PowerShell – Create Bulk Active Directory Accounts and Add Them to A Group

Kevin TrentJuly 17, 2020July 17, 2020Microsoft

Recently I was tasked with helping a company build out a solution for remote training classes. We chose Microsoft’s Remote Desktop Services as the platform. I needed to develop a method to create bulk accounts for the students and place those accounts into the AD security group that granted access to the remote app.

Most admins have probably come across the New-AdUser cmdlet at some point. Combining it with a For-Each loop and a sequential digit was easy enough. The most difficult piece to figure out was adding each newly minted user to the security group that allowed access to the remote application.

The secret sauce is the passthru switch. Using it prevented me from having to code some elaborate process to find each account and add them separately. Make sure you update the variables to match your environment and the script will need to be run on a domain controller or system with the AD management tools installed.

If you wanted to configure the script to be run by an end user to setup a new class, change the script’s variables to use read-host which will prompt the for the values. For example; $Password = Read-Host “Enter Password”.

#Must be run from DC or system with AD Admin Tools installed and joined to domain
#Creates sequencial bulk users with the same password
#Adds those users to the group specified in $group use the DN 
#Change the Path to the OU you want the accounts to be created in
#Edit the ChangePasswordAtLogon switch as appropriate, $true forces users to update password and $false does not
Import-Module ActiveDirectory 
 
#Variables
$OUPath = "OU=Training,OU=Users,DC=Domain,DC=local"
$BaseUsername = "Training"
$Password = "NewStudent!"
$Number = "20"
$ADGroup = "CN=RDS Training Class,OU=Training,DC=Domain,DC=local"
$Incremeant = 1..$number
foreach ($i in $Incremeant){
	$NewUser = New-AdUser -Name $BaseUsername$i -Path $OUPath -Enabled $True -ChangePasswordAtLogon $true
	-AccountPassword (ConvertTo-SecureString "$Password" -AsPlainText -force) -passThru 
	Add-ADGroupMember -Identity "$ADGroup" -Members $NewUser
}

Published by Kevin Trent

IT professional with decades of experience in Infrastructure, Architecting, Administration, Development, and Communications. View all posts by Kevin Trent

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: