Today I was teaching MOC10325 – PowerShell.

One problem I experienced and have experienced before, was that an AD account have to have set password before you can enable them.

First of all we need to have the ActiveDirectory module installed. This is automatically installed on Windows 2008 R2 Domain Controllers, but can be installed on your Windows 7 Machine by installing RSAT (Remote Server Administration Tools) and adding the “Active directory Service Module for Windows PowerShell” feature in Programs And Features -> Turn Windows features on and off.

image

this means that the example seen in different books and websites does not work, unless you have no password policy enabled:

import-csv e:\users\newusers.csv |
new-aduser -path "ou=test1,dc=contoso,dc=com" -passthru | enable-adaccount

 

We have to use Set-ADAccountPassword to set the password first, otherwise the password policy will reject the users becoming enabled.

So I referred to the help file of Set-ADAccountPassword and it says:

-PassThru <switch>

Returns the new or modified object. By default (i.e. if -PassThru is no

t specified), this cmdlet does not generate any output.

so I tried the following:

new-aduser -path "ou=test1,dc=contoso,dc=com" -passthru |
Set-AdAccountPassword -PassThru -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Pa$$w0rd" -Force) |
Enable-AdAccount

 

but it didn’t work!, for some reason. Set-ADAccountPassword does not produce any output, even when the passthru is specified.

I had a problem. I have one output and 2 commands that needs the output as their input, and I have to set the password first, before I can enable the account.

I can up with this solution, and it works:

Import-Module ActiveDirectory
import-csv e:\users\newusers.csv |
New-ADUser -path "ou=test1,dc=contoso,dc=com" -passthru |
ForEach-Object {
    $_ | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Pa$$w0rd" -Force)
    $_ | Enable-ADAccount }

 

I utilize the foreach-object cmdlet, to be able to run more than one command.

and by sending the $_ into both commands, I get the result I want in the correct order.

Of cause this could have been written in one line, but remember to add the ; in the end of each logical line.