Provisioning users in Active Directory with PowerShell and the QAD cmdlets

As part of the EnergizeIT tour that I was on for the past three weeks, I did a quick introduction to PowerShell and then showed how the ability to automate tasks using PowerShell can make the job of an IT administrator much, much easier.  The scenario for the automation example I used was this: your HR department contacts you on Friday afternoon and tells you there are a bunch of new users coming in next week and you need to make the accounts right away.  The actual number is arbitrary because PowerShell scripts are the same for 1 user as they are for 1000000 users (exaggerated as that might be), but for my example I used a dozen users.

The point with this example was to show you how you can accomplish a task like this quickly regardless of the number of users being created and go home on time for date night, your son’s baseball game, etc.  This demonstration was very well received, and at the end of the demonstration I promised that I would post the script I wrote during the demo here in my blog.  The script that I post here may look slightly different from the script you saw me run at your tour event because I wanted to make sure shared the answer to a question someone asked me during the tour: How do I set the password for the new users when I create them?

For those of you who didn’t see the live demonstration, note that the csv file I used (C:\Users\Poshoholic\Documents\NewHires.csv) contained the following text:

FirstName,LastName,Title
Dmitry,Prosser,Software Developer 4
Oisin,Hill,Quality Analyst 1
Jeffrey,Shell,Senior Support Representative
Don,Munro,Software Developer 1
Charlie,Shaw,Project Manager
Marco,van Oursow,HR Assistant
Brandon,Russel,Product Manager
Keith,Hicks,Software Developer 3
Marc,Grehan,Product Marketing Manager
Karl,Jones,Quality Analyst 3
Kirk,Lee,Quality Analyst 1
Thomas,Sotnikov,IT Analyst 2

(FYI: if you think those names look familiar, I took the first names and last names of 12 PowerShell MVPs and mixed them up)

During the demonstration, the script below was built up iteratively within the PowerShell console so that you could see the thought process involved in creating a script that way.  In this blog post however, I’m simply going to post the finished script.  If you have questions about the demonstration or want to refresh your memory on how you could build a script like this iteratively, let me know.  The finished script to create the users from the csv file simply looks like this:

Import-Csv C:\Users\Poshoholic\Documents\NewHires.csv `
    |
Add-Member -Name Name -MemberType ScriptProperty -Value {$this.FirstName + + $this.LastName} -PassThru `
    |
Add-Member -Name SamAccountName -MemberType ScriptProperty -Value {($this.FirstName[0] + $this.LastName.Replace( ,)).SubString(0,20)} -PassThru `
    |
New-QADUser -City Ottawa -UserPassword P4$$w0rd -ParentContainer poshoholicstudios.com/users

Please note the following if you want to use this as a basis for your own script:

  1. You can copy this script from my blog and paste it directly into the PowerGUI Script Editor where you can customize it to meet your needs (be careful of the word wrap – there should be four lines of script once you paste it in PowerGUI).  Alternatively if you want the script already in a ps1 file, you can download it here.
  2. This example requires the Quest AD cmdlets to create the new users.  Once you have those installed, don’t forget to load them in PowerShell using Add-PSSnapin or in PowerGUI using Libraries in the File menu.
  3. This shows the finished script I built during the demonstration, with the addition of the assignment of the default user password value as P4$$w0rd.  Whatever you use for the default password value, it must meet your password requirements in your lab.
  4. If you want to run this without making changes, don’t forget to append -WhatIf at the end of the last line in the script.

Don’t be afraid to ask me questions about any of this, whether you need help customizing this script to make it work in your environment or just want an explanation of how the script works.  I’m always happy to help!

Kirk out.

Share this:

Advertisements

3 thoughts on “Provisioning users in Active Directory with PowerShell and the QAD cmdlets

  1. Wow, now I feel even more attached to Thomas and Karl. Like we are brothers or something. Obviously all PowerShell MVPs are quite that way, but sharing names should definitely mean something… I probably won’t tell my wife until I figure that out.

    Like

  2. I am currently working on a project that requires provisioning users in AD with PowerShell natively. On third party add-ons can be used, how can I accomplish this (need example)?

    PS: I’m totally new to PowerShell and need to learn it quickly, can you recommend a source?

    Thank you!

    Like

  3. Hi Desmond,

    It’s a shame you can’t use 3rd party add-ons for your provisioning work. Quest’s AD cmdlets are freeware, and they make working with AD in PowerShell much, much easier. Plus they are supported on the PowerGUI forums so if you have questions on how to do something or feature requests for things you need, you’ll likely get a pretty quick turnaround.

    That said, if you really can’t use the Quest AD cmdlets and need to go about it the hard way, there is one other PowerShell MVP who’s blog should be able to help you out. Check out Brandon Shell’s blog at http://bsonposh.com. He’s very heavy into managing AD with PowerShell, and I believe he works exclusively with the builtin mechanisms for managing AD with PowerShell (ADSI, .NET).

    Here’s a specific example on Brandon’s blog about how to create Users, Computers and OUs: http://bsonposh.com/archives/271

    One other blog you could look at is Richard Siddaway’s blog (http://richardsiddaway.spaces.live.com/). He also does a lot with AD and PowerShell and while he uses and promotes the Quest AD cmdlets, if I recall correctly he also has material for using the builtin mechanisms for managing AD.

    Kirk out.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s