Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Create

Viewing 1 post (of 1 total)
  • Author
    Posts

  • makavelli12
    Member
    #626706

    Hi All,

    Wonder if someone can help me here.

    What I am basically trying to do is to create multiple user accounts from an existing user account, with the group membership, and settings of the account.

    For example, the exiting user account is “TestUser1”, and is a member of the following groups: Domain Users, Workstation Users, Home Users

    The account has the settings the password cannot be changed and the password does not expire.

    As I have approx 30 User Accounts to create, I would like to use Powershell to do this for me.

    Whilst I am a newbie Powershell scripter, I came across this script from the Manning website:

    https://www.manning.com/books/learn-active-directory-management-in-a-month-of-lunches

    $secpass = Read-Host “Password” -AsSecureString
    $user = Get-ADUser -Identity jgreen -Properties memberof, office
    New-ADUser -Name “GREEN Bill” -SamAccountName bgreen
    -UserPrincipalName “[email protected]
    -AccountPassword $secpass -Path “cn=Users,dc=Manticore,dc=org”
    -Enabled:$true -Instance $user

    and adapted it to my use for testing the creation of a single user account:

    $secpass = Read-Host “Password” -AsSecureString
    $user = Get-ADUser -Identity TestUser1 -Properties memberof
    New-ADUser -Name “TestUser2” -SamAccountName testuser2
    -UserPrincipalName “[email protected]
    -AccountPassword $secpass -Path “cn=Users,dc=localtest,dc=net”
    -Enabled:$true -Instance $user

    When I try the script the account is created, but it does not assign the group memberships and the display name is also missing. So am working if someone with expert knowledge could advise me how I can do the following:

    1. Get the group membership working
    2. Set the Displayname to be testuser2
    3. Set the password cannot be changed
    4. Set the password does not expire

    If there is a way to do this for the 30 user accounts via a CSV file this would be even better.

    Hope this makes sense, and someone can advise.

    Thanks.

    Mak

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: