Skip to content
  • Guides
    • OS X Server 5 Guide (El Capitan and Yosemite)
    • OS X Server 4 Guide (Mavericks)
    • OS X Server 3 Guide (Yosemite)
    • OS X Server 2 Guide (Mountain Lion)
    • Apple Configurator 2 Guide
    • Apple Configurator 1 Guide
    • List Of Mac OS X Error Codes
    • Windows Server 2012
    • Xsan
    • Apple Watch Guide
  • Commands
    • Amazon s3cmd Commands
    • Crosh Commands (ChromeOS Shell Commands)
    • Final Cut Server Commands
    • FTP Commands
    • Linux Bash Commands
    • Mac Commands
    • Podcast Producer Commands
    • Powershell Commands
    • Windows Commands
    • Xsan Commands
  • Reference
    • Common Apple Ports
    • authorizationdb Defaults in macOS 10.14
    • List Of Mac OS X Error Codes
    • CIDR Conversion Table
    • HTML Encoding Reference
    • Nike+ and NikeFuel Badge List
    • Fitbit Badge List
    • Foursquare Badge List
    • Apple Watch Achievements List
    • List of All Swarm Stickers
  • Apple Community
    • Apple Admin Conferences
    • MacAdmins
    • Speaking Engagements
    • Glossary of Apple Terms
  • Whoami
    • whoami
    • Legacy Mac Apps
    • Books
    • Dead Tech Books
    • Clothes
    • Minneapolis Breweries and Distilleries
krypted

Tiny Deathstars

Windows Server

Creating Users On Windows Server 2012 Using PowerShell

October 4, 2013

Scripting user creation in Windows Server is something we’ve long done using LDIF files; however, when building a system that creates users in more of a one-off capacity it’s pretty easy to script the creation process using PowerShell, piping information in from other solutions. To create a user, use the New-ADUser cmdlet.

I’ve found that we usually need to populate this with a few pieces of information, including the account name (SamAccountName), the password (AccountPassword), the full name (name) enabling the account (enabled), setting the password not to expire (PasswordNeverExpires) and forcing the user to change their password when they log on (ChangePasswordAtLogon). Respectively, the following example would create user cedge with a password of mypassword, a name of Charles Edge, enabling the account, allowing the password to expire and forcing me to change my password the first time I log in:

New-ADUser -SamAccountName cedge -AccountPassword (read-host "Set user password" -mypassword) -name "Charles Edge" -enabled $true -PasswordNeverExpires $false -ChangePasswordAtLogon $true

Once created, the account likely needs to be made a member of some groups. At this point, we’ll need to identify the user by cn (so if the user is in a specific OU, that would need to be included in the -Identity parameter. Because namespace collisions can happen, you’ll need to provide the full CN of both the user (using the Identity parameter) and the group (using the MemberOf parameter). Let’s say I’m going to add that account that I just created, which is in Users of https://krypted.com/ to the Enterprise Admins group of the same domain, that would look like this:

Add-ADPrincipalGroupMembership -Identity "CN=cedge,CN=Users,DC=corp,DC=krypted,DC=com" -MemberOf "CN=Enterprise Admins,CN=Users,DC=contoso,DC=com","CN=Domain Admins,CN=Users,DC=krypted,DC=com"

Overall, it’s pretty easy to call these cmdlets from other scripts, so for example, if you wanted to build a system that allowed an HR professional to enter a username and password for a user then create their account in AD, Google Apps and a few other solutions, this would make for the first step, piping that account name and password into each.

Active DirectorycmdletCreate UsersMemberOfpowershellput a user in a groupscripting user account creationWindows Serverwindows server 2012
By krypted
Savona Theme by Optima Themes