Adding Users To AD Via PowerShell

A lot of people I am sure have written about PowerShell scripts to add new users and then automate the whole process. Many of these I have found revolve around the very nice Quest Software cmdlets, but I wanted to understand the inner workings plus generate a full script that will load users and group from a file.

This is part 1 of 4 in how to automate user creation. The steps for all four parts should work if you are directly on the server with the AD role or using Remote Server Administration Tools (RSAT) via Windows 7.

Step 1 – AD PowerShell Modules:

Before we can begin the script we need to confirm that the Active Directory modules have been loaded. At the PowerShell prompt enter: Get-Command –Module active* | Measure-Object

This command will query all loaded modules for the server which begin with ‘active’ and provide a count of what is found (| Measure-Object). Your result will look like the following if the module has not been loaded.

image

Your are looking for a count of 76. If you got a count of 76 or more skip on to Step 2. For the rest of us, we now need to load the AD Modules so we can write get to the fun part and write a script. At the PowerShell prompt enter: Import-Module active*
The wildcard is used again to get all those modules that are related, saves time and energy retyping each modules name. Depending on the speed of the machine you may see a green bar appear quickly at the top of the PowerShell window which shows the progress.

Perform another Get-Command –Module active* | Measure-Object to confirm that the AD Modules have loaded.

image

Now we are ready to begin the script.

Step 2 – Learn the Command:

The cmdlet used to add new users is New-ADUser. By using the Get-Help cmdlet you can learn the details or review the details on MSDN at http://technet.microsoft.com/en-us/library/ee617253.aspx.

Here are some of the highlights to the New-ADUser cmdlet I found most important for our script. Most of the common AD properties that you normally would set are available as parameters, any additional properties to be set can be included as part of the –OtherAttributes parameter.

As I just want some basic type users for development purposes we will not be concerned with this parameter. Parameters that we will be using are:

  • SamAccountName
    • This parameter is the Security Account Manager (SAM) value for the user created.
    • This is a required value
  • Name
    • String name to identify the new user by.
    • This is a required value.
  • AccountPassword
    • Provides the password for the new user.
    • Password setting can fail if the password does not meet the password policy restriction. The user account will still be created though.
    • This parameter requires a secure string value, this can be generated via the a separate object or entered via a prompt.
    • Example – via prompt: –AccountPassword (Read-Host –AsSecureString “password”)
    • Example – as object: $thePassword = ConvertTo-SecureString "password" -AsPlainText -Force;
  • CannotChangePassword
    • Use $false or $true
  • PasswordNeverExpires
    • Use $false or $true
    • Cannot be set true if ChangePasswordAtLogon is true
  • Description
    • Defines the description of the new user.
  • DisplayName
    • Defines the name displayed for the user.
  • Enabled
    • Use $false or $true
    • This defaults to false, so be sure to set it accordingly.
  • EmailAddress
    • The user’s email address.
  • Server
    • The domain server which should be connected to.
    • This will be defaulted when not supplied by the following: from the Server value from objects passed through the pipeline, server information with the AD PowerShell provider, domain of the computer running PowerShell
  • Path
    • This parameter is used to set the Organizational Unit (OU) or container the new user is to be added to.
    • If this parameter is not defined then the cmdlet will create the new user in the default user container for the domain.
  • PassThru
    • With this parameter the user object created is returned.

Step 3 – Tryout the Command:
Before I begin a script I like to write the single command once to make sure it behaves as I expect. So at the command prompt enter:

$thePassword = ConvertTo-SecureString "password" -AsPlainText -Force;

Then enter at command prompt:
New-ADUser -SamAccountName "myTest2SAM" -Name "myTest2Name" -AccountPassword $thePassword -CannotChangePassword $true -PasswordNeverExpires $true -Description "Test description" -DisplayName "myTest2DisplayName" -Enabled $true -EmailAddress "myTest2@rainfly.com" -Server "rainfly.com";

Your Mid-Week Microsoft Fix

It’s hump day, and what better way to make it through the mid week point then to engage in a little mid-week education.

Before we get to this weeks links, let me point out that the Microsoft Professional Developer conference will be starting on Thursday, October 28 on the Microsoft Campus in Redmond. If your October schedule is as busy as mine, getting to Redmond wasn’t an option, we are in luck. They will be live web casting all of the sessions. You can check it out at Microsoft PDC.

And now back to your mid-week fix.

Course 10522: Developing Rich User Interfaces for Microsoft SharePoint 2010

This course teaches developers how to develop solutions that use the new user interface platforms for SharePoint 2010.

The course covers the following topics.
– Building Ribbon Controls and Custom Actions
– Developing on the Dialog Platform
– Developing Silverlight Applications by Using the Client Object Model
– Deploying and Debugging Silverlight Applications for SharePoint 2010

This course prepares you for the exam 70-573: TS: Microsoft SharePoint 2010, Application Development.

Course 10521: Developing Solutions Using the Microsoft SharePoint 2010 Client Object Model

This course teaches developers how to develop solutions that use the new client object model provided by SharePoint 2010.

The course covers the following topics.
– Overview of the SharePoint 2010 Client Object Model
– Types of Solutions that Can Use the SharePoint 2010 Client Object Model
– Remote Client Types
– Working with the Client Object Model for .NET Applications

This course prepares you for the exam 70-573: TS: Microsoft SharePoint 2010, Application Development.

Upgrading to SharePoint 2010: How Do I: Preparing to Upgrade to SharePoint 2010 (Part 2)

This module concentrates on upgrade considerations. What are the practices and actions to perform when you upgrade your previous SharePoint versions to SharePoint 2010. Understand different methods and practices to follow before the actual upgrade is…

I just want to add a user

Working on generating some virtual development environments that run local for testing and presentations, and was in need of generating some test user accounts. So off to PowerShell I went, there will be a upcoming series on this just you wait. As I started creating new users I received the message the simple couple letter passwords did not meet the complexity defined.

image

(Windows cannot set the password for <user name> because: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.)

What! This is a development environment for my own use, I’m not worried about it being secure. The following steps are what I discovered to change the password complexity. I do not to a lot of server administration, so there may be a faster and easier method out there, but this worked for me.

  1. Log onto the AD server.
  2. Go to Start –> Administrator Tools –> Group Policy Management
    image
  3. This will open the Group Policy Management console
    image
  4. Via the tree on the left navigate down to the Group Policy Objects for the domain. On the right frame right click Default Domain Policy to open the Group Policy Management Editor console.
    image
  5. Via the tree on the left navigate: Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Account Settings –> Password Policy
    image
  6. The right hand frame will now display all of the possible password policy settings you can change.
    image

If you perform all of the above steps and are still receiving error messages about non-conforming passwords, the local security settings may have password policies enabled. To correct this go to Start –> Administrator Tools –> Local Security Policy.

This will open the Local Security Policy window. In the left frame, navigate the tree to Password Policy (Security Settings –> Account Policies –> Password Policy.)
image

You will see the same list of policy options as in the Group Manager Editor. Make the changes you want and you a user account will soon be yours.

Remember the more strict these policies are the safer you environment can be.

Your Mid-Week Microsoft Fix

Here is your scheduled dose of some Microsoft goodness, to keep you in tune to some of the newest options to listen and read.

Without further ado, here we go.

Security in SharePoint 2010: How Do I: Use the New SharePoint 2010 Security Model (Part 2) – Claims-Based Identity Model

This module concentrates on the security aspects in SharePoint 2010. We’ll concentrate on securing the deployment and also to new claims based authentication option. Learn about the new claims-based identity model available in SharePoint 2010.

IT Pro Management in SharePoint 2010: Managing SharePoint 2010 Customizations for the IT Pro (Part 1)

This module concentrates on the operational aspects of the SharePoint 2010. We’ll concentrate on the different tools and capabilities available. Understand how to use solution packages and sandboxed solutions in SharePoint 2010. Presented by Todd Carter,

Upgrading to SharePoint 2010: How Do I: SharePoint 2010 Upgrade Overview (Part 1)

This module concentrates on upgrade considerations. What are the practices and actions to perform when you upgrade your previous SharePoint versions to SharePoint 2010. Become familiar with the supported upgrade paths and considerations for upgrading to

IT Pro Management in SharePoint 2010: IT Pro Tools for Customizing SharePoint 2010 (Part 2)

This module concentrates on the operational aspects of the SharePoint 2010. We’ll concentrate on the different tools and capabilities available. Understand how to use solution packages and sandboxed solutions in SharePoint 2010. Presented by Todd Carter,

How Do I: Create Content Types for SharePoint 2010 in Visual Studio 2010?

A Content Type is a reusable collection of settings that can be defined and applied to data in a SharePoint list or library. Microsoft Visual Studio 2010 provides project types that support the creation and deployment of content types. Learn how to creat

Your Mid-Week Microsoft Fix

Sorry to all those who look forward to some lunch time reading each week. Last week, was just one of those weeks were anything you wanted to do just kept getting shuffled further down the queue. In the process of compiling this weeks links, I decided for a name change to “Your Mid-Week Microsoft Fix”. I hope you like the name change, I’m not sold on it yet, so if you have any suggestions leave them in the comments..

So without any further ado…here is this week’s Mid-Week Microsoft Fix.

Security in SharePoint 2010: How Do I: Use the New SharePoint 2010 Security Model (Part 1)

This module concentrates on the security aspects in SharePoint 2010. We’ll concentrate on securing the deployment and also to new claims based authentication option. Learn about the new claims-based identity model available in SharePoint 2010. Presented


How Do I: Create a Business Data Connectivity Model for SharePoint 2010 Using Visual Studio 2010?

Microsoft Visual Studio 2010 provides a project type that enables developers to build Business Data Connectivity (BDC) Models that produce Microsoft .NET connectivity assemblies for Business Connectivity Services (BCS) in Microsoft SharePoint 2010.

TechNet Radio: Security with SharePoint 2010

In this session we spend time with Microsoft Certified Master and SharePoint Ranger Bryan Porter to discuss security with SharePoint 2010, its various implementations, and supporting technologies that help to ensure your data remains secure and protected