Active Directory

Populate Active Directory with Test User Accounts

In this Ask the Admin, I’ll use a PowerShell script to populate Active Directory with test user accounts.



Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Active Directory (AD) is the chosen user-authentication mechanism in most organizations and a key infrastructure component that’s central to giving users access to business applications. Because of Active Directory’s critical role, it is usually a required component in pre-production test labs. Setting up AD in Azure is quite easy. If you want to automate provisioning Windows Server Active Directory in Azure, look at my series on automating the process using Infrastructure-as-Code:

Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 1
Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 2
Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 3

Once you’ve got AD up and running, you’ll need to populate it with user accounts to get a realistic test environment. Instead of reinventing the wheel and writing my own script, I decided to look at what’s already out there. There are lots of examples available, some of them more complicated than others. In the end, after looking at different scripts, I settled on a script from the Tailspintoys – blog by Johan Dahlbom. I liked the script because of its simplicity and it is well thought out, making it easy to adapt. Some of the other examples had more options for creating user object attributes but also used different text files for male and female usernames, or worked but created incomplete user objects in AD.

Johan’s script uses a comma delimited text file (.csv) that contains a list of first names and last names. In the script, there is only one variable that you must tailor for your environment. The $OU variable contains the path for the Organizational Unit (OU) in which the new user accounts should be created. This is how the variable is defined in the script:

$OU = "OU=TestUsers,OU=Cloud Inc.,DC=cloud,DC=lab"

For my test lab, I changed it to this:
$OU = "OU=Enabled Users,OU=User Accounts,DC=ad,DC=contoso,DC=com"

Be sure to get the order of the OUs correct in the path otherwise the New-ADUser cmdlet will return an error ‘Directory object not found’. Other variables you might want to change are $Password and $Departments. But the script works without modifying them. It might be necessary to change the value of $Password if ‘Password1’ doesn’t meet the password complexity requirements of your domain.

The script picks random first and last names from the .csv file. Before setting up the necessary variables for a new user, the script checks AD to make sure the proposed user object doesn’t already exist. Once the script has determined that a user with the same name doesn’t exist, it uses the New-ADUser cmdlet to add the user to the domain.

Running the PowerShell script from Tailspintoys – (Image Credit: Russell Smith)
Running the PowerShell Script from Tailspintoys — (Image Credit: Russell Smith)

By default, the script creates 100 users. Alternatively, you can specify a number by adding the -NumUsers parameter when you run the script. To run the script, make sure that the FirstNameEurope.csv file is in the same directory as the script, that you have permission to create new user objects in the specified container or OU, and that the Active Directory module for PowerShell is installed. If you want to run the script on Windows 10, that means making sure that the Remote Server Administration Tools (RSAT) for Windows 10 are installed and that the RSATClient-Roles-AD-Powershell feature is enabled. You can download RSAT from Microsoft’s website here.

.\CreateUsers3.ps1 -NumUsers 10

After you run the script, check that the new users have been created in the specified OU by opening Active Directory Users and Computers (ADUC) in the Tools menu in Server Manager.

Users created by the script in Active Directory (Image Credit: Russell Smith)
Users Created by the Script in Active Directory (Image Credit: Russell Smith)

The text file provided contains almost 400 first names and last names. This should be enough for most use cases. But if you want a longer list or different names, make a bulk order for names at Fake Name Generator. You can customize the file generated, including the fields included, the ethnicity and sex of the names, and the output format.

Create a list of fake user names (Image Credit: Russell Smith)
Create a List of Fake User Names (Image Credit: Russell Smith)

In this article, I showed you how to use a PowerShell script that populates Active Directory with test user accounts.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar - Thursday, December 2nd! Active Directory Masterclass: AD Configuration Strategies for Stronger SecurityREGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: