Bulk import AD users from csv using powershell without user intervention

Question

I'm trying to import users from a csv file using ADUser powershell cmdlet and here's the script

Import-Module ActiveDirectory
$csvcontent = Import-CSV -Path "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\import_create_ad_users_2a.csv"

foreach ($user in $csvcontent) {
$samAccountName = $user.GivenName.substring(0,1).ToLower()+$user.LastName.ToLower()
$userPrincinpal = $samAccountName+"@mmc.local"
New-ADUser
-AccountPassword (ConvertTo-SecureString -AsPlainText $user.Password -force)`
-ChangePasswordAtLogon $false`
-Company “mmc LLP.”`
-DisplayName ($user.GivenName+""+$user.Lastname)`
-userprincipalname $userPrincinpal`
-SamAccountName $samAccountName`    -Name ($user.GivenName+""+$user.Lastname)`
-Path “CN=Users,DC=mmc,DC=local”`
-state $user.County`
-givenname $user.GivenName`
-surname $user.Lastname`
-description ($user.Description)`
-Enabled $true`

Add-ADGroupMember "mmc_Users" $samAccountName;
}

But when I run the command in powershell, I get a prompt as listed below and I would like to import all the users listed in the csv file without any user intervention.

cmdlet New-ADUser at command pipeline position 1
Supply values for the following parameters:
Name:

Please review the script and let me know how to fix this.

FYI - Powershell beginner

Thanks,

Karthik

Answer 1

Few things that I think look wrong, but lets try to fix it. Changing the name is best done after the user has been created. This will limit the script from failing. Backticks can be used for someone who is just learning how to code and it allows you to see the code in a more logical way. You could also create an array as suggested, but that can get complicated and not give correct results.

Lets break down the script below. First we call ActiveDirectory Module, then we call the CSV. That part works great.

We can test it by using the following code that was provided:

Import-Module ActiveDirectory
$csvcontent = Import-CSV -Path "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\import_create_ad_users_2a.csv"
$csvcontent | Out-GridView

This should display something with your raw data, but an example is:

GivenName | LastName | Password | Description | Country

Karthik | CSVScript | 79HKJ#p8 | UserTest | Norway

Once we can confirm that the columns are correct. We can run the script

When you use the Import-CSV it imports the columns that you defined as a pipline($_.GivenName). This allows us not to create another variable. Calling it from the Import-CSV cmdlet will only use the fields that you provide in the raw data(CSV file).

You can save the following as a PS_Script called something like NewUser_CSV.ps1

The script below will only look at what you put into the columns. If something is not correct, that means the data in the CSV is wrong. This is a basic add AD users using a CSV file with no major error handling.

We will use the Transcript cmdlet to gather a log

#RUN AS ADMIN!
Start-Transcript -Path "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\import_create_ad_users_2a.log"
Import-Module ActiveDirectory
$csvcontent = Import-CSV -Path "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\import_create_ad_users_2a.csv"
$csvcontent | ForEach-Object {
$sam = $_.GivenName.substring(0,1)+$_.Lastname
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
 Try
 {
 New-ADUser $samAccountName `
 -Path "CN=_s,DC=mmc,DC=local" `
 -GivenName $_.GivenName `
 -Surname $_.LastName `
 -UserPrincipalName ($samAccountName + "@mmc.local")`
 -DisplayName ($_.GivenName + " " + $_.LastName) `
 -Description $_.Description `
 -Enabled $TRUE `
 -Company "mmc LLP." `
 -State $_.Country `
 -AccountPassword $setpass `
 -ChangePasswordAtLogon $False `
 -AccountPassword $setpass 

  $newdn = (Get-ADUser $samAccountName).DistinguishedName
            Rename-ADObject -Identity $newdn -NewName ($_.GivenName + " " + $_.LastName)
 }
  Catch
{
 Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
}
}
Stop-Transcript

I really hope this helps you out and gets the task done for you. Good luck with learning PowerShell.

Answer 2

Backticks are generally worth avoiding. They work by escaping the next character, which on the end of a line is the newline character so it allows the command to continue. However its too easy to end up with a space after the backtick that you can't see, which then ends up getting escaped and not the newline. That doesn't seem to be the case above, but as TessellatingHeckler pointed out you were missing one after New-ADUser.

A better solution (to keep the code from going too far horizontal) would be to use splatting like this:

Import-Module ActiveDirectory
$csvcontent = Import-CSV -Path "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\import_create_ad_users_2a.csv"

foreach ($user in $csvcontent) {

    $samAccountName = $user.GivenName.substring(0,1).ToLower()+$user.LastName.ToLower()
    $userPrincinpal = $samAccountName+"@mmc.local"

    $NewUserParams = @{
        AccountPassword = (ConvertTo-SecureString -AsPlainText $user.Password -Force)
        ChangePasswordAtLogon = $false
        Company = “mmc LLP.”
        DisplayName = ($user.GivenName+""+$user.Lastname)
        userprincipalname = $userPrincinpal
        SamAccountName = $samAccountName  
        Name = ($user.GivenName+""+$user.Lastname)
        Path = “CN=Users,DC=mmc,DC=local”
        state = $user.County
        givenname = $user.GivenName
        surname = $user.Lastname
        description = ($user.Description)
        Enabled = $true
    }

    New-ADUser @NewUserParams
    Add-ADGroupMember "mmc_Users" $samAccountName
}

This works by creating a hashtable @{ } with each of the parameters in it that you want to set and then sending that hashtable to the cmdlet with the special @ character.