Using DSADD.exe to Bulk Create Users in Active Directory

March 03, 2008

 

So I had to add about 70 user accounts to Active Directory in preparation for a new call center. Sounds like boring, tedious work if you ask me. Well, it would be without the magic of dsadd.exe, a command in Windows 2003 command line that allows you to create Active Directory objects, such as users, computers, groups, contacts, and OUs. My focus here is on adding multiple user accounts.

Focusing on my needs, I wanted to add the user, set the display name, set a password, set a description, set the office, their title and department, and their logon script while forcing a password change and the ability to change the password. I also wanted these accounts to start disabled since it might be a week or two before the users are ready for them. Have the accounts created in the proper OU would also be nice. Also, my users would be logging with accounts based on their phone extension numbers, since high turnover is a concern.

So, I set up a user, called cc70215. Since I want him in his proper OU, I set him up as cn=cc70215,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com. This was no big deal, I already had the list of users, just copy/paste and some text replacement set up the list of users. With all I wanted to do, I set up the command as such:

DSADD user cn=cc70215,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com -display cc70215 -pwd mypassword -office "Call Center" -title "Customer Service Associate" -dept Collections -loscr cc_li.vbs -mustchpwd yes -canchpwd yes -disabled yes

A success message will return if successful and navigating to the CallCenter, Users OU will reveal my new account. But this is a pain to set up 70 times. And it was 30 minutes before time to go home. So, I got dirty a bit and cheated with the batch script FOR command. First, I got all my users in a comma-separated list. I also had to put quotes around each user. A quick text replacement in my favorite text editor (Notepad2) did the trick. Then I created a batch file, and put in the following:

FOR %%D in ("cn=cc70216,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70217,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70218,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70219,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", "cn=cc70220,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com") DO DSADD user %%D -display %%D -pwd mypassword -office "Call Center" -title "Customer Service Associate" -dept Collections -loscr cc_li.vbs -mustchpwd yes -canchpwd yes -disabled yes

For this example I only used 5 users, but you get the point.

Put a pause and exit in there and run it as a domain admin. With all luck, your accounts will show up in no time. Now, I did find one issue with this method. Here I'm telling it to set the -display (Display Name) with the variable %%D. What this does is set the Display Name for the account as "cn=cc70216,ou=Users,ou=CallCenter,dc=sysadminhell,dc=com", which is not ideal. Since I was under some time constraints, I just changed the Display Name for the new accounts manually (took me about 10 minutes to prep the script, 2 minutes to run it, then another 10 to fix the Display Name issue). Researching other ways to do this now that I have some free time, I could have done this via wscript (using arrays), used the built-in Windows command CSVDE.exe (see this Technet article for more info), or bought one of several different commercial applications. Even with the one flaw, it did all I wanted it to do for free and under 30 minutes.

5 comments:

RegRipper said...

We use a VBS script to do this:

Const ForReading = 1

On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("accountlist.txt", ForReading)
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
accountList = Split(strNextLine , ",")

name = "cn="+ accountList(0)
samaccount = accountList(0)

Set objOU = GetObject("LDAP://ou=Students,ou=this place,dc=someplace,dc=example,dc=com,DC=au")


Set objUser = objOU.Create("User",name)
objUser.Put "sAMAccountName", samaccount
objUser.SetInfo


displayName=accountList(1)
objUser.Put "displayName", accountList(1)

password = accountList(2)

objUser.SetPassword password
objUser.SetInfo

objUser.AccountDisabled = False
objUser.SetInfo

description=accountList(3)
objUser.Put "description", accountList(3)

scriptPath=accountList(7)
objUser.Put "scriptPath", accountList(7)
objUser.SetInfo


Loop

Raghunath.N said...

Download this file...

http://hotfile.com/dl/148029393/c50b337/Creare_Bulk_Users_in_AD.zip.html

Anonymous said...

erm... i dont understand the

cc_li.vbs..... what is this vbs files supposed to be?

Anonymous said...

I need the scriPt for adding bulk contacts for email forwarders! Ple helP


Aravind

James Franklin said...

Please have a look at this tool ASN Active Directory Manager.

This tool provides more advanced options to create bulk users, contacts, groups, computers and organizationalunits in Active Directory.