Bulk populate an AD using a CSV file and New-ADUser, including Passwords

Problem : New-ADUser is not working as expected to populate a password coming from a CSV file (the account stays disabled) here is the example and the reason:

Prerequisites: Import the Active Directory module on your powershell session using Import-Module ActiveDirectory

 

 

Here is my BulkAddADUsers.csv file sample :

 

GivenNAme,Surname,Name,SamAccountNAme,Description,Department,EmployeeID,Path,Enabled,Password,PasswordNeverExpires
User,Test1,UserTest1,UserTest1,UserTest1,IT,189478,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test2,UserTest2,UserTest2,UserTest2,IT,187516,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test3,UserTest3,UserTest3,UserTest3,IT,134530,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test4,UserTest4,UserTest4,UserTest4,IT,162455,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test5,UserTest5,UserTest5,UserTest5,IT,121901,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test6,UserTest6,UserTest6,UserTest6,IT,170221,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test7,UserTest7,UserTest7,UserTest7,IT,128669,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test8,UserTest8,UserTest8,UserTest8,IT,108705,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test9,UserTest9,UserTest9,UserTest9,IT,106381,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test10,UserTest10,UserTest10,UserTest10,IT,193922,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test11,UserTest11,UserTest11,UserTest11,IT,174066,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test12,UserTest12,UserTest12,UserTest12,IT,105871,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test13,UserTest13,UserTest13,UserTest13,IT,126670,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test14,UserTest14,UserTest14,UserTest14,IT,124671,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test15,UserTest15,UserTest15,UserTest15,IT,118935,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test16,UserTest16,UserTest16,UserTest16,IT,183367,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test17,UserTest17,UserTest17,UserTest17,IT,185662,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test18,UserTest18,UserTest18,UserTest18,IT,118972,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test19,UserTest19,UserTest19,UserTest19,IT,187421,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test20,UserTest20,UserTest20,UserTest20,IT,167020,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True

 The following command will create the users with the attributes defined above, but since the Password is not encrypted, the account will be deactivated.

[PS] C:\users\Administrator.DOMAINA\Desktop>import-CSV .\BulkAddADUsers.csv|New-ADUser

 

 

Note the AD accounts are not enabled, because the password was not taken from the CSV file, as New-ADUser requires a Secure String for the Password. Here is what you get when you try to enable it :

==>

 

 

Solution : Type a longer command line using all New-ADUser properties + the ConvertTo-SecureString commandlet

[PS] C:\users\Administrator.DOMAINA\Desktop>import-csv .\BulkAddADUsers.csv | % {New-ADUser -GivenName $_.GivenName -Surname $_.Surname -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}

 

 

Quod erat demonstrandum.

Sam

Comments

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  January 01, 2003
  @Mahesh: Hi Mahesh, to add the display name, you must have an additional column in your CSV file which I recommend to name "DisplayName", populate the value for each of your users (or you can use a formula in Excel to auto-populate the "DisplayName" column with for example a concatenation of FirstName and LastName that you would have added as new columns) Then take the above New-ADUser command, and with all the properties already there, add the "-DisplayName $_.DisplayName" property set, without the double quotes. Pay attention to put the above stuff before the final curly bracket. That should work, if no, give me the error you get. Cheers, Sam

• Anonymous
  January 01, 2003
  Unfortunately there is no fix for that. The only workaround is to type the New-ADUser commandlet using all the commandlet properties like this : import-csv .BulkAddADUsers.csv | % {New-ADUser -Name $.Name -SamAccountName $.SamAccountName -Description $.Description -Department $.Department -EmployeeID $.EmployeeID -Path $.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}

• Anonymous
  September 29, 2011
  So how do you fix it?

• Anonymous
  March 08, 2013
  Thanks a lot for this, helped a lot!

• Anonymous
  June 09, 2013
  Whats the command for adding display name.. i tried. but end up with some errors.

• Anonymous
  June 14, 2013
  I wanted to point out that it seems the only "required" field is Description.  I say "required" because it should really not be required at all.  The only way we were able to get accounts to work was to include description. new-aduser -name test -SamAccountName "test" -Description "test of description" -AccountPassword (read-host -AsSecureString) Further, you don't seem to need "SamAccountName" either. Further

• Anonymous
  June 04, 2014
  Hey SammyKrosoft
  Is -PassThru parameter require?

• Anonymous
  December 05, 2014
  The comment has been removed

• Anonymous
  December 05, 2014
  Never mind. Figured it out. Thanks for this blog!

• Anonymous
  December 09, 2014
  The comment has been removed

• Anonymous
  May 30, 2015
  The comment has been removed

• Anonymous
  June 17, 2015
  @bluuf: that's another good idea to workaround this encrypted string requirement, thanks bluuf !

• Anonymous
  April 02, 2016
  Hi Sam, you forgot -UserPrincipalName $_.UserPrincipalName

  • Anonymous
    August 10, 2016
    yes, good catch ! Thanks Anahaym !