlainText -Force) -enabled $true 
}

Open in new window


View the built-in help for New-ADUser or visit this link for help using the cmdlet.
http://technet.microsoft.com/en-us/library/ee617253.aspx
0
Will SzymkowskiSenior Solution ArchitectCommented:
Here is another example that I use to import users into AD setting the password...
Import-Module activedirectory
$Userlist = Import-Csv "C:\yourCSVhere.csv"
$Userlist = ForEach ($Person in $Userlist) {
$Person.Name
$Person.sn
$Person.Country
$Person.st
$Person.title
$Person.City
$Person.postalCode
$Person.telephoneNumber
$Person.Fax
$Person.givenName
$Person.displayName
$Person.department
$Person.company
$Person.SamAccountName
$Person.userPrincipalName
$Person.description
$Person.StreetAddress
$Person.Path
$Person.Password
New-ADUser -Name $Person.Name -Surname $Person.sn -Country $Person.Country -State $Person.st -Title $Person.title -City $Person.City -PostalCode $Person.postalCode -OfficePhone $Person.telephoneNumber -Fax $Person.Fax -GivenName $Person.givenName -DisplayName $Person.displayName -Department $Person.department -Company $Person.Company -SamAccountName $Person.SamAccountName -UserPrincipalName $Person.userPrincipalName -Description $Person.description -StreetAddress $Person.StreetAddress -Path $Person.Path -Enabled $false -AccountPassword (ConvertTo-SecureString $Person.Password -AsPlainText -force)
}

Open in new window


Will.
1
footechCommented:
I noticed some problems with quotes in the original post which I had built mine off of (they were the opening and closing quotes like you would see in Word), so I updated the code I posted and also corrected a parameter name.  Corrections posted below.
Import-Csv newusers.txt | % {
    $cn=$_.FirstName + " " + $_.LastName
    $givenName=$_.FirstName
    $sn=$_.LastName
    $sAMAccountName=$_.UserName
    $displayName=$givenName + " " + $sn
    $department=$_.Department

    If($department -match "IT") {
       $objOU="OU=IT,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Management") {
       $objOU="OU=Management,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Marketing") {
       $objOU="OU=Marketing,OU=The Organization,DC=Brain,DC=local"
     }
    
    New-ADUser -Name $cn -GivenName $givenName -LastName $sn -DisplayName $displayname -Department $department -Path $objOU -samaccountname $samaccountname -AccountPassword (ConvertTo-SecureString "Temp0raryPassw0rd!" -AsPlainText -Force) -Enabled $true 
}

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

MurrayHillITAuthor Commented:
Sorry, but I'd like to know why is 90% my code working and how can I get the final piece (the password setting) to work in Powershell since I'm already using that.
0
footechCommented:
Any answer I could give you regarding the method you're using would just be the result of me searching with Google, so I can't help you in that regard.  I believe the method that both I and Spec01 proposed is a better solution, but it's your call.
Good luck!
0
MurrayHillITAuthor Commented:
Footech:

I could use your solution. But, why is it using a txt file instead of a csv - and could you provide a sample csv that would work with the code.

Also,

Is the code executable in powershell?
0
footechCommented:
A .CSV file is really just a text file.  The file really could be saved as any extension you want, but you're correct that it would be more appropriate for it to have a .CSV extension.
Yes, that is powershell code.  It would work with the sample .CSV you provided.  You would need to modify the code a bit to add any additional attributes that you want to set.

Have you ever used the MS AD cmdlets?  You may have to run Import-Module ActiveDirectory to load the module.
0
MurrayHillITAuthor Commented:
footch:

I ran import-Module ActiveDirectory in Powershell as administrator (it loaded fine).

Then I ran this script:

Import-Csv New-Users_Test.csv | % {
    $cn=$_.FirstName + " " + $_.LastName
    $givenName=$_.FirstName
    $sn=$_.LastName
    $sAMAccountName=$_.UserName
    $displayName=$givenName + " " + $sn
    $department=$_.Department
      $description=$_.Description
      $mail=$_.Email
      $physicalDeliveryOfficeName=$_.Office
      $telephoneNumber=$_.Telephone
      $userPrincipalName=$sAMAccountName + "@brain.local"

    If($department -match "IT") {
       $objOU="OU=IT,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Management") {
       $objOU="OU=Management,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Marketing") {
       $objOU="OU=Marketing,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Sales") {      
         $objOU=[ADSI]"LDAP://OU=Sales,OU=The Organization,DC=Brain,DC=local"
       } elseif ($department -match "Accounting") {
         $objOU=[ADSI]"LDAP://OU=Accounting,OU=The Organization,DC=Brain,DC=local"
       } else {
         $objOU=[ADSI]"LDAP://CN=Users,DC=Brain,DC=local"
       }
   
      New-ADUser -Name $cn -GivenName $givenName -LastName $sn -DisplayName $displayname -Department $department -Path $objOU -samaccountname $samaccountname -AccountPassword (ConvertTo-SecureString "Temp0raryPassw0rd!" -AsPlainText -Force) -Enabled $true
}

But it didn't work.
ErrorScreen.jpg
0
footechCommented:
Sorry, "-Lastname" should be "-Surname"
0
MurrayHillITAuthor Commented:
Changing "-Lastname" to "-Surname" throws another error (attached as JPG).

Code:

Import-Csv New-Users_Test.csv | % {
    $cn=$_.FirstName + " " + $_.LastName
    $givenName=$_.FirstName
    $sn=$_.LastName
    $sAMAccountName=$_.UserName
    $displayName=$givenName + " " + $sn
    $department=$_.Department
      $description=$_.Description
      $mail=$_.Email
      $physicalDeliveryOfficeName=$_.Office
      $telephoneNumber=$_.Telephone
      $userPrincipalName=$sAMAccountName + "@brain.local"

    If($department -match "IT") {
       $objOU="OU=IT,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Management") {
       $objOU="OU=Management,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Marketing") {
       $objOU="OU=Marketing,OU=The Organization,DC=Brain,DC=local"
     } elseif ($department -match "Sales") {      
         $objOU=[ADSI]"LDAP://OU=Sales,OU=The Organization,DC=Brain,DC=local"
       } elseif ($department -match "Accounting") {
         $objOU=[ADSI]"LDAP://OU=Accounting,OU=The Organization,DC=Brain,DC=local"
       } else {
         $objOU=[ADSI]"LDAP://CN=Users,DC=Brain,DC=local"
       }
   
      New-ADUser -Name $cn -GivenName $givenName -Surname $sn -DisplayName $displayname -Department $department -Path $objOU -samaccountname $samaccountname -AccountPassword (ConvertTo-SecureString "Temp0raryPassw0rd!" -AsPlainText -Force) -Enabled $true
}
Error3.jpg
0
footechCommented:
The additional checks you created for the OU need to changed.  The $objOU variable should just be a string in the form of "OU=IT,OU=The Organization,DC=Brain,DC=local", not an ADSI type.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MurrayHillITAuthor Commented:
Thanks so much to everyone for their help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.