Powershell 

So we can create users in Active Directory with Powershell.   But the accounts created were lacking something.   Details, additional information. So the trick is what do we need to populate to make a “normal user”.  What fields are TYPICALLY populated when I do a “New User” in the Active Directory Users and Computers GUI interface?

Well lets look at a new user called “John Smith” in the ficticious domain of “techdays.contoso.com”

image 

 

Normally when we create a User, we’re typing in the First Name, Last Name, Display Name, User Logon Name (UPN) and the legacy “SAM” ID for Windows NT 4.0 legacy domains.    In the Powershell Scripts previously all we did were create Active Directory objects for Users.  None of this was supplied, although in the Server 2008 R2 version, it does assume at least the SAM.  

So how do we extend this functionality to Powershell and have it match what a normal New User gets?  We just fill in the variables and pass them along to the Active Directory Objects.  Let’s try this in our make believe land of “CONTOSO.LOCAL” with out favourite user “John Smith”.  Only now we’ll populate all the basic information he needs.

 

Using [ADSI] Accelerator

$FirstName=”John
$LastName=”Smith

$DOMAIN=’@contoso.local
$NEWUSERNAME=$Firstname+".”+$Lastname
$FULLNAME=$Firstname+” “+$Lastname
$SAM=$Firstname+”.”+$Lastname
$UserLogonName=$Firstname+”.”+$Lastname+$Domain

$Class=”User”
$ObjectName=”CN=”+$NEWUSERNAME
$ADSI=[ADSI]”LDAP://cn=Users,dc=contoso,dc=local’”
$User=$ADSI.create($Class, $ObjectName)
$User.Put(“sAMAccountName”, $NEWUSERNAME)
$User.Put(“displayName”,$FULLNAME)
$User.Put(“Name”,$FULLNAME)
$User.Put(“givenName”,$Firstname)
$User.Put(“sn”,$Lastname)
$User.Put(“userPrincipalName”,$UserLogonName)

$User.setInfo()

 

So the same as last time, but we just define more information.  And pass it along, but look how easy it gets as we step into better featured software, like Quest

Using Quest Active Roles

$FirstName=”John
$LastName=”Smith

$DOMAIN=’@contoso.local
$NEWUSERNAME=$Firstname+".”+$Lastname
$FULLNAME=$Firstname+” “+$Lastname
$SAM=$Firstname+”.”+$Lastname
$UserLogonName=$Firstname+”.”+$Lastname+$Domain

NEW-QADUSER -name $NEWUSERNAME -ParentContainer ‘CN=users,DC=contoso,DC=local’ -samAccountName $NEWUSERNAME –Firstname $Firstname –Lastname $Lastname –userprincipalname $UserLogonName –displayname $FULLNAME

 

The preparation is almost identical but the execution is just ONE LINE.   It’s this ease of use I love.  But let’s jump to the future now! New Active Directory Modules in Server 2008 R2

Using Active Directory Server 2008 R2

$FirstName=”John
$LastName=”Smith

$DOMAIN=’@contoso.local
$NEWUSERNAME=$Firstname+".”+$Lastname
$FULLNAME=$Firstname+” “+$Lastname
$SAM=$Firstname+”.”+$Lastname
$UserLogonName=$Firstname+”.”+$Lastname+$Domain

NEW-ADUSER –name $NEWUSERNAME –path ‘CN=Users,DC=contoso,DC=local’ –samaccountname $NEWUSERNAME –Givenname $Firstname –surname $Lastname –userprincipalname $UserLogonName –displayname $FULLNAME

 

There you have it.   With a few minor changes it almost identical to the Quest version of the Commandlet.  But it’s a native part of the Server 2008 R2 infrastructure.

 

Remember that in ALL cases the method of passing information and variables to the Cmdlets, (no matter what version you choose) is identical and this can be just as easily scripted into an interactive session or to import multiple objects at the same time.

Next time we’ll show you how to take these SAME techniques to turn them into full Active users with passwords.

 

Powershell: It’s so Easy, and it’s FREE.

 

Sean
The Energized Tech