In this post, I’m following up on Part 1 of this series where I showed you how to create users (and set a few attributes) the basic way with Powershell. Now, I’m going to show you an easier way to create users thanks to the new(ish) Powershell modules that came along in Windows Server 2008 R2. In the up-coming parts of this series, we’ll continue on to Home Folder creation/management concepts and automation. But for now, let’s get that user created…
To be honest with you, I have to admit that most of the time when I’m building a script loop and just need an easy output that looks nice, I’d just do the DSAdd tool like this:
dsadd user "cn=Jeremy Pavlov,ou=Demo,dc=CoretekServices,dc=local" -samId JPavlov -disabled no -fn Jeremy -ln Pavlov -pwd ChangeMe123! -mustchpwd yes
…but the future is here, and the future is PowerShell; and you and I have to get over it. Powershell gives us better portability, variable management, etc., etc… So onward and upward.
And with recent versions of Windows 2008 R2, Microsoft provides the new “ActiveDirectory” module; making user creation/management activities as easy to do as the DSAdd/DSMod tools. Here’s what I mean…
Open a Powershell session, and import the ActiveDirectory module like this:
Note: You need to have network access to an Active Directory server running AD Web Services for this module to work.
Loading this module is the equivalent of launching the “Active Directory Module for Windows PowerShell” option on Windows 7 and Server 2008, but if you’re scripting you’ll want to make sure you load the module explicitly. And, as a result, you have a ton of new AD tools available to you.
You can get a good look at the majority of the new AD tools by using this command:
Finally, using the
New-ADUser command, we create that user with what is pretty much the equivalent of the DSAdd above (I used the same options to help clarify):
New-ADUser -Path "ou=Demo,dc=CoretekServices,dc=local" -SamAccountName "JPavlov" -Enabled $true -Name "Jeremy Pavlov" -GivenName "Jeremy" -Surname "Pavlov" -AccountPassword (ConvertTo-SecureString –AsPlaintext "ChangeMe123!" –Force) -ChangePasswordAtLogon $true
And that’s it! You have a new user with your standard attributes set correctly. I like this one-line method because it looks much cleaner when you are building import scripts that must be distributed to other folks, or when you want to insert some other command between each line (if you’re looping), etc.; it’s neat.
On a side note, there’s also a way to read in the contents of a formatted CSV, and pump it into the
New-ADUser command; but my goal here is to show you concepts that ultimately can be combined into an multifaceted script.
Next time… Home Folder creation and permission assignment. See you then!