Working with Active Directory and PowerShell (part 2) – Creating a user

  • Article

To create a user in our Organizational Unit we need the following LDAP string:
$LDAPStringUsers = "LDAP://OU=Demo Users, DC=contoso,DC=com"

And run the following command to connect to AD:
$usersOU = [ADSI] $LDAPStringUsers

To create a user run this command:
$newUser = $usersOU.Create("user","cn=Kalle Becker ")
$newUser.Put("sAMAccountName", "Kalle")
$newUser.SetInfo()

We need a password for this user, and I actually found a command that will do this:
$newUser.SetPassword("pass@word1")
$newUser.SetInfo()

With that done let's enable the account (the account is disabled from the beginning)
$newUser.psbase.InvokeSet('AccountDisabled', $false)
$newUser.SetInfo()

So around here is where it gets tricky. I want to set a lot of properties for my user (not only password). I went to https://www.live.com and search for "PowerShell set first name ad user" and found out that the command looks like this:
$newUser.psbase.InvokeSet('FirstName',"Kalle")
Ok – I could have guessed that one. But how about setting the login name for the user?
Login, LoginName? Nope, it's UserPrincipalName. Couldn't have guessed that!

I found a page (sorry but I can't seem to find my way back to it, but it's on the net J) that taught me how to look up what the first parameter in InvokeSet should be. Here's how you do it:

  1. Get your hands on adsiedit, check this link: https://technet2.microsoft.com/WindowsServer/en/library/ebca3324-5427-471a-bc19-9aa1decd3d401033.mspx?mfr=true
  2. Install it (duh!)
  3. Run it, and connect to you AD
  4. Find you user and right-click properties.

This will give you a looong list of stuff that you can set for this user.
To find out which one to user, go into AD (Users and Computers), enter a value in one of the fields (like "aaaStockholm"), go back to ADSIEdit and try to find it in the list. Then you know the name of the Attribute! Take that name and use it with the InvokeSet command in PowerShell!

Some of my users have a manager so here's a little treat on how to set that in PowerShell:
$teststring = "CN="+$user.Organization.ManagerName+",OU=Demo Users,DC=contoso,DC=com"
$newUser.psbase.InvokeSet('manager',$teststring)

$teststring is the LDAP string for the manager.