![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
<\/h2>\n <\/h2>\nHey, Scripting Guy! In your last article, you showed how to create random passwords for users and how to write that password out to a CSV file. You said if anyone asked that you would show how to use that CSV file and create a user from it. Well, here I am, asking you. Show me the script. I’ll send chocolate.<\/p>\n
– LZ<\/p>\n
![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
<\/p>\n
Hi LZ,<\/p>\n
Mmm…chocolate. I am glad you asked because it gives me a chance to create a really cool script. We are going to use two functions from our previous “Hey, Scripting Guy!” article: the CreatePassword<\/b> function and the LtrFmAscii<\/b> helper function that is used to get the letter equivalent from the ASCII integer value. We also need to create two more functions: one that will create a comma separated value (CSV) file that contains user names from a text file, as well as the newly created random passwords for each user. The next function we need to create is one that will read the CSV file and create the user accounts in Active Directory. Here is the complete script, which illustrates several important Windows PowerShell concepts such as creating temporary text files, renaming text files, using regular expressions, and a few others as well:<\/p>\n Let’s begin by taking a look at the CreateFile<\/b> function. The first thing we need to do is assign a string that represents the name and the path of the new file we will create. The new file will be named UsersAndPassword.csv<\/b> and we store this information in the script-level variable newText<\/b>. This is seen here:<\/p>\n As a convenience we check for the existence of the UsersAndPassword.csv<\/b> file. If we find it, we delete the file. If you do not want this behavior, I would recommend you comment out the line of code by placing a #<\/b> in front of the line of code. Here is the uncommented line:<\/p>\n The next thing we do is create a temporary file to hold our user names and the associated passwords. We do this to keep from messing up the list of user names. The temporary file name is generated by using the static method GetTempFileName<\/b> from the system.io.path<\/b> .NET Framework class. Because we are using a static method, we do not need to create an instance of the system.io.path<\/b> class (by using New-Object<\/b>); rather, we can call the method directly by placing the class name in square brackets and using double colons to decorate the method name. In the code below, we do not include the word \u201csystem\u201d because it is not required. With Windows PowerShell we assume .NET Framework class namespaces are preceded with “system.” This is seen here:<\/p>\n We now use the variable $content<\/b> to hold the header information for our CSV file. The end of the line is a carriage return and a line feed (equivalent to VBScript vbcrlf<\/b>). This is seen here:<\/p>\n Now we need to read the text file containing the list of user names. We use the Get-Content<\/b> cmdlet to do this. We then pass the user names into the pipeline one item at a time, and we use the ForEach-Object<\/b> cmdlet to work with each item as it comes down the pipeline. The first thing we do is call the CreatePassword<\/b> function. When we have the password, we append it to the $content<\/b> variable, which already has our CSV header information. We use the +=<\/b> operator to append to the variable. The user name is stored in the automatic variable $_<\/b>, which represents the current item on the pipeline. We build a string that contains the user name, a comma, and the password that is offset with quotation marks. To allow us to use quotation marks inside a string we need to escape them by using the back tick character. We then add a carriage return line feed to the end of the line by using `r`n<\/b>. Note that it must be in this order. You can use a line feed carriage return `n`r<\/b>, but it will not work the same way. The last thing we need to do is empty the script level $password<\/b> variable. We do this by assigning it the $null<\/b> value. This section of code is seen here:<\/p>\n The last two things we need to do is use the Set-Content<\/b> cmdlet to write the contents of the $content<\/b> variable to the temporary text file represented by the $tmpText<\/b> variable. Last, we need to rename the temporary file and move it to the location we specify in the newText<\/b> variable. We do this by using the Move-Item<\/b> cmdlet. There is a Rename-Item<\/b> cmdlet, but it only allows you to rename items\u2014it does not move items. The Move-Item<\/b> cmdlet will allow you to rename and move at the same time and is what we choose to use here:<\/p>\n Now we get to the CreateUser<\/b> function. The first thing we do is use the Import-Csv<\/b> cmdlet to import our newly created CSV file that is referenced by the script-level variable $newText<\/b>. We store the array of items from the CSV file into the $aryUser<\/b> variable. This is seen here:<\/p>\n We now initialize a couple of local variables. The first one is used to specify the class of object we are going to create in Active Directory. We are going to create users, so we assign the string value “User” to the $Class<\/b> variable. Now we assign a value for the domain we are going to work with. We are in the nwtraders<\/b> domain, so we specify dc=nwtraders,dc=com<\/b>. This section of code is seen here:<\/p>\n As we walk through the array of user names and passwords, we need to ensure the user name begins with a letter of some kind. To do this, we use the regular expression pattern a-zA-Z<\/b>, which means any lowercase letter and any uppercase letter. This is shown here:<\/p>\n Now we specify the organizational unit we are going to connect to and use the [adsi]<\/b> type accelerator to connect to the organizational unit named ou=myTestOu<\/b> in the dc=nwtraders,dc=com<\/b> domain. We now need to prepend cn=<\/b> to each user name, and when it is done, we call the Create<\/b> method and give it the class of the object to create and the name of the object. We store the returned DirectoryEntry<\/b> object in the $user<\/b> variable, and use the Put<\/b> method to assign the user name to the SamAccountName<\/b> attribute in Active Directory. We then call the SetInfo<\/b> method to write the information back to Active Directory. This is seen here:<\/p>\n Now we need to set the password for our user object. We use the Put<\/b> method to write the password from our CSV file into the userpassword<\/b> attribute in Active Directory. Now we need to enable the user account. To do this, we use the InvokeSet<\/b> method from the base powershell<\/b> object. This methodology allows us to set the AccountDisabled<\/b> value to False<\/b>\u2014which of course means the account is enabled. (I hate double negatives, but that is another story). This is seen here:<\/p>\n Well, LZ, that is it. We read a text file containing only user names, and we used our CreatePassword<\/b> function to create random passwords, and then we created a new CSV file containing both the user names and the passwords. We used the Import-Csv<\/b> cmdlet and read the CSV file and created the users in Active Directory. We then set their passwords and enabled the accounts. All in all, a good day’s work. Later gator.<\/p>\n Ed Wilson and Craig Liebendorfer, Scripting Guys<\/b><\/b><\/span><\/font><\/p>\n <\/b><\/font><\/p>\n","protected":false},"excerpt":{"rendered":" Hey, Scripting Guy! In your last article, you showed how to create random passwords for users and how to write that password out to a CSV file. You said if anyone asked that you would show how to use that CSV file and create a user from it. Well, here I am, asking you. Show […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,169,3,4,20,45],"class_list":["post-54993","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-csv-and-other-delimited-files","tag-scripting-guy","tag-scripting-techniques","tag-user-accounts","tag-windows-powershell"],"acf":[],"blog_post_summary":" Hey, Scripting Guy! In your last article, you showed how to create random passwords for users and how to write that password out to a CSV file. You said if anyone asked that you would show how to use that CSV file and create a user from it. Well, here I am, asking you. Show […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/54993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=54993"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/54993\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=54993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=54993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=54993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Param(\n $pwdPass = 2,\n $text = \"C:\\fso\\users.txt\"\n )\nFunction CreatePassword()\n{ \n for($i = 1 ; $i -le $pwdPass ; $i++)\n {\n LtrFmAscii($rnd.Next(33,47))\n LtrFmAscii($rnd.Next(48,57))\n LtrFmAscii($rnd.Next(65,90))\n LtrFmAscii($rnd.Next(97,122))\n }\n} #end CreatePassword\nFunction LtrFmAscii($ascii)\n{\n $script:password += [char]$ascii\n} #End LtrFmAscii\nFunction CreateFile()\n{\n $script:newText = \"C:\\fso\\UsersAndPassword.csv\"\n if(test-path -path $script:newText) { Remove-item -path $script:newtext }\n $tmpText = [io.path]::GetTempFileName()\n $content = \"User,Password`r`n\"\n Get-Content -path $text |\n Foreach-Object `\n {\n CreatePassword\n $content += \"$_,`\"$Script:password`\"`r`n\"\n $script:password = $null\n }\n Set-Content $tmpText -value $content \n Move-Item -path $tmpText -destination $script:newText\n} #end CreateFile\nFunction CreateUsers()\n{\n $aryUser= import-csv -Path $script:newText\n $Class = \"User\"\n $dc = \"dc=nwtraders,dc=com\"\n foreach($strUser in $aryUser)\n {\n if($strUser.User -match \"[a-zA-Z]\")\n {\n $ou = \"ou=myTestOu\"\n $ADSI = [ADSI]\"LDAP:\/\/$ou,$dc\" \n $cnuser=\"cn=\"+$($strUser.user)\n $User = $ADSI.create($Class,$cnuser)\n $User.put(\"SamaccountName\", $($strUser.user))\n $User.setInfo()\n $User.put(\"userPassword\", $($strUser.Password))\n $user.psbase.invokeset(\"AccountDisabled\", \"False\")\n $User.setInfo()\n } #end if $strUser\n } #end foreach $struser\n} #end createUser\n# *** ENTRY TO SCRIPT ***\n$script:password = $null\n$rnd = new-object system.random\nCreateFile\nCreateUsers<\/pre>\n$script:newText = \"C:\\fso\\UsersAndPassword.csv\"<\/pre>\n
if(test-path -path $script:newText) { Remove-item -path $script:newtext }<\/pre>\n$tmpText = [io.path]::GetTempFileName()<\/pre>\n
$content = \"User,Password`r`n\"<\/pre>\n
Get-Content -path $text |\n Foreach-Object `\n {\n CreatePassword\n $content += \"$_,`\"$Script:password`\"`r`n\"\n $script:password = $null\n }<\/pre>\nSet-Content $tmpText -value $content \nMove-Item -path $tmpText -destination $script:newText<\/pre>\n
$aryUser= import-csv -Path $script:newText<\/pre>\n
$Class = \"User\"\n$dc = \"dc=nwtraders,dc=com\"<\/pre>\n
if($strUser.User -match \"[a-zA-Z]\")<\/pre>\n
$ou = \"ou=myTestOu\"\n$ADSI = [ADSI]\"LDAP:\/\/$ou,$dc\" \n$cnuser=\"cn=\"+$($strUser.user)\n$User = $ADSI.create($Class,$cnuser)\n$User.put(\"SamaccountName\", $($strUser.user))\n$User.setInfo()<\/pre>\n
$User.put(\"userPassword\", $($strUser.Password))\n$user.psbase.invokeset(\"AccountDisabled\", \"False\")\n$User.setInfo()<\/pre>\n