Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


HELP ! Urgent  Mass Account Creation in a Domain within a specific OU

Posted on 2016-10-17
Medium Priority
Last Modified: 2016-10-28

I need a powershel Script for a mass user account creation.
Below are the specification

1- Account will be created in a Domain within a specific OU
Path = OU=Test,OU=Users,DC=Genactic,DC=sys

2- The Login accounts should be from
TCA0008000 to TCA0009999

3- First Name = Agency Sales Notebook (Same First Name For all accounts)

4- Last Name = CLL (Same Last Name For all accounts)

5- Email = (Same email For all accounts)

6- Passwords = None or any passwords (The account are not inteaded for login purposes)

7- The account should be disabled when created

8- Password Never Expired

9- Account never expired

10- A log file to check the account creation.

I would like to be able to modify the domain, the OU path, the  first and last name and the email in order to run the script for an other domain with different input.

Thank You !
Question by:AMATERASOU
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 16

Expert Comment

by:Todd Nelson
ID: 41847502
At a basic level, I feel you should start with a CSV file for all your users that you need created.  Something similar to this.  The Name field has to be defined and unique across all accounts, and ideally, the UPN should be defined as well...


Open in new window

Then, use a script similar to this to create the users with your specified criteria...

Import-Module ActiveDirectory

$MyPassword = Read-Host "Enter Password" -AsSecureString

Import-Csv "C:\Tools\Scripts\MyNewUsers.csv" | ForEach-Object { 

     New-ADUser -Name $_.Name -SamAccountName $_.Name -UserPrincipalName $_.UserPrincipalName -DisplayName "Agency Sales Notebook CLL" -Surname "CLL" -Path "OU=Users,OU=Test,DC=d2,DC=local" -Email "" -AccountPassword $MyPassword -PasswordNeverExpires $True -Enabled $False


Open in new window

Hope that helps.  Let me know.
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41847516
Import-Module ActiveDirectory
$MyPassword = Read-Host 'Enter Password' -AsSecureString
[int] $counter = 8000
$username = 'TCA0000'+ $counter.tostring()
$userprincipalname = $username + '@genactic.sys'
$name = $username
New-ADUser -Name $Name -SamAccountName $username -UserPrincipalName $UserPrincipalName -DisplayName 'Agency Sales Notebook CLL' -Surname 'CLL' -Path 'OU=Test,OU=Users,DC=Genactic,DC=sys' -Email '' -AccountPassword $MyPassword -PasswordNeverExpires $True -Enabled $False -whatif
} while ($counter -le 9999)


Open in new window


Expert Comment

ID: 41847783
Run the below using Exchange power Shell.  Key in all users' details in the attached csv file.

[PS] C:\>Import-CSV "C:\Users\yourpath\Downloads\userlist.csv" | foreach {new-mailbox -Name $_.DisplayName -FirstName $_.Firstname -LastName $_.Lastname -DisplayName $_.DisplayName -Alias $_.alias  -Database $_.Database -password (ConvertTo-SecureString $_.password -AsPlainText -force) -ResetPasswordOnNextLogon $true -UserPrincipalName $_.UPN -OrganizationalUnit $_.OrganizationalUnit}
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 41848169
Hello ,

But i will like to Log Account creation in an output file with the account names and Status (OK or KO)

David Johnson is the script which feef better

Import-Module ActiveDirectory
$MyPassword = Read-Host 'Enter Password' -AsSecureString
[int] $counter = 8000
$username = 'TCA0000'+ $counter.tostring()
$userprincipalname = $username + '@genactic.sys'
$name = $username
New-ADUser -Name $Name -SamAccountName $username -UserPrincipalName $UserPrincipalName -DisplayName 'Agency Sales Notebook CLL' -Surname 'CLL' -Path 'OU=Test,OU=Users,DC=Genactic,DC=sys' -Email '' -AccountPassword $MyPassword -PasswordNeverExpires $True -Enabled $False -whatif
} while ($counter -le 9999)


Thank you
LVL 16

Accepted Solution

Todd Nelson earned 2000 total points
ID: 41848376
I like David's script too. But I had to modify it because it would not have not created the users with the "-WhatIf" parameter present.

Also, I modified to create users TCA0008000 to TCA0009999 (based on your example) instead of TCA00008000 to TCA00009999--with one extra zero.

And I removed the unnecessary $name variable because it is redundant to the $username variable.

I added the GivenName parameter for each users based on your criteria and removed SamAccountName because it is based on the Name parameter and added without specifying explicitly.

Lastly, I added a section that makes the variables easy to locate and update based on whatever environment they need to be changed for.

Therefore, I suppose you want something like this with basic output logged of the values you need set...

Import-Module ActiveDirectory

$MYPASSWORD = Read-Host "Enter Password" -AsSecureString

[int] $counter = 8000

do {

     $USERNAME = "TCA000"+ $counter.tostring()
     $USERPRINCIPALNAME = $USERNAME + "@Genactic.sys"
     $DISPLAYNAME = "Agency Sales Notebook CLL"
     $FIRSTNAME = "Agency Sales Notebook"
     $LASTNAME = "CLL"
     $OUPATH = "OU=Test,OU=Users,DC=Genactic,DC=sys"

     New-ADUser -Name $USERNAME -UserPrincipalName $USERPRINCIPALNAME -DisplayName $DISPLAYNAME -GivenName $FIRSTNAME -Surname $LASTNAME -Path $OUPATH -Email $EMAILADDRESS -AccountPassword $MYPASSWORD -PasswordNeverExpires $True -Enabled $False

     Get-ADUser -Identity $USERNAME -Properties EmailAddress,DisplayName,PasswordNeverExpires,Enabled | Select-Object Name,GivenName,Surname,DisplayName,EmailAddress,DistinguishedName,SamAccountName,UserPrincipalName,PasswordNeverExpires,Enabled | Out-file "NewUserResults.txt" -Append


} while ($counter -le 9999)

Open in new window


Author Closing Comment

ID: 41863723

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question