Using PowerShell to create a new Active Directory user_Windows Server 2019 Cookbook-QQ阅读男生武侠网

书名：Windows Server 2019 Cookbook
作者名：Mark Henderson Jordan Krause
本章字数：793字
更新时间：2021-06-18 18:26:35

Using PowerShell to create a new Active Directory user

Creating new user accounts in Active Directory is pretty standard stuff, but doing it the traditional way requires a lot of mouse clicks. Since we know that PowerShell can be used to accomplish anything within Windows Server 2019, but not many people actually employ it regularly, let's implement this common task as a recipe to be accomplished with PowerShell rather than the GUI.

Getting ready

We will use PowerShell on any Windows machine that is either a DC or has the Active Directory RSAT tools installed.

How to do it…

Follow along to create a new user account in Active Directory by using the PowerShell Command Prompt:

Launch a PowerShell Command Prompt as an Administrator.
Enter the following command in order to create a new user account with very simple parameters:
Import-Module ActiveDirectory
New-ADUser -Name 'John Smith' -UserPrincipalName 'jsmith@cookbook.packt.com ' -SamAccountName 'jsmith'

Figure 2.26 – Output of the New-ADUser PowerShell command
Tip
You may have noticed that this account's User Principle Name is @cookbook.packt.com – not @ad.cookbook.packt.com. This is because I have added an additional UPN suffix to my domain to make my Active Directory usernames match the user's email address.
If you open up the GUI for Active Directory Users and Computers, you will see that John Smith has now been created as a User account. There aren't many properties that exist within this account as it is pretty simple, but it will work in order to get a new user up and running:

Figure 2.27 – Showing the default Users OU in Active Directory Users and Computers
Now, let's create another new user, this time adding some additional parameters to our code in order to populate more of the typical user information. You may have also noticed that our new John Smith user account is currently disabled – this happens automatically when you create a new user account but do not populate a password. So, we will add some more information, up to the first name and surname. We will also specify a couple of additional parameters in order to make sure the account is enabled and to require that the user changes their password during their initial login:
New-ADUser -Name 'Jase Robertson' -UserPrincipalName 'jrobertson@cookbook.packt.com ' -SamAccountName 'jrobertson' -GivenName 'Jase' -Surname 'Robertson' -DisplayName 'Jase Robertson' -AccountPassword (Read-Host -AsSecureString 'AccountPassword') -ChangePasswordAtLogon $true -Enabled $true
This results in the following output:

Figure 2.28 – Output of the New-ADUser command with optional additional user configuration
Open Active Directory Users and Computers again and take a look at our new Jase Robertson user account. You will see that the account is enabled and ready for use and that is also has much more information populated:

Figure 2.29 – General properties for an Active Directory user
Move over to the Account tab. You will also see that box for User must change password at next logon is now checked, just like we specified in our PowerShell command:

Figure 2.30 – Additional account properties for an Active Directory user

Using this small PowerShell cmdlet, you could take things a lot further if you wanted. For example, if your HR department was to email you an Excel spreadsheet of all the new hires starting next week, you could save that spreadsheet as a CSV and use PowerShell's Import-CSV cmdlet to read the spreadsheet and create all the new users for you automatically. A small script could save you many hours of work in the future.

How it works…

By using PowerShell, we are able to create new Active Directory user accounts right from a command interface, rather than logging into a server and launching the graphical interface in order to accomplish this common task. Can your New-ADUser commands become extremely lengthy in order to populate all of the attributes you want to include? Yes. However, can saving and running a PowerShell script that utilizes the New-ADUser cmdlet save you time in the long run? Absolutely! It might take a few minutes of thought and testing in order to get your script to the point where it populates the information that you would like, but once you have created and saved that script, it can be modified and run quickly in the future in order to create new accounts. There is even a way to utilize the New-ADUser cmdlet to copy properties from an existing user account while it sets up the new one, which may also help save you some time and energy on new user account creations.