Simplify AD User Creation: GUI & PowerShell

Spread the love

Active Directory (AD) is a crucial component for managing users and resources in an enterprise environment. In this guide, we will cover how to create a user in Active Directory using both the GUI and PowerShell, including bulk user creation with a random password using a CSV file.

1. Creating a User via the Active Directory GUI

Follow these steps to create a user using the Active Directory Users and Computers (ADUC) GUI:

Step 1: Open Active Directory Users and Computers (ADUC)

Press `Win + R`, type `dsa.msc`, and press Enter.

Or opens Server manager > Active Directory Users and Computers.

Step 2: Navigate to the Organizational Unit (OU)

In the left pane, expand your domain.

Locate and select the OU where you want to create the user, In this example we are going to choose London OU.

Step 3: Create a New User

Right-click on the OU, select New, and click User.

Fill in the following details:
   – First Name (e.g., Taha)
   – Last Name (e.g., kssama)
   – User logon name (e.g., t.kssama@tic.local)

Click Next.

Step 4: Set the User’s Password

Enter a secure password.
Choose the following options:
User must change password at next logon

Click Next and then Finish.

2. Bulk Creating Users with PowerShell and CSV

Step 1: Prepare the CSV File

Create a CSV file (e.g., `C:\users.csv`) with the following format:

FirstName;LastName;Function;OU;Department

Note:

Step 2: PowerShell Script for Bulk User Creation

Copy and paste the following script into Notepad, save it with a .ps1 extension, (e.g., script.ps1)

TypeScript

				$CSVFile = "C:\users.csv"
$CSVData = Import-CSV -Path $CSVFile -Delimiter "," -Encoding UTF8
$PasswordExportPath = "C:\userspass\user_passwords.csv"
$ExportFolder = "C:\userspass"

# Check if the export folder exists, if not, create it
if (!(Test-Path $ExportFolder)) {
    New-Item -ItemType Directory -Path $ExportFolder | Out-Null
}

# Create an array to store user credentials for export
$UserPasswords = @()

Foreach ($User in $CSVData) {
    $UserFirstName = $User.FirstName
    $UserLastName = $User.LastName
    $UserSamAccountName = ($UserFirstName.Substring(0,1) + "." + $UserLastName).ToLower()
    $UserEmail = "$UserSamAccountName@tic.local"
    $UserFunction = $User.Function
    $UserDepartment = $User.Department
    $UserOU = $User.OU

    # Generate a random 12-character password
    $UserPassword = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 12 | ForEach-Object {[char]$_})
    $SecurePassword = ConvertTo-SecureString $UserPassword -AsPlainText -Force

    # Check if the user already exists in AD
    if (Get-ADUser -Filter {SamAccountName -eq $UserSamAccountName}) {
        Write-Warning "The identifier $UserSamAccountName already exists in AD"
    } else {
        # Create the AD user
        New-ADUser -Name "$UserLastName $UserFirstName" `
                    -DisplayName "$UserLastName $UserFirstName" `
                    -GivenName $UserFirstName `
                    -Surname $UserLastName `
                    -SamAccountName $UserSamAccountName `
                    -UserPrincipalName "$UserSamAccountName@tic.local" `
                    -EmailAddress $UserEmail `
                    -Title $UserFunction `
                    -Department $UserDepartment `
                    -Path $UserOU `
                    -AccountPassword $SecurePassword `
                    -ChangePasswordAtLogon $true `
                    -Enabled $true

        Write-Output "User created: $UserSamAccountName ($UserLastName $UserFirstName)"

        # Store credentials for export
        $UserPasswords += [PSCustomObject]@{
            FirstName = $UserFirstName
            LastName = $UserLastName
            Username = $UserSamAccountName
            Password = $UserPassword
        }
    }
}

# Export the generated usernames and passwords to CSV
$UserPasswords | Export-Csv -Path $PasswordExportPath -NoTypeInformation -Encoding UTF8

Write-Output "User credentials exported to $PasswordExportPath"

$CSVFile = "C:\users.csv"
$CSVData = Import-CSV -Path $CSVFile -Delimiter "," -Encoding UTF8
$PasswordExportPath = "C:\userspass\user_passwords.csv"
$ExportFolder = "C:\userspass"

# Check if the export folder exists, if not, create it
if (!(Test-Path $ExportFolder)) {
    New-Item -ItemType Directory -Path $ExportFolder | Out-Null
}

# Create an array to store user credentials for export
$UserPasswords = @()

Foreach ($User in $CSVData) {
    $UserFirstName = $User.FirstName
    $UserLastName = $User.LastName
    $UserSamAccountName = ($UserFirstName.Substring(0,1) + "." + $UserLastName).ToLower()
    $UserEmail = "$UserSamAccountName@tic.local"
    $UserFunction = $User.Function
    $UserDepartment = $User.Department
    $UserOU = $User.OU

    # Generate a random 12-character password
    $UserPassword = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 12 | ForEach-Object {[char]$_})
    $SecurePassword = ConvertTo-SecureString $UserPassword -AsPlainText -Force

    # Check if the user already exists in AD
    if (Get-ADUser -Filter {SamAccountName -eq $UserSamAccountName}) {
        Write-Warning "The identifier $UserSamAccountName already exists in AD"
    } else {
        # Create the AD user
        New-ADUser -Name "$UserLastName $UserFirstName" `
                    -DisplayName "$UserLastName $UserFirstName" `
                    -GivenName $UserFirstName `
                    -Surname $UserLastName `
                    -SamAccountName $UserSamAccountName `
                    -UserPrincipalName "$UserSamAccountName@tic.local" `
                    -EmailAddress $UserEmail `
                    -Title $UserFunction `
                    -Department $UserDepartment `
                    -Path $UserOU `
                    -AccountPassword $SecurePassword `
                    -ChangePasswordAtLogon $true `
                    -Enabled $true

        Write-Output "User created: $UserSamAccountName ($UserLastName $UserFirstName)"

        # Store credentials for export
        $UserPasswords += [PSCustomObject]@{
            FirstName = $UserFirstName
            LastName = $UserLastName
            Username = $UserSamAccountName
            Password = $UserPassword
        }
    }
}

# Export the generated usernames and passwords to CSV
$UserPasswords | Export-Csv -Path $PasswordExportPath -NoTypeInformation -Encoding UTF8

Write-Output "User credentials exported to $PasswordExportPath"

Step 3: Run the Script

Open PowerShell as Administrator and navigate to the path where the .ps1 file is located.

Before you run the script don’t forget to modify the path of the CSV file if needed.

Run the script: .\script.ps1

After running the script, you will encounter the following result:

Step 4: Verify the Created Users

Run the following command in PowerShell to check if the users were created:

PowerShell

				Get-ADUser -Filter * | Select-Object Name, SamAccountName

Get-ADUser -Filter * | Select-Object Name, SamAccountName

Step 5: Access the User Credentials CSV

After running the script, check the folder `C:\userspass\user_passwords.csv` to retrieve the generated usernames and passwords.

Conclusion

GUI: Best for creating a single user interactively.
• PowerShell (Bulk Creation): Best for creating multiple users quickly with predefined attributes.
• CSV Automation: Ensures consistency and saves time in large environments.

This guide provides a seamless way to efficiently manage users in Active Directory. 🚀 Happy admin work! 😊