Active Directory

How to Quickly Create Active Directory Users in Bulk

Recently I revisited deploying Windows Server Active Directory in Azure, a subject that I’d covered a few times here on Petri. Today I want to look again at deploying Active Directory (AD) users in bulk. Specifically using standard usernames. By that I mean rather than creating user objects with real names, like Bob Jones or Russell Smith, use a syntax like employee1, employee2, etc. Partly because it is easier to have PowerShell automatically generate standard names and it works fine for a test environment. Some organizations choose to use standard names in production, so the code I’m going to show you today isn’t necessarily just for a test lab.

If you are interested in using PowerShell to populate Active Directory with user objects that use real names, take a look at Populate Active Directory with Test User Accounts on Petri, where I show you how to use a script by Johan Dahlbom. Or if you prefer a simpler solution, take a look at Create New Active Directory Users with Excel and PowerShell.

Using a ForEach Loop to Create User Objects

PowerShell ForEach loops are generally used to read through an array of strings. For example, the following code reads the access control list (ACL) for each folder in the c:\accounts directory tree.

$FolderPath = Get-ChildItem -Directory -Path "c:\accounts" -Recurse -Force
ForEach ($Folder in $FolderPath) {$Acl = Get-Acl -Path $Folder.FullName}

But if you don’t have an array of data to read like in the example above, you can use a number range to repeat a command a specified number of times. That’s useful if we want to create a specific quantity of Active Directory users. All we need to do is specify the range and then use a ForEach loop to run the New-ADUser cmdlet. Don’t forget that the AD module for PowerShell needs to be installed on the device where you run the New-ADUser cmdlet. You can install the Remote Server Administration Tools (RSAT) for Active Directory Domain Services to install the AD PowerShell module.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Creating a new Active Directory User with PowerShell

Let’s take a quick look at creating a new AD user object using the New-ADUser cmdlet. In the code below, I create a new user called employee1. I can’t pass a cleartext password using the -AccountPassword parameter, so I first convert it to a secure string. The user will need to change the password at first log on (-ChangePasswordAtLogon) and the account is enabled by default (-Enabled).

New-ADUser -Name employee1 -AccountPassword (ConvertTo-SecureString Pas$W0rd!!11 -AsPlainText -Force) -UserPrincipalName [email protected]$env:userdnsdomain -ChangePasswordAtLogon $True -Enabled $True

But what if I want to create more than one user? I start by specifying a range of objects. In this case, I want to create 25 users, so 1..25. Then each loop creates a new AD user object using New-ADUser. See that I append the current object number to the end of the account name using $_ and do the same in the -UserPrincipalName parameter.

How to Quickly Create Active Directory Users in Bulk (Image Credit: Russell Smith)
How to Quickly Create Active Directory Users in Bulk (Image Credit: Russell Smith)

1..25 | ForEach-Object {New-ADUser -Name employee$_ -AccountPassword (ConvertTo-SecureString Pas$W0rd!!11 -AsPlainText -Force) -UserPrincipalName [email protected]$env:userdnsdomain -ChangePasswordAtLogon $True -Enabled $True}

You can check that the users were created by using the Get-ADUser cmdlet. Here I list accounts that follow the standard name format and then list the results to make the output easier to read.
Get-ADUser -Filter 'Name -like "employee*"' | Format-List Name, UserPrincipalName

And that is it! Beautiful in its simplicity and you can modify the ForEach loop to repeat any command that you like a specific number of times.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “How to Quickly Create Active Directory Users in Bulk”

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
13 Email Threat Types to Know About Right Now

As email threats evolve and multiply, keeping track of them all—and staying protected against the many different types—becomes a complex challenge. Today, that requires more than just the traditional email gateway solution that used to be good enough.

In this eBook you will learn:

  • What are the most common and challenging email attacks for organizations?
  • How to defend against sophisticated email threats, such as spoofing, social engineering, and fraud
  • How to protect employees at the inbox level with the right technologies and security-awareness training
  • How to use a multilayered protection strategy to reduce susceptibility to email attacks and better defend your business and employees

Sponsored by: