Jun 02 2020 02/06/2020 02/06/2020 by Pablo Villaronga

PowerShell Module for Active Directory Bulk-User Management

Posted in

Active Directory Bulk-Users Management PowerShell Module manages multiple AD users New-ADUsers: Creates multiple AD users from a CSV file Update-ADUsers: Updates AD users attributes with information in a CSV Export-ADUsers: Exports certain user attributes to a CSV file.

Download ADUsers.zip

Active Directory Bulk-Users Management PowerShell Module manages multiple AD users

New-ADUsers: Creates multiple AD users from a CSV file
Update-ADUsers: Updates AD users attributes with information in a CSV
Export-ADUsers: Exports certain user attributes to a CSV file.

Change Log

New-ADUsers

16/03/2015

Change the parameter ChangePasswordAtLogon from Required to Optional
Change the parameter MoveNewUsersTo from Required to Optional

15/07/2015

Updated the New-ADUsers function to be able to add users to groups specified in the CSV – You can add up to 10 groups

Export-ADUsers

30/04/2015

Included a Credential Parameter. This is will allow you to run report accross domains or from a non-domain member Computer. This parameter is optional

23/05/2015

Added a ForEach loop to the final Get-ADUser command (in the Export-ADUsers function) to take care of situations where there are more than one container with the specified name.

General:

23/05/2015

Updated help information in the Export-ADUsers and Update-ADUsers functions 

Functionalities / Features

A full list of the functions uincluded in this module can be found in the word file located in the unzipped folder. Below are some of the features:

  • New-ADUsers function
  1. Creates multiple Active Directory Users with information in a CSV file
  2. Creates users sAMAccountName in the format First_Name.Second_Name.
  3. Confirms that the sAMAccountName does not exist before creating it.
  4. Creates User Principal Names for each user in the format sAMAccountName@domain.com.
  5. Enables all accounts created
  • Update-ADUsers function
  1. Updates multiple Active Directory Users with information in a CSV file
  2. Has option to update key attributes: Manager, Addresses, description and much more
  3. Has error logging functionality
  4. Has full help functionality
  • Export-ADUsers function
  1. Provides option to specify the AD container to search in the display name format and not in Distinguished Name format.
  2. Option to specify where you want to save users report.
  3. Exports most common user attributes including Manager Name, Account Status (Enabled or Disabled), and  Last LogOn Date.

Installation

To install the ADUsers PowerShell Module:

  • Download the zip file ADUsers.zip and unzip and copy the ADUsers folder to  “C:\Users\<username>\Documents\WindowsPowerShell\Modules”
  • Open a PowerShell Console and run the command :  Import-Module ADUsers

NOTE: Full guide with examples is included in the Word file

Portions of the functions

PowerShell

Active Directory Bulk-Users Management PowerShell Module manages multiple AD users

New-ADUsers: Creates multiple AD users from a CSV file
Update-ADUsers: Updates AD users attributes with information in a CSV
Export-ADUsers: Exports certain user attributes to a CSV file.

Change Log

New-ADUsers

16/03/2015

Change the parameter ChangePasswordAtLogon from Required to Optional
Change the parameter MoveNewUsersTo from Required to Optional

15/07/2015

Updated the New-ADUsers function to be able to add users to groups specified in the CSV – You can add up to 10 groups

Export-ADUsers

30/04/2015

Included a Credential Parameter. This is will allow you to run report accross domains or from a non-domain member Computer. This parameter is optional

23/05/2015

Added a ForEach loop to the final Get-ADUser command (in the Export-ADUsers function) to take care of situations where there are more than one container with the specified name.

General:

23/05/2015

Updated help information in the Export-ADUsers and Update-ADUsers functions 

Functionalities / Features

A full list of the functions uincluded in this module can be found in the word file located in the unzipped folder. Below are some of the features:

  • New-ADUsers function
  1. Creates multiple Active Directory Users with information in a CSV file
  2. Creates users sAMAccountName in the format First_Name.Second_Name.
  3. Confirms that the sAMAccountName does not exist before creating it.
  4. Creates User Principal Names for each user in the format sAMAccountName@domain.com.
  5. Enables all accounts created
  • Update-ADUsers function
  1. Updates multiple Active Directory Users with information in a CSV file
  2. Has option to update key attributes: Manager, Addresses, description and much more
  3. Has error logging functionality
  4. Has full help functionality
  • Export-ADUsers function
  1. Provides option to specify the AD container to search in the display name format and not in Distinguished Name format.
  2. Option to specify where you want to save users report.
  3. Exports most common user attributes including Manager Name, Account Status (Enabled or Disabled), and  Last LogOn Date.

Installation

To install the ADUsers PowerShell Module:

  • Download the zip file ADUsers.zip and unzip and copy the ADUsers folder to  “C:\Users\<username>\Documents\WindowsPowerShell\Modules”
  • Open a PowerShell Console and run the command :  Import-Module ADUsers

NOTE: Full guide with examples is included in the Word file

Portions of the functions

PowerShell

Function New-ADUsers { 
 
Process { 
 
 
 
Import-Csv -Path $UserCSVFile  | ForEach-Object {  
 
$GivenName = $_.'First Name' 
$Surname = $_.'Last Name' 
$DisplayName = $_.'Display Name' 
$StreetAddress = $_.'Full address' 
$City = $_.City 
$State = $_.State 
$PostCode = $_.'Post Code'  
$Country = $_.'Country/Region'  
$Title = $_.Title 
$Company = $_.Company 
$Description = $_.Description 
$Department = $_.Department 
$Office = $_.Office 
$Phone = $_.Phone 
$Mail = $_.Email 
$AccountExpires = $_.AccountExpirationDate 
$Manager = $_.Manager 
$password = $_.Password 
If ($Manager) 
{$ManagerDN = (Get-ADUser -server $Server -Credential $Cred -LDAPFilter "(DisplayName=$Manager)").DistinguishedName }#Manager required in DN format 
 
} 
 
$setpassword = ConvertTo-SecureString -AsPlainText $password -force 
 
Try{ New-ADUser $sam -server $Server -Credential $Cred ` 
-GivenName $GivenName -ChangePasswordAtLogon $FALSE ` 
-Surname $Surname -DisplayName $DisplayName -Office $Office ` 
-Description $Description -EmailAddress $Mail -ErrorAction stop ` 
      -StreetAddress $StreetAddress -City $City -state $State  ` 
      -PostalCode $PostCode -Country $Country -UserPrincipalName $UPN ` 
      -Company $Company -Department $Department -enabled $TRUE ` 
      -Title $Title -OfficePhone $Phone -AccountPassword $setpassword ` 
      -AccountExpirationDate $AccountExpires 
} 
Catch [Exception] 
{$DisplayName + " Was created with errors. Error recored: $($_.Exception.Message)" | Out-File $logfile -append} 
 
} 
 
 
 
Function Update-ADUsers { 
 
$csvfile | ForEach-Object {  
 
$GivenName = $_.'First Name' 
$Surname = $_.'Last Name' 
$DisplayName = $_.'Display Name' 
$StreetAddress = $_.'Full address' 
$Sam = $_.UserName 
$City = $_.City 
$State = $_.State 
$PostCode = $_.'Post Code'  
$Country = $_.'Country/Region'  
$Title = $_.'Job Title' 
$Company = $_.Company 
$Description = $_.Description 
$Department = $_.Department 
$Office = $_.Office 
$Phone = $_.Phone 
$Mail = $_.Email 
$AccountExpires = $_.AccountExpirationDate 
$Manager = $_.Manager 
 
If($SAMinAD -eq $sam -and $SAMinAD -ne $null ) 
{ 
 
#added the 'if clause' to ensure that blank fields in the CSV are ignored. 
#the object names must be the LDAP names. get values using ADSI Edit 
IF ($DisplayName) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{displayName=$DisplayName} } 
Else {"DisplayName not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($StreetAddress) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{StreetAddress=$StreetAddress} } 
Else {"StreetAddress not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($City ) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{l=$City} } 
Else {"City not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
If ($State) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -State $State } 
Else {"State not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($PostCode) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{postalCode=$PostCode} } 
Else {"PostCode not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
#Country did not accept the -Replace switch. It works with the -Country switch 
IF ($Country) { Set-ADUser -server $Server -Credential $Cred -Identity $sam  -Country $Country } 
Else {"Country not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($Title) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{Title=$Title} } 
Else {"Job Title not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($Company ) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{Company=$Company} } 
Else {"Company not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($Description ) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{Description=$Description} } 
Else {"Description not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($Department) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{Department=$Department}  } 
Else {"Department not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
IF ($Office) { Set-ADUser -server $Server -Credential $Cred -Identity $sam -Replace @{physicalDeliveryOfficeName=$Office}  } 
Else {"Office not set for $DisplayName because it is not populated in the CSV file" | Out-File $logfile -Append } 
 
} 
 
 
Function Export-ADUsers { 
 
 
Get-ADUser -server $Server -searchbase "$SearchLocDN" -Properties * -Filter * |  
    Select-Object @{Label = "First Name";Expression = {$_.GivenName}},  
    @{Label = "Last Name";Expression = {$_.Surname}}, 
    @{Label = "Display Name";Expression = {$_.DisplayName}}, 
    @{Label = "Logon Name";Expression = {$_.sAMAccountName}}, 
    @{Label = "Full address";Expression = {$_.StreetAddress}}, 
    @{Label = "City";Expression = {$_.City}}, 
    @{Label = "State";Expression = {$_.st}}, 
    @{Label = "Post Code";Expression = {$_.PostalCode}}, 
    @{Label = "Country/Region";Expression = {if (($_.Country -eq 'GB')  ) {'United Kingdom'} Else {''}}}, 
    @{Label = "Job Title";Expression = {$_.Title}}, 
    @{Label = "Company";Expression = {$_.Company}}, 
    @{Label = "Description";Expression = {$_.Description}}, 
    @{Label = "Department";Expression = {$_.Department}}, 
    @{Label = "Office";Expression = {$_.OfficeName}}, 
    @{Label = "Phone";Expression = {$_.telephoneNumber}}, 
    @{Label = "Email";Expression = {$_.Mail}}, 
    @{Label = "Manager";Expression = {%{(Get-AdUser $_.Manager -server $Server -Properties DisplayName).DisplayName}}}, 
    @{Label = "Account Status";Expression = {if (($_.Enabled -eq 'TRUE')  ) {'Enabled'} Else {'Disabled'}}}, # the 'if statement# replaces $_.Enabled 
    @{Label = "Last LogOn Date";Expression = {$_.lastlogondate}} |  
    #Export CSV report 
    Export-Csv -Path $csvreportfile -NoTypeInformation     
 
} 
Windows 10No
Windows Server 2012Yes
Windows Server 2012 R2No
Windows Server 2008 R2Yes
Windows Server 2008Yes
Windows Server 2003Yes
Windows Server 2016No
Windows 8No
Windows 7Yes
Windows VistaNo
Windows XPNo
Windows 2000No

This script is tested on these platforms by the author. It is likely to work on other platforms as well. If you try it and find that it works on another platform, please add a note to the script discussion to let others know. Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

Source :

https://gallery.technet.microsoft.com/Active-Directory-Bulk-9c5271b2

Tags: