PowerShell: Creating new users from CSV with password and enabled accounts or How to Pipe into multiple cmdlets

Today I was teaching MOC10325 – PowerShell.

One problem I experienced and have experienced before, was that an AD account have to have set password before you can enable them.

First of all we need to have the ActiveDirectory module installed. This is automatically installed on Windows 2008 R2 Domain Controllers, but can be installed on your Windows 7 Machine by installing RSAT (Remote Server Administration Tools) and adding the “Active directory Service Module for Windows PowerShell” feature in Programs And Features -> Turn Windows features on and off.

this means that the example seen in different books and websites does not work, unless you have no password policy enabled:

import-csv e:\users\newusers.csv |
new-aduser -path "ou=test1,dc=contoso,dc=com" -passthru | enable-adaccount

We have to use Set-ADAccountPassword to set the password first, otherwise the password policy will reject the users becoming enabled.

So I referred to the help file of Set-ADAccountPassword and it says:

-PassThru <switch>

Returns the new or modified object. By default (i.e. if -PassThru is no

t specified), this cmdlet does not generate any output.

so I tried the following:

new-aduser -path "ou=test1,dc=contoso,dc=com" -passthru |
Set-AdAccountPassword -PassThru -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Pa$$w0rd" -Force) |
Enable-AdAccount

but it didn’t work!, for some reason. Set-ADAccountPassword does not produce any output, even when the passthru is specified.

I had a problem. I have one output and 2 commands that needs the output as their input, and I have to set the password first, before I can enable the account.

I can up with this solution, and it works:

Import-Module ActiveDirectory
import-csv e:\users\newusers.csv |
New-ADUser -path "ou=test1,dc=contoso,dc=com" -passthru |
ForEach-Object {
    $_ | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Pa$$w0rd" -Force)
    $_ | Enable-ADAccount }

I utilize the foreach-object cmdlet, to be able to run more than one command.

and by sending the $_ into both commands, I get the result I want in the correct order.

Of cause this could have been written in one line, but remember to add the ; in the end of each logical line.

By Jakob Gottlieb Svendsen|2011-06-08T12:23:17+01:00juni 8th, 2011|Powershell, Scripting & Development|12 Comments

Om forfatteren: Jakob Gottlieb Svendsen

Twitter: @JakobGSvendsen

Jakob Gottlieb Svendsen is a Microsoft Cloud and Data Center Management MVP (http://mvp.microsoft.com/en-us/default.aspx), Working as Global Lead Developer, Senior Consultant and Trainer at CTGlobal, where he is one of the driving forces in keeping CTGlobal a System Center Gold Partner and member of the System Center Alliance.

Since he started at Coretech in 2007, he has focused on Scripting and Development, primarily developing tools, extensions and scripts for the System Center Suite. His main area is Automation (including OMS/Azure Automation, Service Management Automation, PowerShell and Orchestrator). Another area is Windows Azure Pack / Azure Stack, where he does implementation, development, workshops and presentations. He is a world-wide renowned voice in the Automation field.

He is passionately devoted to the community, to which he contributes by being a moderator at TechNet and sharing his knowledge at https://blog.ctglobalservices.com/jgs

Co-founder: PowerShell User Group Denmark
Speaker at MMS 2016, Minneapolis (www.mmsmoa.com)
SCU Europe 2014, 2015, 2016 (www.systemcenteruniverse.ch)
Microsoft TechEd North America 2014, Houston
NIC 2012,2013,2014,2015, Oslo (www.nic.com)
Microsoft CampusDays 2011, 2013, Copenhagen
Microsoft TechDays 2015, Sweden (www.techdays.se)
Microsoft Partner Event: New in SC2012 SP1
User group meetings (PSUG.DK , SCUG.DK/BE/NO, AZMUG + more)
Microsoft Certified Trainer.
Microsoft Scripting Guys Forum Moderator

Main working areas:

Automation (Azure Automation, SMA, SCO)
Windows Azure Pack / Azure Stack
System CenterVisual Studio Team Services / Team Foundation Server
Development:C#.Net, VB.NET, VBScript, PowerShell, Service Manager, OpsMgr, ConfigMgr
Orchestrator
Windows Azure Pack / Azure Stack

Training:

Azure Automation
Service Management Automation
System Center Orchestrator
PowerShell, VBScript, C#.Net, VB.Net
Windows Azure Pack / Azure Stack Development Workshops

12 kommentarer

Semiha november 7, 2011 af 21:59

Hi,

How can i set-ADUser password from CSV file (password is a column in the same CSV file)Can you suggest something, i couldn’t find right cmdlets.

Thank you so much, for useful information.
- Jakob Gottlieb Svendsen november 9, 2011 af 11:52
  
  i think something like this would work:
  
  Import-Module ActiveDirectory
  import-csv e:usersnewusers.csv |
  
  ForEach-Object {
  $password = $_.password
  $_ | New-ADUser -path “ou=test1,dc=contoso,dc=com” -passthru |
  ForEach-Object {
  $_ | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force)
  $_ | Enable-ADAccount }
  }
  
  if the column with password is called password.
  so we set the passwor dvariable each time, and then create the user.
  i have no ways of testing atm though.
  - Semiha november 10, 2011 af 15:22
    
    Hi,
    
    It is worked! Thank you so much.
  - Todd juli 31, 2015 af 22:28
    
    Thank you, we worked all day on this and you had the correct solution! 2 for loops is needed for the password set to work, thank you!
Tony Gordon's bits of knowledge » Blog Archive » Power Shell: Creating users from csv file with passwords marts 23, 2012 af 2:25

[…] http://blog.coretech.dk/jgs/powershell-creating-new-users-from-csv-with-password-and-enabled-account… […]
Peter Toldam september 20, 2012 af 12:56

Hi Jakob
Thanks for you writing. It has helped me in my scripting.
Just a minor writing bug. You forgot a “)” in your example: “(ConvertTo-SecureString -AsPlainText “Pa$$w0rd” -Force | ”
//Peter
- Jakob Gottlieb Svendsen september 20, 2012 af 13:02
  
  fixed. thank you 🙂
Dean Anderson oktober 16, 2012 af 17:13

Hi Jakob,

I found your thread very useful. I’m 75% of the way there to getting it to work, but need your expertise. In addition to your above command I was also looking to add the ‘MemberOf’ attribute (thru command or csv) and pwdLastSet “0” (password reset on next login). Any assistance you could provide would be extremely appreciated.
Soofire november 22, 2012 af 20:21

Hi Jakob,
Finally got the Set-ADAccountPassword cmdlet working.
Cheers.
Creating AD users in bulk with PowerShell | Terri Donahue december 13, 2012 af 18:50

[…] way I was setting the password in the script. I googled the issue and low and behold there was a blog written about this exact […]
Rajesh maj 23, 2014 af 6:48

Kindly workout using active directory manager tool,it provides csv import with password with more opts.

http://www.adsysnet.com/downloads.aspx
James Morris marts 18, 2016 af 14:18

The next step would to automate it by scheduling the script. Good example of how it can be done here: http://www.adaxes.com/tutorials_ActiveDirectoryManagement_ImportUserAccountsFromCSVFile.htm