Today in this Lesson, You will learn How to Manage Active Directory Users & Computers Using PowerShell? How to filter against the properties of users, groups, and computers to perfectly act on the results of that filter; and how to add users to the groups and move users and computers into an OU. Also, at last, you will learn How to Create Multiple Active Directory Users with PowerShell at once, which is not available on GUI Interface.
Create a new Organization Unit
Step 1. Open PowerShell.
Step 2. Type New-ADorganizationlUnit –Name TechLab –Path “DC=Techroze,dc=com” command.
Note: If you need help for the organization unit command you can simply search for it in PowerShell and the cmdlet is: Get-Help New-AdorganizationlUnit.
Create AD user account
Step 1. Open PowerShell.
Step 2. Type New-Aduser –Name User01
This command will simply create a new user but the information about this user is not complete such as:
- What is his first name, last name, display name?
- There is not any address of him.
- The account status is disabled.
- The Password has not been confirmed.
- The user login name is also not confirmed.
These are only some Information which is missing. I have searched for help about this cmdlet and here are the syntaxes which can be used if you want, but most us are not using the complete information about them.
So, instead of giving these much syntaxes I have chosen some of them and I have created a simple command which will help us to create a new user with login name, enable the account, password configuration.
New-ADUser -Name “Khaliq” -GivenName “Dad” -DisplayName “Khaliq Dad” -Path “OU=Techlab,DC=Techroze,dc=com” -SamAccountName “Khaliq” -UserPrincipalName “Khaliq@Techroze.com” -AccountPassword $SecurePW -PassThru -PasswordNeverExpires $true -Surname “Dad”
Now that we have created the account, if you have opened the Active Directory users and computers, you may have noticed that the account is disabled. In order to enable the account, type Enable-ADaccount –identity “CN=Khaliq,OU=Techlab,DC=Techroze,dc=com” –Server “Ghulam.Techroze.com” command.
Note: I have not Provided a snapshot for Enable-ADaccount because when you enter the command, nothing will happen unless you have to see it on the Active Directory Users and Computers or Active Directory Administrative Center.
Create a New Group & ADD Users to the Group
I had created Multiple accounts, but I never added them to a Group such as Domain Security Group, Read-only Group or etc. By the way, when we create an account by default they will be in the domain users group. To add the user to any of the groups except the domain users, I am using Get-ADGroupMember cmdlet. But Before adding them to a Group, you have to create a group. I already have created a Group called Head Office. This Command will create a new Group with Powershell.
New-ADGroup -Name “RODC Admins” -SamAccountName RODCAdmins -GroupCategory Security -GroupScope Global -DisplayName “DODC Admins” -Path “CN=Users,DC=Techroze,dc=com”
Now that you have created the RODC Admins Group, you have to add the users to the Group just I have added the Users of Techroze Lab to the Head Office Group. Here is the command.
Get-ADUser -SearchBase ‘OU=Techroze lab,DC=Techroze,dc=com’ -Filter * | ForEach-Object {Add-ADGroupMember -Identity ‘Head Office’-Members $_}
Now here are the users which are added to the Head Office Group.
Create Multiple Users with PowerShell
Step 1. In order to create Multiple Active Directory users at once with PowerShell, first you need to create a CSV file.
Note: You can create the CSV file in Text editor, Microsoft Excel, and other Programs. Here is a CSV file format which I already created.
When you type down the information for those accounts name, go the file menu and select save as while giving a name, at last put .csv and it will be saved as a CSV file.
Step 2. After creating the CSV file, you need to import that in PowerShell and create the users at once.
Type Import-CSV -Path ‘C:\’ | New-ADUser -PassThru | Set-ADAccountPassword -Reset -NewPassword (Read-host -AsSecureString “Account Password”) -PassThru | Enable-ADAccount
When you entered the command, it will ask to enter the Password for the Accounts, type down the Password and Press enter.
Summary
- Open Powershell.
- Create an OU with New-ADorganizationlUnit –Name TechLab –Path “DC=Techroze,dc=com” command.
- Create a New User with this command:New-ADUser -Name “Khaliq” -GivenName “Dad” -DisplayName “Khliq Dad” -Path “OU=Techlab,DC=Techroze,dc=com” -SamAccountName “Khaliq” -UserPrincipalName “Khaliq@Techroze.com” -AccountPassword $SecurePW -PassThru -PasswordNeverExpires $true -Surname “Dad”
- Then Enable the account with this command: Enable-ADaccount –identity “CN=Khaliq,OU=Techlab,DC=Techroze,dc=com” –Server “Ghulam.Techroze.com”
- Create a new Group with this command:New-ADGroup -Name “RODC Admins” -SamAccountName RODCAdmins -GroupCategory Security -GroupScope Global -DisplayName “DODC Admins” -Path “CN=Users,DC=Techroze,dc=com”
- Add the Users to the Group with this command:Get-ADUser -SearchBase ‘OU=Techroze lab,DC=Techroze,dc=com’ -Filter * | ForEach-Object {Add-ADGroupMember -Identity ‘Head Office’-Members $_}
- Create a CSV ( comma-separated values ) File with Text editor or Microsoft Excel.
- Import the CSV with this command: Import-CSV -Path ‘C:\’ | New-ADUser -PassThru | Set-ADAccountPassword -Reset -NewPassword (Read-host -AsSecureString “Account Password”) -PassThru | Enable-ADAccount
That’s all, I hope this article helped you Manage Active Directory Users & Computers Using PowerShell on Windows Server 2016. If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.