Automatically create users with New-AdUser from Import-CSV file

If a large number of users is to be created automatically in Active Directory, PowerShell is also the appropriate way to go, create multiple Active Directory user objects with New-AdUser via Import-Csv.

This tutorial shows how to use of New-AdUser for automated user creation, by importing object data from a CSV file with Import-Csv.

When migrating where parts of users from an organizational unit (OU) are transferred from an Active Directory forest to a new or different forest, the Active Directory modules are suitable for user management, with the cmdlet “Get-AdUser” as well as for creating new accounts with “New-AdUser“. A total of around 50 parameters are supported whose names match the attributes in the AD.

A simple command could look like this if you have a new user with the SamAccountName “Sebastian“.

$Password = Read-Host "Enter a Password" -AsSecureString
New-AdUser -Name Sebastian -GivenName Sebastian -Surname Furrer -Path "OU=User,OU=Office,DC=Company,DC=com" -Enabled $True -AccountPassword $Password -ChangePasswordAtLogon $True

The command creates a user and apply the AccountPassword parameter to set a password that was previously entered. Numerous other attributes with values can be applied. For a simple user creation, this example is already sufficient to the user are able to authenticate against active directory.

User export and import via CSV file

The users can be exported from the OU to a CSV file by using filters, which is then available for the user import, this for the next step to the intended target organizational unit.

Get-AdUser -Filter * -SearchBase "OU=User,OU=Office,DC=Company,DC=com" | Export-Csv -Path .\users.csv -NoClobber -Delimiter ";"

With a large number of users, you will not want to create them individually. The best way to import data contains a list of object properties from the CSV file is to do this. The prerequisite must be met that the column headings in the CSV file exactly match the names of the parameters. A file exported with Export-Csv might look something like this.

  If the export has been formatted with a comma as a delimiter, specify import-csv with delimiter via parameter -Delimiter.

A foreach loop creates the users in the specified OU context.

$Import = Import-CSV ".\users.csv" -Delimiter ";"
$OU = "OU=User,OU=Office,DC=Company,DC=com"
$Password = ConvertTo-SecureString "Initpass" -AsPlainText -Force

foreach ($user in $Import) {
  New-ADUser -Name $user.SamAccountName -GivenName $user.GivenName -Surname $user.Surname -Path $OU -AccountPassword $Password -ChangePasswordAtLogon $True -Enabled $True -UserPrincipalName $user.UserPrincipalName
}

Run the command-lines in PowerShell in the same directory where the exported CSV file (“users.csv“) is located, or apply the appropriate path with the -Path parameter.

As soon as the newly created user logs on to AD, he is prompted to enter a new password, which replaces the initial password (“Initpass“).

Conclusion

The Active Directory cmdlet New-ADUser makes it easy to create multiple Active Directory users. Frequently used user property values can be set with parameters. Using the Import-Csv with New-ADUser cmdlet, it is possible to create a large number of Active Directory user objects. The custom objects are created from a comma-separated CSV file that contains a list of object properties. The objects are piped to New-ADUser to create the user objects with attributes. The help is output with get-help New-ADUser.

In working with Powershell by creating user accounts, may the invalid password exception, InvalidPasswordException error message appears.

New-LocalUser: An exception of type “Microsoft.PowerShell.Commands.InvalidPasswordException”.

Cause

The Local Group Policy for password complexity requirements do not match the input, or the minimum password length is not met. The Powershell error message invalid password exception appers.

Solution

Change Minimum Password Length

Set Minimum Password Length to increase or decrease the password length to the desired length.

In Local Group Policy (gpedit.msc), change the Minimum Password Length, 0 for no Minimum Password Length.

Example. creates a user account in the powershell

The following Powershell command creates a user account with a password from the one line command, useful for script processing.

New-LocalUser user1 -Password (ConvertTo-SecureString "8170af" -AsPlainText -Force) -FullName user1 -Description user1 -PasswordNeverExpires -UserMayNotChangePassword

New User Account

If create a local user in Windows 10 or 11 you can use the User Accounts control panel. But you can also use PowerShell to create a new local user. This way we can easily automate creating a local account on Windows devices.

To create a local user with PowerShell you will need to have administrator access to the computer and run PowerShell as admin (elevated). Otherwise, you won’t be able to create accounts.

In this post, I will explain how you can create a new localuser.

New-LocalUser

To create a new local user we are going to use the New-LocalUser cmdlet in PowerShell. The cmdlt provide options to set a password for the account or create an account without a password.

Password exception

As you can see this won’t allow you to run the script autonomous, because you will need to enter a password. This is also the challenge with creating local users, most of the time you want to supply the password in a secure way.

If you run the script remotely or under your own supervision then you could write the password inside a PowerShell script and convert it to a secure string. But keep in mind, anyone who opens the script is able to read the password.