New-ADUser -SamAccountName cedge -AccountPassword (read-host "Set user password" -mypassword) -name "Charles Edge" -enabled $true -PasswordNeverExpires $false -ChangePasswordAtLogon $trueOnce created, the account likely needs to be made a member of some groups. At this point, we’ll need to identify the user by cn (so if the user is in a specific OU, that would need to be included in the -Identity parameter. Because namespace collisions can happen, you’ll need to provide the full CN of both the user (using the Identity parameter) and the group (using the MemberOf parameter). Let’s say I’m going to add that account that I just created, which is in Users of krypted.com to the Enterprise Admins group of the same domain, that would look like this:
Add-ADPrincipalGroupMembership -Identity "CN=cedge,CN=Users,DC=corp,DC=krypted,DC=com" -MemberOf "CN=Enterprise Admins,CN=Users,DC=contoso,DC=com","CN=Domain Admins,CN=Users,DC=krypted,DC=com"Overall, it’s pretty easy to call these cmdlets from other scripts, so for example, if you wanted to build a system that allowed an HR professional to enter a username and password for a user then create their account in AD, Google Apps and a few other solutions, this would make for the first step, piping that account name and password into each.
krypted October 4th, 2013
Posted In: Windows Server