This is the complete guide for creating bulk users in Active Directory.
In this guide you’ll learn:
- How to Bulk Import AD Users With GUI Tool
- How to Bulk Import AD Users With PowerShell from a CSV file
- Verify AD User Import
- Bulk Modify Users After Import
Let’s dive right in.
Method 1: Bulk Import AD Users With GUI Tool
This first method uses the AD Pro Toolkit. This tool makes it very easy to bulk import users and is a great alternative if you don’t want to deal with PowerShell scripts. Also, there are certain user fields that PowerShell does not support and a 3rd party import tool is needed.
Step 1: Download and Install
The bulk import tool is 1 of 13 tools included in the AD Pro Toolkit. You can download a free trial and try it for yourself.
Click here to download a free trial
Step 2: Open User Import Tool
Once installed open the toolkit and click on “Import Users”.
Step 3: Download CSV Template
Click the “Download CSV Template” button to generate a template file. This template includes the most common user attributes needed to create new user accounts. You can also add additional attributes if needed.
You will be prompted to save the CSV file. You can rename it and save it anywhere on your PC.
Now open the CSV template and fill out the fields you need.
At a minimum, I recommend setting the attributes below for all accounts.
- SamAccountName (required) = This will be the users logon name.
- password (required) = users password. Make sure it meets your password requirements.
- OU = The organizational unit to add the user accounts into. This is the distinguished name of the OU. If you leave it blank it will import into the default users container.
- GivenName = First name
- Surname = Last name
- DisplayName = Display Name
- Groups = Groups to add the users to. Separate each group with a comma.
In this example, I’m going to import 100 users, add the users to multiple security groups, add a manager for each user, and set 30 other attributes.
You can download my CSV template here.
Here is a screenshot of my CSV file (click to enlarge).
When you have your CSV template ready just save it and move to step 4.
Step 4. Bulk Import from CSV file
Next, click the “Import Options” button and change any of the defaults that you need.
Now select your CSV template and click the run button to start the import process.
When the import is complete you can view the logs to verify the import status. You can see below the logs show imported 98 users out of 98.
It only took 30 seconds to import 98 user accounts.
Next, I’ll open an account and verify all properties were set.
Yes! It worked, it created the account and set all the user attributes from the CSV file.
I’ll check the Marketing folder to verify the accounts imported into the correct OU.
The GUI tool is a huge time saver and makes importing user accounts into Active Directory super easy. Plus you don’t have to modify any scripts or need PowerShell experience.
The AD Pro Toolkit also includes a tool for bulk updating AD user accounts. This is a huge time saver for when you need to mass update user information such as department, telephone number, email addresses, and so on.
Try the GUI Bulk Import tool for FREE, download your copy here.
Method 2: How to Bulk Import AD Users With PowerShell from a CSV file
What you will need:
- PowerShell Active Directory Module loaded – The script I provide will load the module you just need to run it from a computer that has RSAT tools installed or the AD role.
- Rights to create user accounts in Active Directory
- CSV File (See below)
- PowerShell Script (See below)
Step 1: Setup the CSV file
A basic CSV file should have the following headers. Technically you can import new accounts with just the SamAccountName, Name, and the password column but that is not recommended.
- SamAccountName = this will be the users logon name
- password = users password. Make sure it meets your password requirements.
- path = OU where you want to import users to. This is the distinguished name of the OU. If you leave it blank it will import into the default users container.
- GivenName = First name
- Surname = Last name
- Name = Name
- DisplayName = Display Name
Above is an example of my CSV file.
How do you find the OU path?
The OU path is the distinguishedName attribute, to find this open up Active Directory Users and Computers and browse to the OU you want to import to, then right click and select properties then select attribute editor.
Copy the path into the path column in the CSV file.
At this point the CSV file has the required fields, you can jump to step 2 (setting up the PowerShell script) or keep reading to configure optional fields for user accounts.
Add additional user fields to the CSV file.
You may want to include some additional user fields in the CSV. Just know that whatever columns you add to the CSV you will also need to include them in the PowerShell script.
I’ve included several common user fields in the CSV template and PowerShell script.
- UserPrincipalName
- Department
- Description
- Office
- OfficePhone
- EmailAddress
- StreetAddress
- POBox
- City
- State
- PostalCode
- Title
- Company
To add more I recommend looking at the PowerShell new-aduser cmdlet to see which parameters are supported.
I like to keep the name of the headers the same as the new-aduser parameters, it makes it easier to troubleshoot.
At this point, you should have a CSV file configured, and save the file to your local computer.
Step 2: Configure the PowerShell Script
Below is the script to bulk import new users.
#Import active directory module for running AD cmdlets
#Author: Robert Allen
#Website: activedirectrypro.com
Import-Module activedirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$Users = Import-csv C:\it\bulk_import.csv
#Loop through each row containing user details in the CSV file
foreach ($User in $Users) {
# Read user data from each field in each row
# the username is used more often, so to prevent typing, save that in a variable
# create a hashtable for splatting the parameters
$userProps = @{
SamAccountName = $User.SamAccountName
Path = $User.path
GivenName = $User.GivenName
Surname = $User.Surname
Initials = $User.Initials
Name = $User.Name
DisplayName = $User.DisplayName
UserPrincipalName = $user.UserPrincipalName
Department = $User.Department
Description = $User.Description
Office = $User.Office
OfficePhone = $User.OfficePhone
StreetAddress = $User.StreetAddress
POBox = $User.POBox
City = $User.City
State = $User.State
PostalCode = $User.PostalCode
Title = $User.Title
Company = $User.Company
Country = $User.Country
EmailAddress = $User.Email
AccountPassword = (ConvertTo-SecureString $User.Password -AsPlainText -Force)
Enabled = $true
ChangePasswordAtLogon = $true
} #end userprops
New-ADUser @userProps
} #end else
You will need to modify the path to the CSV file you saved from step 1 (unless it matches what I have in the script).
$ADUsers = Import-csv C:\it\bulk_import.csv
By default, the script sets the accounts to enable. You can change this by setting Enabled to false
Enabled = $false
By default, the script sets the accounts to change password at the next logon. To change this set “ChangePasswordAtlogon to false.
ChangePasswordAtLogon = $false
That should do it for configuring the script. It’s pretty much ready to go as is.
Step 3: Run the PowerShell Script to import the accounts
At this point, the CSV file should be setup with the user’s information and the Powershell script should be modified (if needed)
Now it’s time to execute the script.
In PowerShell ISE just click the green button to run the script.
It will return the prompt when completed. Any errors will be displayed in the console.
Now check Active Directory to verify the accounts imported.
Yes, it was a success.
That’s it for method 2. You can now use this script anytime to automate creating one or many AD user accounts.
Verify AD User Import
This step is optional but I like to list all accounts from the domain or OU I imported to as a way to verify the import. It’s also useful for getting a list of user accounts and exporting it to csv.
Below is the PowerShell command to get all domain users. The results are sent to a gridview to make it easier to read.
You can add or remove whatever user attributes you need.
Get-ADUser -filter * -properties * | select-object samaccountname, givenname, surname,streetaddress,st,physicalDeliveryOfficeName,manager,mail,title,company,whenCreated
Another option is to use the user export tool that is included in the AD Pro Toolkit. You can select to list all domain users, users from an OU or from a group. You can also easily add or remove columns to the report.
Bulk Modify Users After Import
What if you made an error during the import or forgot to include user details in the CSV?
No worries, you can bulk modify user accounts after the import completes. You can use PowerShell and the GUI tool to bulk update existing AD users. Check out the guides and resources below.
- How to bulk modify Active Directory User Attributes
- How to bulk update ProxyAddresses Attribute
- Bulk User Updater GUI Tool
The AD Pro Toolkit includes the Bulk Updater Tool. It also works by using a CSV file, just fill it out and run the tool to bulk modify user attributes.
Additional Resources
- LDAP Mapping – Shows a mapping of the user fields in the Active Directory User and Computer console to their LDAP attribute names.
- Active Directory Pro Documentation – Guides and examples on how to use the AD Pro Toolkit.
Country = $User.Country
MobilePhone = $User.MobilePhone
Manager = $User.Manager
how to add those fields without error
New-ADUser : Identity info provided in the extended attribute: ‘Manager’ could not be resolved. Reason: ‘Cannot find an object with identity:
anyone can help ?
Figured it out… There were blank rows with commas in my CSV. This post pointed me some-what in the right direction: https://stackoverflow.com/questions/69985192/powershell-automation-script-update-ad-error-the-search-filter-is-not-recognized
Hi,
Seeing the below error multiple times:
Get-ADUser : The search filter cannot be recognized
At C:\path\to\ps\file:14 char:9
+ if (Get-ADUser -Filter {SamAccountName -eq $Username}) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8254,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Doesn’t appear to be preventing the creation of the user account and am getting the warning message that the user exists so it does seem like the filter is doing something. Any ideas how to get it from popping up? Thank you!
Getting the following error on all lines:
Get-ADUser : Variable: ‘Username’ found in expression: $Username is not defined.
At C:\bulk_import_script.ps1:14 char:9
+ if (Get-ADUser -F {Username -eq $Username}) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Hi Robert Allen,
Thank you sharing. This script is work but I found a result issue e.g. In the CSV file, I input mark1@mydomain.com but my result is mark@yourdomain.com
How to fix the result to mydomain.com?
Note: In my servers, there are more than one authoritative domains.
Can we skip adding an attribute to @userProps if that attribute has blank value in Csv file?
Yes
Error–UserPrincipalName: The term “-userPrincipalname” is not recognized as the name of a cmdlet.
-UserPrincipalName “$Username@domain.com” `
Hi.
Is anyone find how to update also the Country?
Thanks,
Rafael Almeida
User Ranjan Sahoo: Error while saving user. Access is denied.
I got this error, anyone help pls
New-ADUser : The server is unwilling to process the request
At line:43 char:9
+ New-ADUser `
+ ~~~~~~~~~~~~
hi
Is there a way to add home directory and home drive from this script
Previusly it was working perfectly, But now last 2 week i’m getting this error could you please look into this.
WARNING: Error initializing default drive: ‘Unable to find a default server with Active Directory Web Services running.’.
Get-ADUser : Unable to find a default server with Active Directory Web Services running.
At line:23 char:6
+ if (Get-ADUser -F {SamAccountName -eq $Username})
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [Get-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Server is down. Restart server.
THank for Sharing
But if i want add group in the csv file . so How can i do
can you sharing with powershell ???
Bulk tool throws error, no matter what csv is used:
2021-04-29 14:18:05.9174|FATAL|Bulk_User_Creator.Form1|You can ignore bad data by setting BadDataFound to null.
2021-04-29 14:18:05.9174|FATAL|Bulk_User_Creator.Form1|You can ignore bad data by setting BadDataFound to null.
2021-04-29 14:18:05.9327|FATAL|Bulk_User_Creator.Form1| at CsvHelper.CsvParser.Read()
at CsvHelper.CsvReader.Read()
at CsvHelper.CsvReader.d__63`1.MoveNext()
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
at Bulk_User_Creator.Form1.BeginUserCreation()
Ivan, send me an email with the csv.
Good script.
Modified some little stuff :
Adding -Encoding UTF8 to the Import-CSV.
No funky char for non-english
Adding $SAMAccountName = try { $Username.substring(0, 20) } catch [ArgumentOutOfRangeException] { $Username }
Add Flexibility for long username but prevent errors by trunking it for the SAMAccountName.
Good stuff. Thanks for sharing.
Hello,
What if I want to add in the attribute „adminDescription”
What should it look like?
{‘adminDescription’=noemail} ?
Thanks,
I know this isn’t the best way to do this but this is what they want us to do.
We have about 1200 accounts we need to create from a company we are merging with.
These folks will not be logging into our domain, and they want them to have their company email address.
Firstname Lastname Email Address EmployeeID
John Smith Jsmith@othercompany.com 12345
I wanted to just create contacts for these user, but they are insisting that we include the employee ID.
Will your script allow me to do this?
If it will All of these users will go into the same OU. Can I change this line:
-Path $OU `
to read
-Path “OU=Users,OU=Parent OU,OU=Grandparent OU,DC=WGI,DC=local
Thanks for your help on this, and this script. It has been very helpful in the past.
Hi
Yes, you just need to put that path in the CSV OU column.
Hello,
On a AWS AD Server, and receiving this error :
-AccountPassword : The term ‘-AccountPassword’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or
if a path was included, verify that the path is correct and try again.
Thanks
Get-ADUser : Zmienna: „Username” znaleziona w wyrażeniu $Username nie jest zdefiniowana.
At line:31 char:6
+ if (Get-ADUser -Filter {SamAccountName -eq $Username})
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
PS C:\Users\Administrator>
Will this work for creating local users?
This is just for creating users in Active Directory.
when i run you script i get this error can you assist.
-Description : The term ‘-Description’ is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:52 char:13
+ -Description $description
+ ~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (-Description:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
ConvertTo-SecureString : Cannot bind argument to parameter ‘String’ because it is null.
At line:54 char:54
+ … -AccountPassword (convertto-securestring $Password8 -AsPlai …
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureS
tringCommand
New-ADUser : The password does not meet the length, complexity, or history requirement of the domain.
At line:35 char:3
+ New-ADUser `
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (CN=Sam smith,CN…=hra,DC=nycnet :String) [New-ADUser], ADPasswordComplexityExc
eption
+ FullyQualifiedErrorId : ActiveDirectoryServer:1325,Microsoft.ActiveDirectory.Management.Commands.NewADUser
-Description : The term ‘-Description’ is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:52 char:13
+ -Description $description
+ ~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (-Description:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
ConvertTo-SecureString : Cannot bind argument to parameter ‘String’ because it is null.
At line:54 char:54
+ … -AccountPassword (convertto-securestring $Password8 -AsPlai …
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureS
tringCommand
Thank you! works
hey ,
you have any video or document from that i can learn how to make a script for adding bulk user in AD with .bat file ?
Why do you want to use .bat file? The best option for creating bulk users is to use PowerShell or the GUI tool I created.
Is there any script available that creates bulk ad-users and copies the properties from a template user?