Populate Active Directory with Test User Accounts
In this Ask the Admin, I’ll use a PowerShell script to populate Active Directory with test user accounts.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Active Directory (AD) is the chosen user-authentication mechanism in most organizations and a key infrastructure component that’s central to giving users access to business applications. Because of Active Directory’s critical role, it is usually a required component in pre-production test labs. Setting up AD in Azure is quite easy. If you want to automate provisioning Windows Server Active Directory in Azure, look at my series on automating the process using Infrastructure-as-Code:
Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 1
Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 2
Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 3
Once you’ve got AD up and running, you’ll need to populate it with user accounts to get a realistic test environment. Instead of reinventing the wheel and writing my own script, I decided to look at what’s already out there. There are lots of examples available, some of them more complicated than others. In the end, after looking at different scripts, I settled on a script from the Tailspintoys – 365lab.net blog by Johan Dahlbom. I liked the script because of its simplicity and it is well thought out, making it easy to adapt. Some of the other examples had more options for creating user object attributes but also used different text files for male and female usernames, or worked but created incomplete user objects in AD.
Johan’s script uses a comma delimited text file (.csv) that contains a list of first names and last names. In the script, there is only one variable that you must tailor for your environment. The $OU variable contains the path for the Organizational Unit (OU) in which the new user accounts should be created. This is how the variable is defined in the script:
$OU = "OU=TestUsers,OU=Cloud Inc.,DC=cloud,DC=lab"
For my test lab, I changed it to this:
$OU = "OU=Enabled Users,OU=User Accounts,DC=ad,DC=contoso,DC=com"
Be sure to get the order of the OUs correct in the path otherwise the New-ADUser cmdlet will return an error ‘Directory object not found’. Other variables you might want to change are $Password and $Departments. But the script works without modifying them. It might be necessary to change the value of $Password if ‘Password1’ doesn’t meet the password complexity requirements of your domain.
The script picks random first and last names from the .csv file. Before setting up the necessary variables for a new user, the script checks AD to make sure the proposed user object doesn’t already exist. Once the script has determined that a user with the same name doesn’t exist, it uses the New-ADUser cmdlet to add the user to the domain.
By default, the script creates 100 users. Alternatively, you can specify a number by adding the -NumUsers parameter when you run the script. To run the script, make sure that the FirstNameEurope.csv file is in the same directory as the script, that you have permission to create new user objects in the specified container or OU, and that the Active Directory module for PowerShell is installed. If you want to run the script on Windows 10, that means making sure that the Remote Server Administration Tools (RSAT) for Windows 10 are installed and that the RSATClient-Roles-AD-Powershell feature is enabled. You can download RSAT from Microsoft’s website here.
.\CreateUsers3.ps1 -NumUsers 10
After you run the script, check that the new users have been created in the specified OU by opening Active Directory Users and Computers (ADUC) in the Tools menu in Server Manager.
The text file provided contains almost 400 first names and last names. This should be enough for most use cases. But if you want a longer list or different names, make a bulk order for names at Fake Name Generator. You can customize the file generated, including the fields included, the ethnicity and sex of the names, and the output format.
In this article, I showed you how to use a PowerShell script that populates Active Directory with test user accounts.