Index

New-ADuser on Specific OU

Create New User using PowerShell

Specific OU in Active Directory

One of the most repetitive tasks System Administrators perform on a daily basis is the creation of user accounts. There are several approaches the technician can create a new account in Active Directory. Some prefer doing it through the User Interface(GUI), quick and simple. All one needs to do is to fill out the fields or attributes following the standards of the business.

But for some of us, who don't want to spend a few of our precious minutes; we like to make it quick and simple.

To my fellow engineers out there, here's a script I have derived to automate the task:

I will start by assigning values to my variables, these 3 are the most basic attributes for the new account.

        
    $gname = 'John'
    $lname = 'DOE'
    $acctpwd = "whateverP@ssw0rd"
            

On the next part, I will use a reference account and store it in a variable. I use this technique in order to retrieve the details I will input to the new account. The only thing to note here is that the new account will be in the same department or role of the reference account.

        
    $ref_User = jane.dove
            

I will need to retrieve the domain name of the AD Forest. Store the value in a variable and which will be used later on the script as the UPN Suffix.

        
    $upnsfx = (Get-ADForest).UPNSuffixes
            

I will also need the OU location where the new account will be added. The 1st line will retrieve all the attributes of the reference account. The 2nd line will select only the DistinguishedName attribute. The 3rd line will isolate the value of Organizational Unit (OU) of the reference account.

        
    $rfrnc_user = Get-ADUser $ref_User -Properties *
    $dsn = ($rfrnc_user).DistinguishedName
    $targetOU = $dsn.Substring($dsn.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
            

And lastly I will assign all values stored in my variables into the account attributes.

        
    $splat = @{
        Path = $targetOU
        Name = "$($gname) $($lname)"
        DisplayName = "$($gname) $($lname)"
        GivenName = $gname
        SurName = $lname
        UserPrincipalName = "$(($gname).ToLowerCase()).$(($lname).ToLowerCase)@$($(upnsfx))"
        Description = 'System Administrator' #depends on what your organization use this attribute
        AccountPassword = (ConvertTo-SecureString -AsPlainText $acctpwd -force)	
    }
        
    New-ADUser @splat -Verbose
            

Combine all those components to make a whole script.

    $gname = 'John'
    $lname = 'DOE'
    $acctpwd = "whateverP@ssw0rd"
    $ref_User = jane.dove
    $upnsfx = (Get-ADForest).UPNSuffixes
    $rfrnc_user = Get-ADUser $ref_User -Properties *
    $dsn = ($rfrnc_user).DistinguishedName
    $targetOU = $dsn.Substring($dsn.IndexOf('OU=',[System.StringComparison]::CurrentCultureIgnoreCase))
    $splat = @{
        Path = $targetOU
        Name = "$($gname) $($lname)"
        DisplayName = "$($gname) $($lname)"
        GivenName = $gname
        SurName = $lname
        UserPrincipalName = "$(($gname).ToLowerCase()).$(($lname).ToLowerCase)@$($(upnsfx))"
        Description = 'System Administrator' #depends on what your organization use this attribute
        AccountPassword = (ConvertTo-SecureString -AsPlainText $acctpwd -force)	
    }

    New-ADUser @splat -Verbose 
            

When the script is executed as-is, the result would return these values after you query using "Get-ADUser -Identity john.doe".

    Name -> John DOE
    DisplayName -> John DOE
    GivenName -> John
    SurName -> DOE
    UserPrincipalName -> john.doe@domain.xyz
    DistinguishedName -> CN=John DOE,OU=IT,OU=User,DC=domain-xyz,DC=local
            

-->