Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 : Administering Active Directory using Windows PowerShell (part 1) - Managing user accounts with Windows PowerShell

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
8/27/2014 4:04:20 AM

Managing user accounts with Windows PowerShell

Creating and managing user accounts is a common Active Directory administration task. Windows PowerShell provides considerable flexibility in how this can be done on the Windows Server 2012 platform. Typing Get-Command *ADUser at a Windows PowerShell prompt shows there are four cmdlets for managing users accounts:

  • New-ADUser Creates a new Active Directory user

  • Get-ADUser Gets one or more Active Directory users so that you can perform some action with them

  • Set-ADUser Modifies the properties of an existing Active Directory user

  • Remove-ADUser Removes the specified user from Active Directory

Any administration of user accounts using Windows PowerShell involves using one or more of these cmdlets. The following sections demonstrate some of the ways this can be done with regard to new user account creation using the New-ADUser cmdlet. The actual approach you might choose depends on the particular needs of your situation.

Example 1: Create a single new user account

To create a new user account for Phil Gibbins using pgibbins for the user’s SAM account name and for the user’s UPN logon, you can use the New-ADUser cmdlet as follows:

PS C:\> New-ADUser -Name "Phil Gibbins" -GivenName Phil -Surname Gibbins `
-SamAccountName pgibbins -UserPrincipalName [email protected]

Note that there is no output if the command runs successfully. The resulting properties of the new user account when it is opened in ADAC are shown in Figure 1. Note that there are numerous other properties you could have specified when creating the account. Each of these additional properties has a parameter associated with it when using the New-ADUser cmdlet.

A new user account created using the New-ADUser cmdlet.
Figure 1. A new user account created using the New-ADUser cmdlet.

Note

Where new users are created

If you try the preceding example, you’ll discover that the user account for Phil Gibbins is created in the Users container of the domain. To create a user account in a different location, you must specify the –Path parameter with this command. For example, to create this account in the location ou=Seattle Users OU,ou=Seattle OU OU,dc=corp,dc=contoso,dc=com in Active Directory, you could append –Path “ou=Seattle Users OU,ou=Seattle OU OU,dc=corp,dc=contoso,dc=com” to the command used in the preceding example.

Example 2: Create a new user account, and specify a password

To specify a password when you create the user account for Phil Gibbins, you can use the Read-Host cmdlet. With this cmdlet, you enter a password when you run the command, as shown by the highlighted code in the following example:

PS C:\> New-ADUser -Name "Phil Gibbins" -GivenName Phil -Surname Gibbins `
-SamAccountName pgibbins -UserPrincipalName [email protected] `
-AccountPassword (Read-Host -AsSecureString "AccountPassword")

Example 3: Create and enable a new user account

When you use the New-ADUser cmdlet to create a user account, the new account is disabled and cannot be enabled unless either of the following has occurred:

  • A valid password has been set for the account.

  • The –PasswordNotRequired parameter has been set to true.

To create a user account for Phil Gibbins, specify a password, and enable the new account, you can use the following command:

PS C:\> New-ADUser -Name "Phil Gibbins" -GivenName Phil -Surname Gibbins `
-SamAccountName pgibbins -UserPrincipalName [email protected] `
-AccountPassword (Read-Host -AsSecureString "AccountPassword") `
-PassThru | Enable-ADAccount

The –PassThru parameter, which has been added to the New-ADUser command just shown, returns the newly created user account object so that it can be piped into the Enable-ADAccount cmdlet to enable the new account.

Example 4: Bulk-create new user accounts

A good example of how Windows PowerShell can be used to automate a common Active Directory management task is the bulk creation of users. For example, you can combine the previous examples with the Import-Csv cmdlet which allows you to read in data from a comma-separated values file (CSV), to create multiple user accounts in a single operation.

To illustrate this, the file new-users.csv contains a line of header information followed by attributes for three user accounts as follows:

Name,GivenName,Surname,SamAccountName,UserPrincipalName
Arno Bost,Arno,Bost,abost,[email protected]
Peter Fischer,Peter,Fischer,pfischer,[email protected]
Manish Chopra,Manish,Chopra,mchopra,[email protected]

The following command reads the CSV file and pipes its contents into the New-ADUser cmdlet, sets the password for each user account as Pa$$w0rd, and ends by enabling the accounts:

PS C:\> Import-Csv C:\data\new-users.csv | New-ADUser -PassThru | `
Set-ADAccountPassword -Reset `

-NewPassword (ConvertTo-SecureString -AsPlainText 'Pa$$w0rd' -Force)`
-PassThru | Enable-ADAccount

The highlighted portion of this command takes the string “Pa$$w0rd” and converts it from plain text to a secure string so that it can be used by the –NewPassword parameter of the Set-ADAccountPassword cmdlet. The –Force parameter is needed to suppress the confirmation prompt generated by use of the –AsPlainText parameter.

Note

REAL WORLD Bulk account creation

Bulk creation of user accounts, computer accounts, groups, or other types of directory objects involves two steps:

  • Creating the source file with the information for the accounts that need to be created

  • Creating the command or script that takes the source file and uses it to bulk-create the new accounts

The CSV format used in the example in this section is a universal format supported by numerous applications, including Microsoft Excel, Microsoft Access, and even Microsoft SQL Server. By using a program like Excel to create the source information and save it in CSV format, you can quickly and easily bulk-create accounts in Active Directory.

Example 5: Create new user accounts from a template account

A template account is an account you use as a basis for creating other accounts. By configuring template account properties that are common to the other accounts you need to create, you can reduce the amount of information you need to provide for creating the additional accounts.

For example, you could configure properties like the account expiration date and password options in a template account if these will be the same for the other user accounts you need to create. You might also configure properties like Company, Address, City, and Country in the template account. That way, you won’t need to specify these properties when you create the other user accounts.


Other -----------------
- Windows Server 2012 : Enabling advanced features using ADAC (part 3) - Creating fine-grained password policies
- Windows Server 2012 : Enabling advanced features using ADAC (part 2) - Configuring fine-grained password policies
- Windows Server 2012 : Enabling advanced features using ADAC (part 1) - Enabling and using the Active Directory Recycle Bin
- SQL Server 2012 : Latch Contention Examples - UP Latches in tempdb, Spinlock Contention in Name Resolution
- SQL Server 2012 : Latch Contention Examples - Queuing
- SQL Server 2012 : Latch Contention Examples - Inserts When the Clustered Index Key Is an Identity Field
- SQL Server 2012 : Latches and Spinlocks - Monitoring Latches and Spinlocks
- SQL Server 2012 : Latches and Spinlocks - SuperLatches/Sublatches
- SQL Server 2012 : Latches and Spinlocks - Latch Types, Latch Modes
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - Client-Side Object Model API Coverage
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server