Creating new AD accounts or removing AD accounts is a day to day task for a system administrators when new employees may be joining or any existing employee may be leaving the company. While the GUI is an easy way for this purpose if you add just a single account, it would be time-consuming if the accounts are in bulk or when the process shall be automated.
This article demonstrates how to create both single and multiple AD accounts using PowerShell in Server 2012 R2.
Creating a Single AD Account
To create a single user account for a fictive person named Sam Perry using sperry for SAM account name and email@example.com for user principal name, issue the following command on Powershell:
PS C:\> New-ADUser -Name "Sam Perry" -GivenName Sam -Surname Perry -SamAccountName sperry -UserPrincipalName firstname.lastname@example.org
When the above command has been executed successfully, it won't return anything on the command prompt. So don't worry when you see no response.
Creating a Single Account with Password
To create an account with password, issue the following command on powershell.
PS C:\> New-ADUser -Name "Sam Perry" -GivenName Sam -Surname Perry -SamAccountName sperry -UserPrincipalName email@example.com -AccountPassword @perry1
Creating and Enabling a New User Account
The account created with above PowerShell command will be disabled by default unless you explicitly enable it. The following single command will create a new account and enable it.
PS C:\> New-ADUser -Name "Sam Perry" -GivenName Sam -Surname Perry -SamAccountName sperry -UserPrincipalName firstname.lastname@example.org -AccountPassword @admin1 -PassThru | Enable-ADAccount
Creating Multiple Accounts
You may require creating AD accounts in bulk e.g. when hundreds of new students join the college or university. You can create a CSV file that contains the user information. Import the file using the PowerShell command and input it to New-ADUSer cmdlet.
I have a CSV file with following user information:
Name,GivenName,Surname,SamAccountName,UserPrincipalName Sara Ali,Sara,Ali,sali,email@example.com Mariam Khan,Mariam,Khan,mkhan,firstname.lastname@example.org Maria Chopra,Maria,Chopra,mchopra,email@example.com
Issue the following command which reads the CSV file and pipes its content to the New-ADUser cmdlet, sets the password for each user account as Pa$$w0rd and then enable the account.
PS C:\> Import-Csv C:\data\new-users.csv | New-ADUser -PassThru | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'Pa$$w0rd' -Force) -PassThru | Enable-ADAccount