Arposh New User Creation (ANUC)

[Updated - May 13, 2012]


Download link: Arposh New User Creation v1.1

One task that every systems administrator has to go through at some point is the creation of new user accounts.  Over time, this becomes burdensome and tedious.  The Active Directory wizard takes you through multiple screens and you have to enter the same information multiple times in some occasions (e.g. a lot of organizations use FirstName.LastName for samAccountNames).  It also does not allow you to set all of the fields that you want included in the wizard.  I wanted a way to include those fields and an option to set defaults for some fields.  Luckily Powershell makes all of that possible in an easy to use way.  Powershell does all of the heavy lifting and an optional XML file saves even more time by pre-populating certain fields and setting defaults.  You also have the ability of bulk-adding users via CSV.  To create users from a CSV, click on File > CSV Mode.  You can then import the CSV and browse through the users in the CSV.  Once the CSV is imported, you can create one user at a time or all at once.  If you want a CSV template created for you, click on File > Create CSV Template.

ANUC Requirements:
- Powershell v2 (Minimum)
- ActiveDirectory module

Usage: Download the ANUC.zip file from the TechNet ScriptCenter and extract it into any directory.  Right-click on ANUC.ps1 and select 'Run with PowerShell'.  To modify the available options for drop-down lists and default entries, edit the ANUC.Options.XML file. To create users from a CSV, click on File > CSV Mode.  You can then import the CSV and browse through the users in the CSV.  Once the CSV is imported, you can create one user at a time or all at once.

Features:
  • Allows user creation with oft-used Active Directory attributes
  • Bulk creation of users from CSV
  • Auto-generation of account attributes based on other attributes
    • Display Name
    • samAccountName
    • userPrincipalName
  • Default entries
    • Domain
    • OU
    • Phone Number (can use full number or company prefix '212-555-')
    • Department
    • Company
    • Description
    • Password (Accounts are set to change at first logon)
    • Site (HQ, Branch Office 1, etc)
    • Street Address
    • City
    • State
    • Postal Code
  • Pre-populated fields for easy selection
    • Address information
    • Domains
    • OUs
    • Descriptions
    • Departments

Single-User Mode

CSV Mode

124 comments:

  1. Little new to the AD world...

    Under OU - What do the DC's stand for? The name of the domain controller?

    DC=ru
    DC=lab

    ReplyDelete
    Replies
    1. That would be your Domain Controller. They could appear as

      xxxx.local
      xxxx.com
      xxxx.edu

      etc....

      In your DC under AD Users and Computers you will see your DC

      Delete
  2. I'd give you a long answer, but one of the PowerShell MVPs already did. http://www.rlmueller.net/LDAP_Binding.htm

    ReplyDelete
  3. Rich, this tool is amazing! can you point me in the right direction for info on how the gui is programmed? i understand bat files and powershell to some extent, but most of this is foreign to me.

    i wrote a simple bat script that asks for first and last name, office and desired exchange mailbox, then uses the provided variables in powershell commands to create the users, but this gui is so much nicer!

    in particular, i would be interested in being able to extract just first initial from first name so i can generate the dn, sam, and ups as LastnameFI@domain.

    i would also like to add check boxes or a multiple choice of some kind for different group memberships. for example, i am in the Strategic Applications department, but i need access to the networking, programming and helpdesk groups.

    any info you could point me to would be greatly appreciated.

    ReplyDelete
  4. Hi John,

    To answer your question on extracting the first -
    You can use the .Substring() method to trim the text.
    For example:
    $firstname = read-host "Enter first name"
    $lastname = read-host "Enter last name"
    $sam = $lastname + $firstname.Substring(0,1)
    $sam

    More on basic text manipulation - http://technet.microsoft.com/en-us/library/ee692804.aspx

    Short on time, I'll drop a line tomorrow on how I add users to groups based on input.

    Niv

    ReplyDelete
  5. Hey Rich I downloaded the tool, but when I right click and select Run with Powershell, nothing happens. Please advise. I do have one request: is it possible that you can generate a generic script that will allow the movement of multiple users from one forest to another?

    ReplyDelete
  6. @Zay

    Can you provide more details as to what is happening and include any error messages? Unfortunately I am not aware of any way to migrate users across forests without the use of the Active Directory Migration toolkit (ADMT). There is the potential to 'copy' users, but you would lose the sID, which is the most important aspect of the user account.

    ReplyDelete
  7. Can this be used to create Exchange and OCS accounts as well as configure other attributes such as Home Directory, Dian-In Access, Department and Employee Number?

    ReplyDelete
  8. @Anon, it cannot create Exchange/OCS accounts unfortunately. It can be modified to use additional attributes, but this tool was created more as a basic user creation tool that fills out the basics. However, you can use the same CSV to fill out those fields with this cmdlet: Set-ADUser

    To see everything that you can set, type Get-Help Set-ADUser.

    Example: Import-Csv ANUCusers.csv | %{Set-ADUser -Identity $($_.FirstName + "." + $_.LastName) -EmployeeID $_.EmployeeID -Department $_.Department}

    ReplyDelete
  9. Hi! I can't start script and have Error
    You can not download the file G: \ install \ ANUCv0.2 \ ANUC.ps1, since the execution of screening
    ptov allowed for the system. Enter the "get-help about_signing" obtained for
    Ia additional information.
    line: 1 char: 11
    + .\ANUC.ps1 <<<<
    + CategoryInfo : NotSpecified: (:) [], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException
    what is wrong?

    ReplyDelete
  10. It appears that you have not configured your PowerShell security settings for the running of scripts. As the error message mentioned, run the command 'get-help about_signing' and it will explain the different security options available. Once you have read over the options, you can set the option that you desire using the Set-ExecutionPolicy command (must be run with administrative rights).

    ReplyDelete
  11. HI,
    No problem to create a new user under "CN=Users,DC=mydomain,DC=com" for ex, but I'm getting this error when trying to create a user under my own OU (ou=FS ,ou=,DC=mydomain,DC=com)

    ERROR: New-ADUser : Cannot validate argument on parameter 'Path'. The argument is null or empty. Supply an argument that is not null or empty and then try the command
    ERROR: again.
    ANUC.ps1 (269): ERROR: At Line: 269 char: 13
    ERROR: + New-ADUser <<<< @User
    ERROR: + CategoryInfo : InvalidData: (:) [New-ADUser], ParameterBindingValidationException
    ERROR: + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    ReplyDelete
  12. @Anon, it looks like you have an extra space and an empty OU pointer in your LDAP syntax (ou=FS ,ou=,DC=mydomain,DC=com).

    ReplyDelete
  13. Hello Rich,

    This is a great tool/script! I'm adjusting it for my own purpose and running into a problem.

    I'm using the following code to to populate the $cboPath:
    $XML.Options.Units.Unit | ?{$_.Name -match $cboDepartment.SelectedItem} | Select -ExpandProperty Path | %{$cboPath.Items.Add($_)}

    It wil populate the paths of 5 departments in $cboPath. But now I want to achieve to set $cboPath.Text to find one of the 5 department paths wich matches the value of $cboDescription ($cboDepartment_SelectedIndexChanged).

    I hope you can help me with this, I've tried several things to no avail.

    Thnx! Remco

    ReplyDelete
  14. Hi Rich ,

    i would like to start off by saying thank you for sharing this with us noobs .i have some questions however. im an admin @ a high school and we have our Students login with their student ID which is a number like "245789654" how do i mod your script to take the $samAccountName directly from one of the columns in the CSV ? Thanks in advance .

    ReplyDelete
    Replies
    1. Ahmed,
      Were you able to successfully make these modifications? If so, I would be interested in how to do the same - I work for a school as well. Thanks in advance.

      Delete
  15. @Ahmed: With the way the GUI was designed, it automatically creates the sAMAccountName based on the first and last names. There was logic created to automatically update this field every time the first or last name was modified. Ultimately, to do what you are asking, you would need to modify the size of the form in CSV mode, remove the logic for auto-creation of sAMAccountName, create a new column and have the $sAMAccountName variable read from that column instead of first/last names.

    ReplyDelete
  16. Hi - tool looks brilliant. I'm a bit lost on what exactly the fields in the csv file should contain, particularly the exact syntax of 'domain' and 'path'. Almost there I think, but using a structure a couple of containers deep in AD and it's running in single-user mode, claiming it's successful, but no user account appears in AD.

    Any help? Really grateful though. :)

    ReplyDelete
  17. ^ Figured it out! Wow, this tool really IS nice...

    ReplyDelete
  18. I ran the tool on my DC 2008 Standard Server and error thrown:
    "
    Import-Module : The specified module 'Active Directory' was not loaded because no valid module file was found in any module directory

    At ANUC.ps1:72 char:15
    "

    Please help
    Thanks
    Peter

    ReplyDelete
  19. oops, sorry just figured out its supported OS.

    ReplyDelete
  20. Hi Rich, Thanks for the script. This is really nice. I have a question. I want to give this script to our helpdesk with some modification. for this i want to remove the CSV function from this. Any advice? They just want to create individual users.

    ReplyDelete
  21. Hi Rich,

    Thank you very much for the tool!. It helped me a lot in adding bundle of users by CSV file. I was also able to modify the code to edit user's Homepage field for my need.

    Thanks again for excellent tool
    Peter

    ReplyDelete
  22. FYI On line 408 you made the mistake of referencing the Dept of the selected record for the user's Company. Should be subitem(9)

    Nice work!

    ReplyDelete
  23. @Anon Thanks, it has been fixed and uploaded.

    ReplyDelete
  24. Hi Rich, have an interesting question. I would like to have the samAccountName to be created as Lastname + First Initial with the ability to override as necessary. I am trying to modify lines 309-315 to parse the $txtSAM correctly

    $txtName_TextChanged={
    Write-Verbose "Creating required account fields"

    if ($XML.Options.Settings.DisplayName.Generate -eq $True) {$txtDN.Text = $txtFirstName.Text + " " + $txtLastname.Text}
    if ($XML.Options.Settings.sAMAccountName.Generate -eq $True) {$txtsAM.Text = $txtFirstName.Text + " " + $txtLastname.Text}
    if ($XML.Options.Settings.UPN.Generate -eq $True) {$txtUPN.Text = $txtFirstName.Text + "." + $txtLastname.Text + "@" + $cboDomain.SelectedItem}
    }

    Is this the correct place and if so, how can it be done?

    Thanks.

    ReplyDelete
  25. @Roland Your question has been asked/answered on the download page: http://gallery.technet.microsoft.com/scriptcenter/New-User-Creation-tool-14fa73cd

    ReplyDelete
  26. This comment has been removed by the author.

    ReplyDelete
  27. hanks, let me try and rephrase. I understand that I can manuually override the sAMAccountName on the gui in the script. What I am attempting to do is to set sAMAccountName = LastName + FirstInitial as my default. As an example, in single entry mode, you type in the user's last name, then enter the user's First Name. So, for Fred Jones, the sAMAccountName = JonesF and you would see this in the gui. I am intending to leave items such as DisplayName and UPN unchanged. The dfficulty I am having is trying to parse out the first lett from $txtFirstName and assigning it to {$txtsAM.Text = $txtLastname.Text + $txtFirstName.Text}. Does this explanation help clarify?

    ReplyDelete
  28. @Roland, have you tried {$txtsAM.Text = $txtLastname.Text + $txtFirstName.Text[0]}?

    ReplyDelete
  29. Yes I did. Thanks for your help. I solved the problem by creating another variable and assigning the substring of the Given Name to it like as follows:
    $FirstInitial = $GivenName.substring(0,1)

    ReplyDelete
  30. Hi Roland .. and Rich.
    First, thanks Rich for this great tool... really appreciate.
    Roland, could you tell us where do you put the line $FirstInitial = $GivenName.substring(0,1) in the script and what others modifications did you make ?
    I need to modify it in a way to obtain the upn like this format : first Letter of firstname and lastname.

    Rich, is possible to have a lock format for some cells ... I mean for example, I don't want to have some users accounts created with some special caracters like : é or space or others special caracters... Is it possible to block this possible things?

    Thanks again
    Philippe

    ReplyDelete
  31. @Roland/Anon: I just uploaded a new version of the tool which now has the ability to select different formats for the UPN, sAMAccountName, and Display Name. Try that out and let me know if it works for you.

    ReplyDelete
    Replies
    1. Hi Rich,
      After your modification, and following my "request" regarding the possibility to select different formats (see my last post 11 May) I've tested your new version.
      Format selection seems to work well but unfortunatly I encounter the same problem as Jesus.

      Delete
  32. I get the following error when trying to create an account using this tool:

    New-ADUser : Cannot convert 'System.String' to the type 'System.Nullable`1[Syst
    em.Boolean]' required by parameter 'ChangePasswordAtLogon'.
    At C:\ANUC\ANUC.ps1:348 char:13
    + New-ADUser <<<< @User -ErrorVariable ADError
    + CategoryInfo : InvalidArgument: (:) [New-ADUser], ParameterBind
    ingException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.
    Management.Commands.NewADUser

    Any ideas?

    ReplyDelete
    Replies
    1. I found the issue and have updated to fix it. You should be able to download the latest version now.

      Delete
  33. Your reply to John: "Short on time, I'll drop a line tomorrow on how I add users to groups based on input."

    I'd like to see your technique as well.

    Thanks, this is a great tool.

    RJ

    ReplyDelete
  34. This comment has been removed by a blog administrator.

    ReplyDelete
  35. Disregard. I saw your answer to the same type of question on the TechNet site.

    RJ

    ReplyDelete
  36. Hey Rich I ran your tool and I am getting permission denied errors. At first I thought it was something to do with my csv file, so as a test I manually entered names into the gui, and I still got the error. The specific errors are:
    New-ADUser : Access is denied
    At C:\Users\exchadmin\ANUC\ANUC.ps1:350 char:13
    + New-ADUser <<<< @User -ErrorVariable ADError
    + CategoryInfo : PermissionDenied: (CN=james
    smith,...C=zakina,DC
    =com:String) [New-ADUser], UnauthorizedAccessException
    + FullyQualifiedErrorId : Access is
    denied,Microsoft.ActiveDirectory.Manag
    ement.Commands.NewADUser

    ReplyDelete
  37. Me again Rich, just thought I might layout some things I tried to get past the access denied errors. Instead of opening the standard PS, I opened the AD Module for PS, still got error. I ran the “set-executionpolicy remotesigned” command first before I ran your tool. Thanks in advance for any assistance you can render.

    ReplyDelete
    Replies
    1. Is this a lab, dev environment or production? If it is a test environment, try explicitly delegating yourself control on the OU. If it is production, build a lab/dev environment and see the last sentence. :)

      Delete
  38. Thanks for a rapid response, yes this a a lab (vmworkstation) environment.

    ReplyDelete
  39. Hey Rich yes it is a lab environment. I did as you suggested and that took care of the permission issue. Now I am getting "the name provided is not a properly formed account name" errors. I looked at the names in the error message and decided to submit them individually and they submitted successfully. From what I gather, if submitted individually, they work fine, just not as a bulk. I saw in another forum you mentioned that your latest version should be able to handle various formats of the Sam Account or Principal Names.

    ReplyDelete
  40. Thanks for the response Rich, yes this is a lab running in a virtual environment. I took your advice and applied the delegation to the user, that solved the permission issue. Now I am experiencing a new error: "The name provided is not a properly formed account name". I looked at the names in the error and decided to try submitting them individually so I can see what might be causing the error. Oddly, when I submit individually, they submit fine without throwing an error. So I attempted the bulk import, and the error appeared again. So it seems the error is only generated during the bulk import. I looked up the error and I found in another thread that you said your new version should have addressed any formatting issues with account names. I am sure I am running your latest version.

    ReplyDelete
    Replies
    1. If you are using an old version of the XML file, that might be an issue as well. With the changes to how the sAMAccountName and UPN are handled, I had to update the schema of the XML to allow for different formats. Try using the new version of the XML and translating your changes to that.

      Delete
  41. Again, thanks for such a rapid response, but where do I get a new version of the XML? Sorry if a dumb question, just that I thought the xml came with the new version of the application.

    ReplyDelete
    Replies
    1. It does. Have you filled out all of the fields in the CSV? Do you have sAMAccountName, UPN and DisplayName set to generate?

      Delete
  42. No I did not fill out those fields. I thought once I edit the xml and the ps with the format, it will assign as indicated in the xml. I will fill out the fields in the csv and see if that fixes the issue. Thanks.

    ReplyDelete
  43. The way I interpreted the process was that fields would auto generate based on what was set to true, and that the fields would pull the information from the name and surname fields, and append /concatenate accordingly.

    ReplyDelete
    Replies
    1. I think I may see what the issue is. I'll test out the scenario and try to get an updated version uploaded once I get some time.

      Delete
  44. A question does come to mind, if the fields were absolutely necessary, wouldn't I get the same error even on a single submission?

    ReplyDelete
  45. Hi I am getting " New-ADUser : Cannot validate argument on parameter 'Path'. The argument is null or empty. Supply an argument that is no
    t null or empty and then try the command again.
    At C:\Powershell\ANUC\ANUC.ps1:580 char:14
    + New-ADUser <<<< @User -ErrorVariable ADError
    + CategoryInfo : InvalidData: (:) [New-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    Please can you assist ?

    ReplyDelete
    Replies
    1. The error states that the OU Path variable is null or empty. Verify that you are providing an OU (and that it exists) and try again.

      Delete
    2. Hi Thank you for your reply.
      The OU does exist, as when I submit just one user it creates it sucesfully, but when I "select submit All", then it comes back with the error. Its almost like I cannot do multiple accounts, work when do a single account

      Delete
  46. Hi Anon I was getting the same error, to fix, I added the path to the OU in the CSV file like so DC=yourOU,DC=yourdomainname,DC=com (here is what mine looks like: OU=Mailboxes,dc=zakina,dc=com). If after doing that you start getting permission denied errors, as advised by Rich, assign explicit delegation to the OU.

    ReplyDelete
  47. Hey Anon even though the OU exists, you need to define it in your CSV. On your CSV file, create a column called Path, and fill it with path to your OU as such: DC=nameofyourOU,DC=yourdomainname,DC=com. Mine looks like this: DC=Mailboxes,DC=Zakina,DC=Com

    ReplyDelete
  48. Brilliant. Thank you that worked. Thanks Zay, and Thanks Rich for a wonderful script.

    ReplyDelete
  49. Any time, I learned that Rich actually, lol.

    ReplyDelete
  50. Hey Rich I got it to work, seems all I need to do was to populate my sAMAccount column. For those needing help with concatenating the columns (combining two columns) let me know. Thanks for all the support Rich.

    ReplyDelete
  51. Hello Rich, again, thanks for creating this application. I seem to be having some trouble with creating bulk users. When I select one name from the list, and submit one, all is well. However, when I submit all, (300+) names, the logon name field is not populated, and the display name field is populated with a period (.). I have been all thru the script and xml file, and as far as I can tell, all is well in both files. I will continue to troubleshoot until I hear from you.

    ReplyDelete
    Replies
    1. That has been fixed in the latest release, version 1.2.

      Delete
    2. Hi Rich,

      Thank you very much for the tool, is a great solution for bulk account creation. Wanted to ask you, if it would be possible to have tool create bulk accounts for Windows 2008 R2 servers with NO AD installed?

      Thanks,

      Paul C.

      Delete
  52. Hi Rich, I'm very new to this and I'm having some troble using this tool. When I right click on ANUC.ps1 and select run with PowerShell, the screen comes up for a second then goes away. Any idea why this is happening? Also I have the csv file with the users first and last name as well as their e-mail address. How do I get to CSV Mode? Is there more detailed instructions some where for your tool?

    Thanks

    ReplyDelete
  53. Hey Anonymous try this: open Powershell with elevated rights (right click and select Run as Administrator) and type the command Set-ExecutionPolicy RemoteSigned then press enter, then press Y to confirm. To get to CSV mode, click on File, then select CSV Mode. A little tip, you NEED to also fill out the sAmAccount, Path, Password and Principal Name columns.

    ReplyDelete
  54. Oh Anon, one other tip, move the Powershell script to your C:\Users\your username folder and run it from there. Example: C:\users\Zay.

    ReplyDelete
  55. Hey Anonymous try this to fix the Powershell issue: Move the script to your C:\users\Username folder example- C:\Users\Zay. Also, before you run the script, open Powershell in elevated rights by right clicking on it and selecting Run as Administrator, and executing the following command: Set-ExecutionPolicy RemoteSigned. To run the application in CSV mode, click File, the click CSV Mode. It is important that you create and populate the following columns:
    sAMAccount, Password, Path, Principal Name

    ReplyDelete
  56. I forgot to mention that you need to also fill out the DisplayName column, especially if you have those attributes set to Generate. If you do not want those generated, turn that off in the options.xml file.

    ReplyDelete
  57. Hi
    im wondering if you can post a copy of the csv file to use, icant get my csv file to work so im guessing mine does not have the correct layout.
    //:Erik

    ReplyDelete
  58. Hi, me Erik again, getting further but are really stuck on this Path issue. it will only show th first part of the path in csv mode. single user works fine and puts the were the belong. any idea?

    ReplyDelete
  59. Hey Erik sorry about your issue, as for the format, I used the program to generate the csv file for me, and I just filled in the information. If you click on File, there is an option to generate a smaple csv file. Tell me where the OU is located in terms of where in users and computers you created it. If you want to know the exact path to your OU, use dsquery, here is an example dsquery ou -name remote_*
    Hope this helps, if you need further help email at zaytheitguy@gmail.com

    ReplyDelete
  60. Hey Erik sorry for your trouble, if you click File, you will see the option for the program to generate a sample csv for you. Are you sure you are putting the correct path to your OU? An easy way to find the correct path is to run dsquery. Just open a command prompt and type dsquery OU -name . If you are still having trouble, you can email me at zaytheitguy@gmail.com

    ReplyDelete
  61. Hey Erik sorry about your issue, in the application, click File and you will see the option for it to generate a sample CSV file for you. In regards to the path, if you are unsure of the actual path to your OU, then run dsquery and it will tell what the path is. Open a command prompt, then type dsquery OU -name . Hope this helps

    ReplyDelete
  62. Let me clarify the dsquery syntax: dsquery OU -name

    ReplyDelete
  63. dsquery OU -name [the name of your OU]

    ReplyDelete
  64. Great tool Rich, One question is it possible to have username LastName_FistInitial?

    Thanks,
    Brian

    ReplyDelete
    Replies
    1. I figured it. Would there be a way to add a field to add the to groups also?

      Delete
  65. Glad it worked Anon, what was the solution that worked for you?

    ReplyDelete
  66. I'm running in to a problem with the script. Would you be able to help? Thanks

    New-ADUser : The server is unwilling to process the request
    At C:\Users\TTester.RU-LAB\Desktop\AD USERS\ANUC.ps1:377 char:13
    + New-ADUser <<<< @User -ErrorVariable ADError
    + CategoryInfo : NotSpecified: (CN=fffr fffffrr...,DC=ru,DC=lab
    :String) [New-ADUser], ADException
    + FullyQualifiedErrorId : The server is unwilling to process the request,M
    icrosoft.ActiveDirectory.Management.Commands.NewADUser

    ReplyDelete
  67. This error usually if you are trying to input information that does not exist. Such information could be a domain name that does not exist, an OU that does not exist etc. Looking at the error, are those the actual names of of the objects in your AD?

    ReplyDelete
  68. Hey C Bluewin, that error sometimes occurs due to you having some information in your script that does not apply to your domain. Looking at the error, do those variables apply to your domain (ru, lab, fffr fffffrr)? You need to edit the XML file, and or the script itself to suit your domain. If you need help with that, feel free to email me at zay4698@gmail.com

    ReplyDelete
  69. Hi Rich, Thanks alot for this script but i have a little problem/question.

    In my company we use 3 letters Login (FirstInitial+2FirstofLastName)i made the modifications in the sAM and UPN fonction to generate what it BUT (here comes the question):

    How could i make it check if it already exist in AD and if it exist to make it go use the 1st and 3rd letter of LastName ? (exemple: my name is Vince Labonte so it will generate "VLA". So i want it to check if "vla" exist, if not create it, if yes check if "VLB" exist if not create it... and so on)
    Where could i make this change ? and how ?

    Thanks Alot !

    -Vince-

    ReplyDelete
  70. Hello Rich,

    Great Work on this script everthing work fine in my VM testlab. How do you add members to a group using this script. Can you show me the syntax to add members to a group using this script

    ReplyDelete
  71. Hey guys.. I think I'm getting nuts here with this "path" field from the CSV. I just don't get it.. The path includes commas between the OU's and DC fields (ex: OU=Outsiders,OU=Users,DC=mydomain,DC=com). How can you insert this path into a CSV that is comma delimited without shifting everything and turning into a mess ? Am I missing something here ?

    ReplyDelete
  72. Hey Anon, not sure why there is, or if there is an issue, but the commas in path field should not affect the layout. I have my path setup the same as you outlined, and the application read it fine. Not sure you are the same Anon, but what is xc,m?

    ReplyDelete
  73. Hi Rich,
    I would like to add an email field in the form.
    I followed the code and I took as a reference the function of the userPrincipalName.
    I managed to create the field in the form, and apparently it works correctly even the auto generation, but when I go to send the data returns me the following error:

    ERROR: New-ADUser : A parameter cannot be found that matches parameter name 'mail'.
    ANUC.ps1 (444): ERROR: At Line: 444 char: 13
    ERROR: + New-ADUser <<<< @User -ErrorVariable ADError
    ERROR: + CategoryInfo : InvalidArgument: (:) [New-ADUser], ParameterBindingException
    ERROR: + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    Where do you think I was wrong?

    If you show me where to send the code, I gladly share.

    I hope to solve to solve the problem!

    P.S. I also implemented the creation of the password randomly, and it works perfectly.

    Best Regards

    Alessandro P.

    ReplyDelete
    Replies
    1. Problem solved ...
      I mistyped the name attribute, that is correct Email
      thanks

      Delete
    2. Do you have this updated with the Email function added, It would make my life a little eaisyer as i have the same need.

      Delete
    3. How did you create the password randomly? can you help me, please?

      Delete
  74. Hi
    new problem !
    I would like to enable "Password Never Expires".
    help me

    thanks

    Alessandro P.

    ReplyDelete
  75. Hi

    1. how can I give to the terminal server profile path via CSV?
    2. Can I specify multiple phone numbers by CSV?

    Thanks

    S. Dürig

    ReplyDelete
  76. Rich awesome little tool.

    How about having the ability to input the users into distribution groups, security groups and optional email creation?

    Have you ever thought of that?

    After working out the kinks inputting your OU is tricky and verifying with PS and pulling a user can verify how it needs to be inputted into the script.

    But thanks much.....makes logging in every time so much easier

    ReplyDelete
  77. Hey Rich,

    a real nice tool but it seems there is a error in Phone nummber and the office field. when i run it from i CSV both fields are switched. can you check this?

    ReplyDelete
    Replies
    1. I fixed the CSV modus

      changes line 313 form
      $Headers = @('ID','Domain','Path','FirstName','LastName','Office','Title','Description','Department','Company','Phone','StreetAddress','City','State','PostalCode','Password','sAMAccountName','userPrincipalName','DisplayName')

      to

      $Headers = @('ID','Domain','Path','FirstName','LastName','Phone','Title','Description','Department','Company','Office','StreetAddress','City','State','PostalCode','Password','sAMAccountName','userPrincipalName','DisplayName')

      Delete
  78. Rich this is an awesome little app. i am also very new to powershell and am wondering how i would go about adding more info to be filled in like Mobile Number or maybe home drive location.

    ReplyDelete
  79. hi,
    Everyone First of all a great tool but i am new with active directory i am trying to import the csv file but first i dont see any of the user in the list and when i press import all powershell is showwin errors (it is related to convert-to and new add-user) my active directory is in french so i am not sending the error if anybody can help me cause i am tired.Thanks

    ReplyDelete
  80. Rich - props to you on this one, Microsoft really needs to pay you for this one.

    Feature request - can you add the ability to also create the "e-mail", "country" and "Manager" fields. These are required for people I'm onboarding here and would be nice to have these populated on creation.

    Or at least if you could let me know what I would need to add to the powershell script to make this work.

    Thanks!

    BW

    ReplyDelete
  81. Hi,

    I am currently getting a error message when trying to use this tool

    I have not been able to work out why i have been getting this error

    I get this error when doing a single or CSV creation

    Error:

    New-ADUser : No superior reference has been configured for the directory service. The directory service is therefore unable to is
    sue referrals to objects outside this forest
    At C:\Users\Jasong\Documents\ANUC.ps1:379 char:13
    + New-ADUser <<<< @User -ErrorVariable ADError
    + CategoryInfo : NotSpecified: (CN=Test99 Test9...ns,DN=com,DN=au:String) [New-ADUser], ADException
    + FullyQualifiedErrorId : No superior reference has been configured for the directory service. The directory service is ther
    efore unable to issue referrals to objects outside this forest,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    Please help
    Jason

    ReplyDelete
    Replies
    1. Hi Jason,

      please copy the path for the OU directly from the Attributes TAB.
      Select OU you want to create a user. Right click, properties,Attribut-Editor, look at distinguishedName, click edit and copy the Path into the Script .....

      Like this, OU=Yxz,OU=123,OU=1234,OU=12345,DC=domain,DC=local

      However this works for me!
      Greetings

      Delete
  82. Hi Rich,

    I just found this tool on Technet and it looks great. However, I am getting the error: "The name provided is not a properly formed account name".

    I had downloaded version 1.2 from Technet, this is on a virtualized Windows Server 2012 AD, and the error occurs when trying to add a single user through the UI. I saw your comments regarding this error from July 16, 2012, and wondered if it might be related and how I can examine the XML file to be sure it is the right version, or if there is something else I can be checking?

    ReplyDelete
  83. Hello!

    New-ADUser : Verzeichnisobjekt nicht gefunden
    Bei C:\Users\xxx_adm\Documents\CreateUser\ANUC.ps1:380 Zeichen:13
    + New-ADUser <<<< @User -ErrorVariable ADError
    + CategoryInfo : ObjectNotFound: (CN=John Doe,ou...V,dc=XXX,dc=XXX:String) [New-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Verzeichnisobjekt nicht gefunden,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    Can someone Help?

    @Rich, thanks for the great script! When it works ;-)

    ReplyDelete
    Replies
    1. Thanks to all it worked see Jason's Post from Anonymous!!!

      Delete
    2. Hello,

      last Post August 21, 2013 at 3:04 PM can Delete! Problem solved!
      See at Jason Gardener ...

      Delete
  84. Hello people,


    someone have a solution to pick up homeDrive and ProfilePath ???
    I see many command's, but nothing helped. Can someone tell me the right command's to Import users.csv with the two Attributes?
    Many says: Import-Csv -Delimiter ";" "C:\import.csv" | ForEach-Object{NewADUser -homeDrive $_homeDrive}
    Is this correct? How to format the csv? Someone have a example for me or Type here?

    Thanks in advance

    ReplyDelete
  85. How would you make it so the "Name" in AD shows up as LastName, FirstName? Not the display name, but how it shows in AD under the Name column? I try to keep the display name equal to the name in AD just so the users are easy to sort through.

    I was able to get this script to work tho! That's far better than the other garbage I've found online. Most bloggers don't even validate or test their code before they post it. At least this one works great. Now I just have to figure out how to set the "full name" property for each account to be LastName, FirstName.

    Thanks!!!!!!!!

    ReplyDelete
  86. I followed this article to modify the default settings for "createDialog" and while this forces first.last when manually creating an account, it doesn't seem to affect how this script generates how users show up.

    http://support.microsoft.com/kb/250455

    ReplyDelete
  87. Well, I ended up using ADModify to edit the "Common Name" which is what I wanted. As an admin I like having them set to first.last in AD but for the GAL the policy is Last, First.

    It was nice being able to use the above KB article "KB250455" to edit the default display name on user creation to Last, First. However, I was unable to force a default common name.

    At least I have a working process. I can bulk create users and then use ADModify to edit them all after.

    Thanks!

    ReplyDelete
  88. Hi
    Is this tool tested in win 2012 server?

    ReplyDelete
  89. Hi Rich
    Thanks for a great tool :-)
    I have been modify it for our company and I have some questions for you
    I would like to have it set the homedrive and Profile path. do you know how to do it??
    Thanks in adwance.

    Dennis - Denmark

    ReplyDelete
  90. How do I create the CSV file to import I am confused

    -CJ Forbes

    ReplyDelete
  91. I found the real fix to the Office and Phone number being transposed. Navigate down to the $btnSubmitAll_Click function and transpose the $Office and $OfficePhone lines. Then renumber them as shown here:

    $Office = $_.Subitems[5].Text
    $Title = $_.Subitems[6].Text
    $Description = $_.Subitems[7].Text
    $Department = $_.Subitems[8].Text
    $Company = $_.Subitems[9].Text
    $OfficePhone = $_.Subitems[10].Text

    ReplyDelete
  92. This is a great little utility and works well out of the box. That being said I have thousands of users that will need to be created ( over 12k) every year and simply including the first initial leaves me with too many accounts not being created due to duplications. I was wanting to expand this out to include the first three letters of the first name plus the last name.

    The original lines are like this:
    "FirstInitialLastName" {"{0}{1}" -f ($GivenName)[0],$SurName}

    which works fine for the first letter but if I attempt to collect the other to by doing something like this:
    "FirstInitialLastName" {"{0}{1}" -f ($GivenName)[0,2],$SurName}

    it just errors out on me. Anyone have a way to make this work out?

    Thanks!

    ReplyDelete
  93. hi
    i am new to active dir please help me how i edit and add my domain name and user names etc
    and how i can use this
    thanks

    ReplyDelete
  94. I am having a problem with the 'Submit All' option when using CSV mode. If I select any user from the CSV list so the fields on the left are populated I can click 'Submit' and the user is created successfully. If I choose the 'Submit All' option I receive this message: New-ADUser : The server is unwilling to process the request
    At C:\Users\Administrator\Downloads\ANUC.ps1:606 char:4
    + New-ADUser @User -ErrorVariable ADError
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (CN=John Test...=LAB,DC=local:String) [New-ADUser], ADExceptio
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    The error appears to be telling me that something is missing but I can't figure out what it might be. Does anyone have any ideas? Not looking forward to clicking them all one at a time.

    ReplyDelete
  95. Hi Rich,

    We currently have a 2003 domain but I have installed the ADWS onto one of the DC's in order to run this script. I have tested this in my lab from a W7 client machine to a 2003 DC with ADWS and all works fine. In the actual environment however the script complains

    # WARNING: Error initializing default drive: 'Unable to find a default server with Active Directory Web
    # Services running.'.

    I have tried a few things including adding the "Get-ADDomain -Server "Server"" into the beginning of the script without success.

    Can you point me in the right direction.

    Any help would be greatly appreciated.

    Thank you

    ReplyDelete
  96. Nice tool - I am running it under 2012 R2 and have clicked on both files but have not found the bulk import for AD users.

    Thank you

    ReplyDelete
  97. Great Work ! When importing via CSV having the problem that First name und last Name are not imported. Somebody having any idea ?

    I exported with this Get-ADUser -filter * -Properties * | Export-Csv

    Thanks !

    ReplyDelete
  98. Hi,

    I have downloaded the PS file, also i have O365 Cloud Services for Email Could you please suggest if i need to change anything on the Script to enable the cloud Services . if yes then what Please suggest

    ReplyDelete
  99. Hello...I am getting this error:
    -----------------------------------------------------------------------------------
    New-ADUser : Directory object not found
    At C:\Users\lvm_jbunch\Desktop\ANUC.ps1:377 char:3
    + New-ADUser @User -ErrorVariable ADError
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (CN=Nicole Roder...C=LVMSCO,DC=com:String) [New-ADUser], ADIdentityNotFo
    undException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,M
    icrosoft.ActiveDirectory.Management.Commands.NewADUser

    -----------------------------------------------------------------------------------

    Any ideas on why?

    ReplyDelete
  100. Hi Rich,

    We are one company and don't need that field at all. We tried to change it to "Country" but can't seem to get it to work. Anyway we can get "Country" field added under postal code? We did modify the options file to include but doesn't apply to the new user object in AD.

    Not sure if your answering these, since the post is 6yrs old and don't see answers to any questions above.

    Thanks for the GUI

    Paul

    ReplyDelete
  101. We've just downloaded this tool. We run it against a CSV file with 317 records. We get the following error, and wish to know its meaning and solution:

    New-ADUser : The object name has bad syntax
    At C:\Temp\ANUC.ps1:606 char:4
    + New-ADUser @User -ErrorVariable ADError

    + CategoryInfo : NotSpecified: (CN=Kyle Zumdome...,DC-CKS,DC=INDY:String) [New-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8335,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    ReplyDelete
  102. Hi Rich,

    I have used this excellent script in a few companies now (surprising how many don't have any automation of this process) and would like to add a section to create a homedirectory

    So far I have successfully created a user with the homedirectory path added using the following addition


    ######## Create Home Path String #########

    [string]$HomeDIR = "\\LAB-MS1\HomeDir$" + "\" + "$samAccountName"


    ######## Create New User #########

    New-ADUser @User -homeDirectory $HomeDIR -HomeDrive "H:" -ErrorVariable ADError

    but when I try to actually create the homedir, by adding the following lines after the line to call the form at thee end of the script

    Call-ANUC_pff | Out-Null

    #~~~~~Make Home Folder-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    $Usernameinfo = Get-ADuser -Identity $User.cn -Properties SamAccountName, homeDirectory | Select-Object -Property SamAccountName, homeDirectory
    $Username = $Usernameinfo.SamAccountName

    [string]$FullPath = $Usernameinfo.homeDirectory

    New-Item -type directory -path $FullPath

    Start-Sleep -s 5

    ICACLS ("$HomeDIR") /grant ("$Username" + ':(OI)(CI)F') /T /C


    I get the following error where it fails to output the properties of homedirectory and samaccountname for the newly created user

    Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null or an element of the argument collection contains a null value.
    At C:\Scripts\Atcore_User_Creation_Working_Home_Dir.ps1:1292 char:28
    + $Usernameinfo = Get-ADuser $User.cn -Properties SamAccountName, homeD ...

    ReplyDelete