Create Bulk Users in Active Directory (Step-By-Step Guide)

by Robert Allen

This is the guide, I’ll show you two options on how to bulk create users in Active Directory. Both options allow you to create AD users from a csv file. By using a PowerShell script or a tool you can streamline the user creation process and save yourself lots of time.

In this article.

Option 1. Bulk Create AD Users with the AD Pro Toolkit

In this first example, I’ll use the AD User Creation Tool that is included with the AD Pro Toolkit. This tool makes it very easy to bulk import users and is a great alternative if you don’t want to deal with PowerShell scripts. Also, there are certain user fields that PowerShell does not support and a 3rd party import tool is needed.

You can download a free trial of the toolkit and try it for yourself.

Below is a summary of how to bulk create Active Directory users with the AD Pro Toolkit.

  1. Open the “Import Users” Tool.
  2. Click the “Download CSV Template” button.
  3. Fill out the CSV file and save it. Use the provided template as a reference.
  4. Select the “Import Options” button and change any options you need.
  5. Click “Browse” to select your csv template and click “Run” to start the import.

In the example below, I created 98 AD user accounts, added them to multiple groups, set the users manager and multiple other attributes.

bulk create users in active directory

If any accounts from the CSV fail to import it will provide an error in the logs. You can see below I had six accounts that did not create because the logon name already exists.

import errors

Requirements

I recommend the follow CSV headers and settings when creating new user accounts. You can remove any column in the CSV that you do not need.

  • SamAccountName (required) = This will be the users logon name.
  • password (required) = users password. Make sure it meets your password requirements.
  • givenName (required) = First name
  • sn (required) = Last name
  • OU = The organizational unit to add the user accounts into. This is the distinguished name of the OU. If you leave it blank it will import into the default users container.
  • DisplayName = This is the users display name.
  • Groups = Groups to add the users to. Separate each group with a comma.
  • Force Password Change at Next Logon = Click the import options button to enable this for each user.

Download the included CSV template as a reference or starter template.

import ad users download csv file

Here is a screenshot of my CSV file (click to enlarge).

bulk create ad users template

You can download my CSV template here.

Import Options

Under import options you can change the follow settings.

  • Enable Users = This will enable the accounts when they are created (on by default).
  • Force Password Change = Select this to enable force password change at next logon
  • Name = Select this to change the name format to LastName, FirstName.
create users import options

The GUI tool is a huge time saver and makes importing user accounts into Active Directory super easy. Plus you don’t have to modify any scripts or need PowerShell experience.

The AD Pro Toolkit also includes a Bulk User Update Tool to modify multiple user accounts at once. This is a huge time saver for when you need to mass update user information such as department, telephone number, email addresses, and so on.

Try the AD Pro Toolkit for FREE, download your copy here.

Option 2: Bulk Create AD Users with PowerShell

What you will need: 

  • PowerShell Active Directory Module loaded – The script I provide will load the module you just need to run it from a computer that has RSAT tools installed or the AD role.
  • Rights to create user accounts in Active Directory
  • CSV File (See below)
  • PowerShell Script (See below)

Step 1: Setup the CSV file

A basic CSV file should have the following headers. Technically you can import new accounts with just the SamAccountName, Name, and the password column but that is not recommended.

  • SamAccountName = this will be the users logon name
  • password = users password. Make sure it meets your password requirements.
  • path = OU where you want to import users to. This is the distinguished name of the OU. If you leave it blank it will import into the default users container.
  • GivenName = First name
  • Surname = Last name
  • Name = Name
  • DisplayName = Display Name
csv file bulk import powershell

Above is an example of my CSV file.

How do you find the OU path? 

The OU path is the distinguishedName attribute, to find this open up Active Directory Users and Computers and browse to the OU you want to import to, then right click and select properties then select attribute editor.

get the ou path

Copy the path into the path column in the CSV file.

At this point the CSV file has the required fields, you can jump to step 2 (setting up the PowerShell script) or keep reading to configure optional fields for user accounts.

Add additional user fields to the CSV file.

You may want to include some additional user fields in the CSV. Just know that whatever columns you add to the CSV you will also need to include them in the PowerShell script.

I’ve included several common user fields in the CSV template and PowerShell script.

  • UserPrincipalName
  • Department
  • Description
  • Office
  • OfficePhone
  • EmailAddress
  • StreetAddress
  • POBox
  • City
  • State
  • PostalCode
  • Title
  • Company
add additional user fields to the csv file

To add more I recommend looking at the PowerShell new-aduser cmdlet to see which parameters are supported.

I like to keep the name of the headers the same as the new-aduser parameters, it makes it easier to troubleshoot.

At this point, you should have a CSV file configured, and save the file to your local computer.

Step 2: Configure the PowerShell Script

Copy the script below and modify it as needed.

#Import active directory module for running AD cmdlets
#Author: Robert Allen
#Website: activedirectrypro.com

Import-Module activedirectory

#Store the data from ADUsers.csv in the $ADUsers variable
$Users = Import-csv c:\it\users.csv

#Loop through each row containing user details in the CSV file 
foreach ($User in $Users) {
    # Read user data from each field in each row
    # the username is used more often, so to prevent typing, save that in a variable
   $Username       = $User.SamAccountName

    # Check to see if the user already exists in AD
    if (Get-ADUser -F {SamAccountName -eq $Username}) {
         #If user does exist, give a warning
         Write-Warning "A user account with username $Username already exist in Active Directory."
    }
    else {
        # User does not exist then proceed to create the new user account

        # create a hashtable for splatting the parameters
        $userProps = @{
            SamAccountName             = $User.SamAccountName                   
            Path                       = $User.Path      
            GivenName                  = $User.GivenName 
            Surname                    = $User.Surname
            Initials                   = $User.Initials
            Name                       = $User.Name
            DisplayName                = $User.DisplayName
            UserPrincipalName          = $user.UserPrincipalName 
            Department                 = $User.Department
            Description                = $User.Description
            Office                     = $User.Office
            OfficePhone                = $User.OfficePhone
            StreetAddress              = $User.StreetAddress
            POBox                      = $User.POBox
            City                       = $User.City
            State                      = $User.State
            PostalCode                 = $User.PostalCode
            Title                      = $User.Title
            Company                    = $User.Company
            Country                    = $User.Country
            EmailAddress               = $User.Email
            AccountPassword            = (ConvertTo-SecureString $User.Password -AsPlainText -Force) 
            Enabled                    = $true
            ChangePasswordAtLogon      = $true
        }   #end userprops   

         New-ADUser @userProps
       #  Write-Host "The user account $User is created." -ForegroundColor Cyan
   

    } #end else
   
}

You will need to modify the path to the CSV file you saved from step 1 (unless it matches what I have in the script).

$ADUsers = Import-csv C:\it\bulk_import.csv

By default, the script sets the accounts to enable. You can change this by setting Enabled to false

Enabled = $false

By default, the script sets the accounts to change password at the next logon. To change this set “ChangePasswordAtlogon to false.

ChangePasswordAtLogon = $false

That should do it for configuring the script. It’s pretty much ready to go as is.

Step 3: Run the PowerShell Script to import the accounts

At this point, the CSV file should be setup with the user’s information and the Powershell script should be modified (if needed)

Now it’s time to execute the script.

In PowerShell ISE just click the green button to run the script. If you saved the script to a ps1 file just run the script instead of running directly from ISE.

run the create users powershell script

It will return the prompt when completed. Any errors will be displayed in the console.

powershell console output

Now check Active Directory to verify the accounts imported.

verify users in active directory

Verify AD User Import

This step is optional but I like to list all accounts from the domain or OU I imported to as a way to verify the import. It’s also useful for getting a list of user accounts and exporting it to csv.

Below is the PowerShell command to get all domain users. The results are sent to a gridview to make it easier to read.

You can add or remove whatever user attributes you need.

Get-ADUser -filter * -properties * | select-object samaccountname, givenname, surname,streetaddress,st,physicalDeliveryOfficeName,manager,mail,title,company,whenCreated
verify users in powershell

Another option is to use the user export tool that is included in the AD Pro Toolkit. You can select to list all domain users, users from an OU or from a group. You can also easily add or remove columns to the report.

verify users with ad pro toolkit

Bulk Modify Users After Import

What if you made an error during the import or forgot to include user details in the CSV?

No worries, you can bulk modify user accounts after the import completes. You can use PowerShell and the GUI tool to bulk update existing AD users. Check out the guides and resources below.

The AD Pro Toolkit includes the Bulk Updater Tool. It also works by using a CSV file, just fill it out and run the tool to bulk modify user attributes.

bulk update existing ad users

Additional Resources

The Ultimate Active Directory Toolkit

Learn More

120 thoughts on “Create Bulk Users in Active Directory (Step-By-Step Guide)”

  1. Hi, I get this error on every line:
    New-ADUser : Directory object not found
    At line:33 char:10
    + New-ADUser @userProps
    + ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (CN=Tom Jones…domain,DC=com:String) [New-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    Every csv line is typically like this (except for the header which appears only once):
    SamAccountName,password,path,GivenName,Surname,Name,DisplayName
    Tom,password,”CN=Tom Jones,CN=Users,DC=domain,DC=com”,Tom,Jones,Tom Jones,Tom Jones

    Reply
  2. New-ADUser : Identity info provided in the extended attribute: ‘Manager’ could not be resolved. Reason: ‘Cannot find an object with identity:

    anyone can help ?

    Reply
  3. Hi,

    Seeing the below error multiple times:

    Get-ADUser : The search filter cannot be recognized
    At C:\path\to\ps\file:14 char:9
    + if (Get-ADUser -Filter {SamAccountName -eq $Username}) {
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8254,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Doesn’t appear to be preventing the creation of the user account and am getting the warning message that the user exists so it does seem like the filter is doing something. Any ideas how to get it from popping up? Thank you!

    Reply
  4. Getting the following error on all lines:

    Get-ADUser : Variable: ‘Username’ found in expression: $Username is not defined.
    At C:\bulk_import_script.ps1:14 char:9
    + if (Get-ADUser -F {Username -eq $Username}) {
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Reply
  5. Error–UserPrincipalName: The term “-userPrincipalname” is not recognized as the name of a cmdlet.

    -UserPrincipalName “$Username@domain.com” `

    Reply
  6. I got this error, anyone help pls
    New-ADUser : The server is unwilling to process the request
    At line:43 char:9
    + New-ADUser `
    + ~~~~~~~~~~~~

    Reply
  7. Previusly it was working perfectly, But now last 2 week i’m getting this error could you please look into this.

    WARNING: Error initializing default drive: ‘Unable to find a default server with Active Directory Web Services running.’.
    Get-ADUser : Unable to find a default server with Active Directory Web Services running.
    At line:23 char:6
    + if (Get-ADUser -F {SamAccountName -eq $Username})
    + ~~~~~~~~~~~~~~~~
    + CategoryInfo : ResourceUnavailable: (:) [Get-ADUser], ADServerDownException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Reply
  8. THank for Sharing
    But if i want add group in the csv file . so How can i do
    can you sharing with powershell ???

    Reply
  9. Bulk tool throws error, no matter what csv is used:

    2021-04-29 14:18:05.9174|FATAL|Bulk_User_Creator.Form1|You can ignore bad data by setting BadDataFound to null.
    2021-04-29 14:18:05.9174|FATAL|Bulk_User_Creator.Form1|You can ignore bad data by setting BadDataFound to null.
    2021-04-29 14:18:05.9327|FATAL|Bulk_User_Creator.Form1| at CsvHelper.CsvParser.Read()
    at CsvHelper.CsvReader.Read()
    at CsvHelper.CsvReader.d__63`1.MoveNext()
    at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
    at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
    at Bulk_User_Creator.Form1.BeginUserCreation()

    Reply
  10. Good script.

    Modified some little stuff :

    Adding -Encoding UTF8 to the Import-CSV.

    No funky char for non-english

    Adding $SAMAccountName = try { $Username.substring(0, 20) } catch [ArgumentOutOfRangeException] { $Username }

    Add Flexibility for long username but prevent errors by trunking it for the SAMAccountName.

    Reply
  11. Hello,
    What if I want to add in the attribute „adminDescription”
    What should it look like?
    {‘adminDescription’=noemail} ?

    Thanks,

    Reply
  12. I know this isn’t the best way to do this but this is what they want us to do.

    We have about 1200 accounts we need to create from a company we are merging with.

    These folks will not be logging into our domain, and they want them to have their company email address.

    Firstname Lastname Email Address EmployeeID
    John Smith Jsmith@othercompany.com 12345

    I wanted to just create contacts for these user, but they are insisting that we include the employee ID.

    Will your script allow me to do this?

    If it will All of these users will go into the same OU. Can I change this line:
    -Path $OU `
    to read
    -Path “OU=Users,OU=Parent OU,OU=Grandparent OU,DC=WGI,DC=local

    Thanks for your help on this, and this script. It has been very helpful in the past.

    Reply
  13. Hello,

    On a AWS AD Server, and receiving this error :
    -AccountPassword : The term ‘-AccountPassword’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or
    if a path was included, verify that the path is correct and try again.

    Thanks

    Reply
  14. Get-ADUser : Zmienna: „Username” znaleziona w wyrażeniu $Username nie jest zdefiniowana.
    At line:31 char:6
    + if (Get-ADUser -Filter {SamAccountName -eq $Username})
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    PS C:\Users\Administrator>

    Reply
  15. when i run you script i get this error can you assist.
    -Description : The term ‘-Description’ is not recognized as the name of a cmdlet, function, script file, or operable
    program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:52 char:13
    + -Description $description
    + ~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (-Description:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    ConvertTo-SecureString : Cannot bind argument to parameter ‘String’ because it is null.
    At line:54 char:54
    + … -AccountPassword (convertto-securestring $Password8 -AsPlai …
    + ~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureS
    tringCommand

    New-ADUser : The password does not meet the length, complexity, or history requirement of the domain.
    At line:35 char:3
    + New-ADUser `
    + ~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (CN=Sam smith,CN…=hra,DC=nycnet :String) [New-ADUser], ADPasswordComplexityExc
    eption
    + FullyQualifiedErrorId : ActiveDirectoryServer:1325,Microsoft.ActiveDirectory.Management.Commands.NewADUser

    -Description : The term ‘-Description’ is not recognized as the name of a cmdlet, function, script file, or operable
    program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:52 char:13
    + -Description $description
    + ~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (-Description:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    ConvertTo-SecureString : Cannot bind argument to parameter ‘String’ because it is null.
    At line:54 char:54
    + … -AccountPassword (convertto-securestring $Password8 -AsPlai …
    + ~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureS
    tringCommand

    Reply

Leave a Reply to Robert Allen Cancel reply