Administering AD users using PowerShell


Today, I had to deal with accounts in Active Directory. After checking password expiration and account logon activities, i discovered that there were number of accounts that had their password set to not expire by previous IT personnel and also there were accounts that have not been logged in for many years. Boy there is so much interesting stuff you can get from using PowerShell for account administration. Accounts created as back as 2003, passwords last changed as back as 2010, accounts last logged in during Obama’s first presidential term and etc. setting these accounts right for lazy admin can be a nightmare, but setting these accounts right for lazy admin who likes PowerShell can be a fun and interesting activity.

Anyway, i am going to mimic those steps in my lab, post it here so other lazy admins help themselves if they need it.

First, i am going to create bunch of users and for that i need to know which Organizational Unit i want to use:

But, that gives me whole bunch of OUs and being lazy i don’t like it. Luckily, i remember partial name of the OU i want to use, so i run this:

Okay, Now i want to bulk create test users in this Organizational Unit. I am going to use variables to store needed information and use them afterwards in process:

  1. First Name – $givenname = “Test”
  2. Last Name – $surname = “User ” + $i
  3. Name – $name = “Test User ” + $i
  4. Display Name – $displayname = $name
  5. SamAccountName (Pre-Windows 2000) – $samaccountname = “tuser” + $i
  6. UserPrincipalName (User Logon Name) – $userprincipalname = $samaccountname + “@systemadminguide.local”
  7. Path To Organizational Unit –
    $Path = “OU=Marketing,OU=USERS,OU=SAG,DC=systemadminguide,DC=local”
  8. Date For using in description – $date = get-date
  9. Description – $description = “Test User $i. Account was created on $date”

By default all accounts will be disabled, passwords will be set to never expire and etc. For this example i only care about account being enabled, so i will use parameter “Enabled. Also, i want to create more than one account where while loop comes to help (Help About_while in PowerShell).

This is what my initial Marketing OU looks like:


This is what my PowerShell script will look like:

If you enjoy watching the process of account creation “passthru” parameter is for you then. After running above lines in powershell my target OU looks like this now:


Leave a Reply

Your email address will not be published. Required fields are marked *