Bulk Create AD User

Hi all, this is my first PowerShell script. The purpose is to use a CSV file to speed up and improve accuracy of single and multiple user account creations for a client.

Here is the script.

# Import Modules for Active Directory and to sync to 365
Import-Module ActiveDirectory
Import-Module DirSync
# Prompt for CSV path
$csvfilepath = Read-Host -Prompt "Please enter the path to the CSV file"
# Import the file into a variable
$users = Import-Csv $csvfilepath
# Pass through the file to gather information
foreach ($user in $users){
    # Define user information variables
    $FNAME = $user.'First Name'
    $LNAME = $user.'Last Name'
    $DN = $user.'First Name' + " " + $user.'Last Name'
    $UN = $user.'First Name' + "." + $user.'Last Name'
    $SP = $user.'ScriptPath'
    $OU = $user.'OU Path'
    #Create password
    $PW = $user.Password | ConvertTo-SecureString -AsPlainText -Force
    # Create the AD
    New-ADUser -Name $DN -GivenName $FNAME -Surname $LNAME -DisplayName $DN -UserPrincipalName $UN@domain.co.uk -SAMAccountName $UN -EmailAddress $UN@domain.co.uk -Path $OU -AccountPassword $PW -ChangePasswordAtLogon $True -Enabled $True -ScriptPath $SP -OtherAttributes @{proxyAddresses="SMTP:$UN@domain.co.uk","smtp:$UN@domain.onmicrosoft.com"} 

    # Output
    echo "Account created $UPN in $OU"

# Command to sync to 365

There are a couple of things I am struggling with however.

Because the client is synced to 365 I need to populate the proxyAddresses and targetAddress attribute fields. I’ve managed to get the proxyAddresses to work but I am not sure how to add the targetAddress as well.

Another thing I need assistance with is being able to specify AD groups for the users in question. For example, User 1 needs to be a member of; All Users, Department 1 Share, Allow Removable USB Devices. And User 2; All Users, Department 1 Share

Any advice would be greatly appreciated.

Look into using new-remotemailbox to handle the proxy and target addresses.


For the groups, you could use AD user templates.

In the OtherAttributes parameter, this is a hash table, so you just need to use a semicolon to separate proxyAddresses and targetAddress:

-OtherAttributes @{proxyAddresses="SMTP:user@domain1.com","smtp:user@domain2.com";targetAddress="user@domain1.com"}

For the group memberships, add logic based on attributes such as department, division or title. You could also add a column to the CSV with True/False values for non-attribute groups (like the USB drive group you mentioned). For example, the column ‘AllowUSB’ has TRUE for User1 and FALSE for User2. Then use a switch or if/else statement to handle the logic to add to the group. The same would go for a department group: if department equals “Department 1”, add to the appropriate department group(s).

Hope this helps!

Firstly, welcome to the PowerShell world, and good job on your first attempt.

However, FYI… a quick way to get a script written for you (even with zero knowledge of PowerShell) is to use the tools provided by Microsoft before running at it from scratch.

In Windows Server 2008 R2 and higher, there is a management console called, ADAC (Active Directory Administrative Center).
You click through the steps to do X action, it writes the script for you that you can use as is or ()copy and paste into the PowerShell ISE, VSCode, or editor of your choice tweak for your use case.

Introduction to Active Directory Administrative Center Enhancements (Level 100)

Use Active Directory Administrative Center to Create PowerShell Commands in Windows Server 2012
Use Active Directory Administrative Center to Create PowerShell Commands in Windows Server 2012 | Petri IT Knowledgebase

Step-By-Step: Utilizing PowerShell History Viewer in Windows Server 2012 R2

Thank you, I’ll be sure to check those out!

Moving to correct forum.