How to Copy Active Directory Users with PowerShell
Creating new Active Directory (AD) users with PowerShell is easy using the New-ADUser cmdlet. But there are a lot of attributes that you might need to set every time you set up a new user account in AD. For example, you might want to set the user’s office address, department, job title, and other details. With the help of the -Instance parameter and the New-ADUser cmdlet, you can copy AD attributes from an existing user when creating new accounts.
Create a template account
Let’s start by creating a user account, called ‘Accounts User’, that has all the attributes set for subsequent users. I’m going to set the following attributes:
Even though ‘Accounts User’ will just act as a template for new users, we need to set a password so that the account meets the password policy requirements of AD. Additionally, New-ADUser requires the password to be passed as a secure string, so we’ll use ConvertTo-SecureString to convert the plaintext password.
New-ADUser -Name 'Accounts User' -SamAccountName accountsuser -AccountPassword (ConvertTo-SecureString Pas$W0rd!!12 -AsPlainText -Force) -StreetAddress '5 New Street' -City London -Title 'Junior Accountant' -PostalCode 'E1 4RN' -Office London -Department Accounts -Manager 'CN=Russell Smith,OU=Accounts,DC=ad,DC=globomantics,DC=uk'
Copy account attributes using the -Instance parameter
Now that the template user has been created, we should create a variable ($newuserattributes) containing an object that represents the template user account (Accounts User) with only the attributes we want to copy. Some attributes, like badPwdCount and lastLogon, cannot be copied. So, specifying only the attributes we need ensures PowerShell won’t throw an error.
$newuserattributes = Get-ADUser -Identity accountsuser -Properties StreetAddress,City,Title,PostalCode,Office,Department,Manager
Let’s create a new user account and copy attributes from ‘Accounts User’. The new user is called Fleur Wade and we need to make sure we specify values for the -Name, -GivenName, SurName, and -AccountPassword parameters. The -Instance parameter is used to specify from which account we will copy other parameters, like StreetAddress and City. I’ve also set -ChangePasswordAtLogon and -Enabled to $true to make sure the account is ready to use straightaway.
New-ADUser -Name "Fleur Wade" -GivenName Fleur -Surname Wade -SAMAccountName fleurwade -Instance $newuserattributes -DisplayName "Fleur Wade" -AccountPassword (ConvertTo-SecureString Pas$W0rd!!12 -AsPlainText -Force) -ChangePasswordAtLogon $true -Enabled $true
Add the new user to the Accounts group
New-ADUser cannot be used to set AD group membership. So, as part of the process, I’m also going to configure group membership for the new account using Add-ADGroupMember.
Add-ADGroupMember -Identity Accounts -Members fleurwade
Verify user attributes and group membership
Finally, we can use Get-ADUser and Get-ADGroupMember to check the new account was configured correctly with attribute values copied from ‘Accounts User’, and that Fleur’s group membership was also set properly.
Get-ADUser -Identity fleurwade -Properties StreetAddress,City,Title,PostalCode,Office,Department,Manager Get-ADGroupMember -Identity Accounts
Creating new Active Directory users in bulk
The above method can help you to create new Active Directory users faster than manual methods, like using the GUI management tools. If you’d like to create new user accounts with information pulled from a data source, like an Excel spreadsheet, PowerShell can help achieve that. Check out Create New Active Directory Users with Excel and PowerShell on Petri for complete instructions.
More in Active Directory
How to Access Active Directory
May 17, 2022 | Michael Reinders
Microsoft Rolls Out Azure AD Verifiable Credentials Service to More Customers
May 11, 2022 | Rabia Noureen
Active Directory vs. Azure AD (and Other Identity Providers)
May 9, 2022 | Michael Taschler
Apple Finally Discontinues Support for macOS Server App
Apr 25, 2022 | Rabia Noureen
Microsoft Issues New Guidance on Securing Domain Controllers
Apr 15, 2022 | Rabia Noureen
Best Practices for Installing Active Directory Domain Controllers in a Virtual Machine
Apr 15, 2022 | Michael Taschler
Most popular on petri