How to Quickly Create Active Directory Users in Bulk
Recently I revisited deploying Windows Server Active Directory in Azure, a subject that I’d covered a few times here on Petri. Today I want to look again at deploying Active Directory (AD) users in bulk. Specifically using standard usernames. By that I mean rather than creating user objects with real names, like Bob Jones or Russell Smith, use a syntax like employee1, employee2, etc. Partly because it is easier to have PowerShell automatically generate standard names and it works fine for a test environment. Some organizations choose to use standard names in production, so the code I’m going to show you today isn’t necessarily just for a test lab.
If you are interested in using PowerShell to populate Active Directory with user objects that use real names, take a look at Populate Active Directory with Test User Accounts on Petri, where I show you how to use a script by Johan Dahlbom. Or if you prefer a simpler solution, take a look at Create New Active Directory Users with Excel and PowerShell.
Using a ForEach Loop to Create User Objects
PowerShell ForEach loops are generally used to read through an array of strings. For example, the following code reads the access control list (ACL) for each folder in the c:\accounts directory tree.
$FolderPath = Get-ChildItem -Directory -Path "c:\accounts" -Recurse -Force
ForEach ($Folder in $FolderPath) {$Acl = Get-Acl -Path $Folder.FullName}
But if you don’t have an array of data to read like in the example above, you can use a number range to repeat a command a specified number of times. That’s useful if we want to create a specific quantity of Active Directory users. All we need to do is specify the range and then use a ForEach loop to run the New-ADUser cmdlet. Don’t forget that the AD module for PowerShell needs to be installed on the device where you run the New-ADUser cmdlet. You can install the Remote Server Administration Tools (RSAT) for Active Directory Domain Services to install the AD PowerShell module.
Creating a new Active Directory User with PowerShell
Let’s take a quick look at creating a new AD user object using the New-ADUser cmdlet. In the code below, I create a new user called employee1. I can’t pass a cleartext password using the -AccountPassword parameter, so I first convert it to a secure string. The user will need to change the password at first log on (-ChangePasswordAtLogon) and the account is enabled by default (-Enabled).
New-ADUser -Name employee1 -AccountPassword (ConvertTo-SecureString Pas$W0rd!!11 -AsPlainText -Force) -UserPrincipalName employee1@$env:userdnsdomain -ChangePasswordAtLogon $True -Enabled $True
But what if I want to create more than one user? I start by specifying a range of objects. In this case, I want to create 25 users, so 1..25. Then each loop creates a new AD user object using New-ADUser. See that I append the current object number to the end of the account name using $_ and do the same in the -UserPrincipalName parameter.
1..25 | ForEach-Object {New-ADUser -Name employee$_ -AccountPassword (ConvertTo-SecureString Pas$W0rd!!11 -AsPlainText -Force) -UserPrincipalName employee$_@$env:userdnsdomain -ChangePasswordAtLogon $True -Enabled $True}
You can check that the users were created by using the Get-ADUser cmdlet. Here I list accounts that follow the standard name format and then list the results to make the output easier to read.
Get-ADUser -Filter 'Name -like "employee*"' | Format-List Name, UserPrincipalName
And that is it! Beautiful in its simplicity and you can modify the ForEach loop to repeat any command that you like a specific number of times.
Related Article: