PowerShell – Create Bulk Active Directory Accounts and Add Them to A Group

Recently I was tasked with helping a company build out a solution for remote training classes. We chose Microsoft’s Remote Desktop Services as the platform. I needed to develop a method to create bulk accounts for the students and place those accounts into the AD security group that granted access to the remote app.

Most admins have probably come across the New-AdUser cmdlet at some point. Combining it with a For-Each loop and a sequential digit was easy enough. The most difficult piece to figure out was adding each newly minted user to the security group that allowed access to the remote application.

The secret sauce is the passthru switch. Using it prevented me from having to code some elaborate process to find each account and add them separately. Make sure you update the variables to match your environment and the script will need to be run on a domain controller or system with the AD management tools installed.

If you wanted to configure the script to be run by an end user to setup a new class, change the script’s variables to use read-host which will prompt the for the values. For example; $Password = Read-Host “Enter Password”.

#Must be run from DC or system with AD Admin Tools installed and joined to domain
#Creates sequencial bulk users with the same password
#Adds those users to the group specified in $group use the DN 
#Change the Path to the OU you want the accounts to be created in
#Edit the ChangePasswordAtLogon switch as appropriate, $true forces users to update password and $false does not
Import-Module ActiveDirectory 
 
#Variables
$OUPath = "OU=Training,OU=Users,DC=Domain,DC=local"
$BaseUsername = "Training"
$Password = "NewStudent!"
$Number = "20"
$ADGroup = "CN=RDS Training Class,OU=Training,DC=Domain,DC=local"
$Incremeant = 1..$number
foreach ($i in $Incremeant){
	$NewUser = New-AdUser -Name $BaseUsername$i -Path $OUPath -Enabled $True -ChangePasswordAtLogon $true
	-AccountPassword (ConvertTo-SecureString "$Password" -AsPlainText -force) -passThru 
	Add-ADGroupMember -Identity "$ADGroup" -Members $NewUser
}

About Kevin Trent

IT professional with almost 30 years of experience in Infrastructure, Architecting, Administration, Development, and Communications.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s