Create Active Directory users with Powershell


In my test environments I always have to create a couple of users to be able to do performance or functionality tests. Powershell really helps me with this task and I just want to archive this for later.

In the next few paragraphs I show you my method to create hundreds of test users on Windows Server 2012 with Powershell.


If you don’t do this on the actual domain controller you need a couple of things first.

First of all you need permissions to be able to create users.

Your machine needs the Powershell module from the Remote Server Administration Tools, check it here: Features/Remote Server Administration Tools/Role Administration Tools/AD DS and AD LDS Tools/Active Directory module for Windows Powershell.

Active Directory Module for Windows Powershell
Active Directory Module for Windows Powershell

Start a Powershell window and check your module is available for use:

Get-Module -Listavailable

Its name is ActiveDirectory.

Available ActiveDirectory module
Available ActiveDirectory module

To retrieve the available commandlets from this set, use this:

Get-Command -module ActiveDirectory

You can do a lot of things with these, but the only command we are interested at this point is the New-ADUser.

Introducing New-ADUser

Using Get-Help with the full switch is always a good idea, but this command is a monster, use this method instead:

Get-Help New-ADUser -ShowWindow

Show-Command New-ADUser

The first command shows you the command’s help in a separate window where you browse or search. The second command opens a graphical window to specify the parameters for the command.

Put these side by side using Windows Key+Right arrow and Windows key+Left arrow for the first and second window respectively and you can easily explore and try any command.

Useful side-by-side: Get-Help Showwindow and Show-Command commandlets
Useful side-by-side: Get-Help Showwindow and Show-Command commandlets

Fill in with some values and try to run it using the Run command or put the generated command to the clipboard (see example below)

Show-Command generates command as well
Show-Command generates command as well

Create a user

To be able to generate and create hundreds of users first always try to create only one, to see you have the necessary permissions, network connectivity, etc.

There are lots of AD properties available from this command so let’s check a couple.

AccountPassword: Have to provide a SecureString here, simple plaintext won’t be enough. Use the ConvertTo-SecureString command to store submit your password or convert it on the fly:

ConvertTo-SecureString “MyPassword1!” -AsPlainText -Force

ChangePasswordAtLogon: For test users I always use $false so I can log on with them without any hassle.

Enabled: I always use $true, so I can use them immediately.

Path: This defines the OU where the user will be created. I you omit this, Windows uses the default user container. Submit a distinguished name here. Check the OU with the attribute editor in AD Administrative Center:

Company, Title and MobilePhone, etc are pretty straightforward, but I always struggle with names so here is a rough overview.

New-ADUser property name AD property on the GUI (ADAC) LDAP attribute
DisplayName Display name displayName
GivenName First name givenName
Initials Middle initials initials
Name Full name name
OtherName middleName
SamAccountName User SamAccountName logon sAMAccountName
Surname Last name sn

With this in hand an example user creation goes like this:

-AccountPassword (ConvertTo-SecureString “MyPassword1!” -AsPlainText -Force)
-ChangePasswordAtLogon $false
-City London
-company “Letitknow Ltd.”
-DisplayName “Smith, John”
-Enabled $true
-MobilePhone “+1 11 555 5555”
-Name “Smith, John”
-SamAccountName smithj
-Title CFO
-Path “OU=Users,OU=Company,DC=home,DC=local”
-givenname John
-surname Smith
-userprincipalname (“smithj” + “@home.local”)
-department “IT”
-description “My created user”
-office “HQ”

Create multiple users

If the command above works and you have all the required parameters its ready for the next step, multiple user creation. Create a CSV file of your users or generate one here or here. Don’t forget to add a header to them!

$csvcontent = Import-CSV -Path d:\users.csv

foreach ($user in $csvcontent)


-AccountPassword (ConvertTo-SecureString “MyPassword1!” -AsPlainText -Force)
-ChangePasswordAtLogon $false
-Company “Letitknow Ltd.”
-DisplayName ($user.Firstname+” “+$user.Lastname)
-Enabled $true
-MobilePhone ($user.Phone)
-Name ($user.Firstname+” “+$user.Lastname)
-SamAccountName ($user.Lastname+$user.Firstname.Substring(0,1))
-Title “Engineer”
-Path “OU=Users,OU=Company,DC=home,DC=local”
-state $user.County
-givenname $user.Firstname
-surname $user.Lastname
-userprincipalname ($user.Lastname+$user.Firstname.Substring(0,1) + “@home.local”)
-department “IT”
-description “Generated test user”
-office “HQ”


First I grab the content of the CSV file so I can reference the fields with NoteProperties. Then I iterate through all items and generate a user with the data. I set the password to the same for everyone and set that nobody should bother with the password change at the next logon. I generate the various names with string concatenation using the firstname and lastname values. There are a couple of fixed values for all users but you can also submit these in the CSV file.

Run this snippet on an input like this:

Brennan,Edwards,1 88 635 5254-0551,Bute

Generated user data
Generated user data

Generates a user like this:

Random test user
Random test user


One thought on “Create Active Directory users with Powershell”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s