This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 82%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
I’ve just started learning PowerShell and as a method to learn i took on a project to create a script that automatically add
Users to AD from a csv file.
I’ve managed to get to the point where the users are added to the correct groups but I keep creating them in different OU’s.
I must be missing something in the IF condition and I would appreciate some guidance.
Basicly, this is designed to save some time for the network admin.
lets say the admin got an e-mail from HR with a spreadsheet file containing new arrivals and the admin needs to create their AD accounts.
New arrivals are disabled with default password with reset at login and added to the specific department’s “_Future” OU
Maybe it would be more helpful if I place the full script and a link to the users file.
My focus is on the disabled account, once I manage to fix it i'll be able to adjust the code for the enabled accounts.
Example user file:
https://github.com/GShwartz/PowerShell/blob/main/AddUsers/users-advanced.csv
Lab structure:
https://ibb.co/wCLFWzL
Error message:
https://ibb.co/T26th3D
Code:
If (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
[Security.Principal.WindowsBuiltInRole] "Administrator"))
{
Write-Warning "You are not running this as local administrator. Run it again in an elevated prompt."
Break
}
#Import AD Module & Type.
Import-Module ActiveDirectory
Add-Type -AssemblyName System.Windows.Forms
#Load a .CSV file.
$file = New-Object System.Windows.Forms.OpenFileDialog -Property @{
InitialDirectory = [Environment]::GetFolderPath('Desktop')
}
#Open the file window.
$null = $file.ShowDialog()
#Place imported file in variable.
$filepath = $file.FileName
$users = Import-csv $filepath
#----------------------------------------BLOCK---------------------------------------------------------
#Get Active Directory OU and Group lists and save to csv file.
$OUListPath = "c:\users\gilush\desktop\OUList.csv"
$OUList = Get-ADOrganizationalUnit -Properties DistinguishedName -Filter * | Sort-Object DistinguishedName |
ForEach-Object {
[pscustomobject]@{
Name = $_.Name
DistinguishedName = $_.DistinguishedName
}
}
$OUList | Export-Csv C:\Users\gilush\Desktop\OUList.csv -NoTypeInformation -Encoding UTF8
$oulist_csv = Import-Csv $OUListPath
#----------------------------------------BLOCK---------------------------------------------------------
#Show Help in header.
Write-Host "==============================================================================="
Write-Host ""
Write-Host "You can also add to groups outside of the parent OU for example:"
Write-Host "The group Managers is in OU=Users so type Managers as parent"
Write-Host ""
Write-Host "==============================================================================="
Write-Host ""
#----------------------------------------BLOCK---------------------------------------------------------
#Get additional groups names from the user.
$parent_groups = @()
do {
$parent = Read-Host "Enter parent group (blank for none)"
#Check if the group exists.
try {
$group_exists = Get-ADGroup -Identity $parent
$parent_groups += $parent
Write-Host "Groups Selected: $parent_groups"
}
catch {
if ($parent -eq "") {break}
Write-Warning "Group $parent does not exists."
}
}
#If user hits ENTER on an empty string the loop will stop.
until ($parent -eq "")
#----------------------------------------BLOCK---------------------------------------------------------
#Get input for user account status.
$ustat = $null
do {
$user_status = Read-Host "Should the users be [E]nabled or [D]isabled?"
}
until ($user_status -like "e" -or $user_status -like "d")
if ($user_status -like "e") {
$ustat = $True
} else {$ustat = $false}
#----------------------------------------BLOCK---------------------------------------------------------
foreach ($base in $users) {
$SearchB = $base.OU
$ADsimilarOU = Get-ADOrganizationalUnit -LDAPFilter '(name=*_Future)' -SearchBase $($SearchB) -SearchScope 2 | Select-Object DistinguishedName
}
#Check if the additional groups list is empty.
if ($parent_groups.Length -eq 0) {
Write-Host ""
Write-Warning "**************************************************************************************"
Write-Warning " No Parent Group Selected. "
Write-Warning "**************************************************************************************"
Write-Host ""
$ADsimilarOU = @()
$CSVgrp_list = @()
foreach ($u in $users) {
$group = $u.Group
foreach ($g in $group -split ";") {
if ($g -in $CSVgrp_list){continue}
else {$CSVgrp_list += $g}
}
}
if ($ustat){
foreach ($User in $users){
$firstname = $User.Firstname
$lastname = $User.Lastname
$username = $User.SamAccountName
$password = $User.Password
$group = $User.Group
$OU = $User.ou
#Check if the user is already in Active Directory.
if (Get-ADUser -F { SamAccountName -eq $username }) {
Write-Warning "A user account with username $username already exists in Active Directory."
$TempGList = @()
foreach ($g in $group -split ";") {
Add-ADGroupMember $g -Members $username
$TempGList += $g
}
$TempGList = @()
}
else {
Write-Host "Creating user: $username..." -ForegroundColor White
New-ADUser -SamAccountName $username -UserPrincipalName "$username@gilush.local" -Name "$firstname $lastname" -GivenName $firstname -Surname $lastname -Enabled $ustat -DisplayName "$lastname, $firstname" -Path $OU -AccountPassword (convertto-securestring "Ab123456!" -AsPlainText -Force) -ChangePasswordAtLogon $True
$TempGList = @()
foreach ($g in $group -split ";") {
$TempGList += $g
Add-ADGroupMember $g -Members $username
Write-Host "$username Added to $g" -ForegroundColor Green
Write-Host ("User $username created in group: CSV: $TempGList | OU: $OU | Enabled: $ustat") -ForegroundColor Green
}
$TempGList = @()
}
}
}
if (-not $ustat) {
foreach ($User in $users){
$firstname = $User.Firstname
$lastname = $User.Lastname
$username = $User.SamAccountName
$password = $User.Password
$group = $User.Group
$OU = $User.ou
#Check if the user is already in Active Directory.
if (Get-ADUser -F { SamAccountName -eq $username }) {
Write-Warning "A user account with username $username already exists in Active Directory."
$TempGList = @()
foreach ($g in $group -split ";") {
Add-ADGroupMember $g -Members $username
$TempGList += $g
}
$TempGList = @()
}
else {
foreach ($item in $oulist_csv) {
$gname = $item.Name
$fou = $item.DistinguishedName
}
foreach ($i in $CSVgrp_list) {
if ($gname -like "$($i)_Future") {
$fgroup = $gname
}
}
foreach ($f in $ADsimilarOU) {
if ("$f" -like "'$($OU)'" -and "$f".Length -lt "'$($ADsimilarOU)'".Length) {
$add_ou = "$($CSVgrp_list)_Future"
Write-Host "Creating user: $username in $fou ..." -ForegroundColor White
New-ADUser -SamAccountName $username -Name "$firstname $lastname" -GivenName $firstname -Surname $lastname -Enabled $ustat -DisplayName "$lastname, $firstname" -Path $add_ou -AccountPassword (convertto-securestring "Ab123456!" -AsPlainText -Force) -ChangePasswordAtLogon $True
Write-Host "user $username created in OU: $fou" -ForegroundColor Green
}
}
$TempGList = @()
foreach ($g in $group -split ";") {
$TempGList += $g
foreach ($ag in $TempGList) {
Add-ADGroupMember $ag -Members $username
Write-Host "$username Added to $ag" -ForegroundColor Green
}
}
$TempGList = @()
}
$ADsimilarOU = @()
}
}
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Can you explain the purpose of the code on lines 85 - 88?
As written, only the result of processing the last row of the CSV will be present in the $ADsimilarOU variable.
If the operator "=" is supposed to be "+=", then if multiple rows of the CSV have the same OU property you'll have multiple (and very likely duplicate) "*_Future" distinguished names in the $ADsimilarOU variable.
Hello
For Moving of accounts to different you can use below code block.
Import-Module ActiveDirectory
$Import_csv = Import-Csv -Path "C:\temp\users.csv"
$TargetOU = "OU=SharedMailbox,OU=Exchange,OU=Company,DC=exoip,DC=local"
$Import_csv | ForEach-Object {
# Retrieve DN of User
$UserDN = (Get-ADUser -Identity $_.SamAccountName).distinguishedName
Write-Host "Moving Accounts....."
# Move user to target OU. Remove the -WhatIf parameter after you tested.
Move-ADObject -Identity $UserDN -TargetPath $TargetOU -WhatIf
}
Write-Host "Completed move"
Thank you,