header image

Creating AD users

Posted by: | January 9, 2012 | No Comment |

In this post I’ll show the absolute bare bones code required to create an AD user

if (-not (Get-Module ActiveDirectory)){            
  Import-Module ActiveDirectory            
}            
            
$ou = "OU=England,DC=Manticore,DC=org"            
$domain = "manticore.org"            
            
"`nMicrosoft"            
$name = "UserA"            
New-ADUser -Name $name -Path $ou -SamAccountName $name -UserPrincipalName "$name@$domain"            
            
"`nAD provider"            
$name = "UserB"            
New-Item -Path AD:\$ou -Name "cn=$name" -ItemType user -Value @{samAccountName=$name; userPrincipalName = "$name@$domain"}             
            
"`nQuest"            
$name = "UserC"            
New-QADUser -ParentContainer $ou -Name $name -SamAccountName $name -UserPrincipalName "$name@$domain"            
            
"`nScript"            
$name = "UserD"            
$target = [adsi]"LDAP://$ou"            
$user = $target.Create("user", "cn=$name")            
$user.SetInfo()            
            
$user.samaccountname = $name            
$user.userPrincipalName = "$name@$domain"            
$user.SetInfo()

The Microsoft and Quest cmdlets are similar apart from the different parameter used for the OU the user will be created in.

The script uses the Create method of the OU object. SetInfo() is used to write data back to AD.

The provider is interesting as we use the New-Item cmdlet and add the attributes through the –Value parameter.  Notice that we have to use -Name "cn=$name"  we can’t just give the name.

In all cases the accounts are created disabled.

under: PowerShell and Active Directory