Create, Modify and Remove User in Active Directory using PowerShell

Audit Active Directory changes with Lepide Active Directory Auditor
x
Or Deploy With Our Virtual Appliance
5 min read | Updated On - December 22, 2023
In This Article

In this post, I’ll show you how to create a new user, modify an existing user and remove an old user in Windows Active Directory using PowerShell.

Create a Single User in Active Directory

The PowerShell New-ADUser CMDlet is use for creating a user in Active Directory.

New-ADUser doesn’t have many mandatory parameters but you can use different parameters while creating a new user.

New-ADUser –SamAccountName “username” –DisplayName “username” –givenName “Username” –Surname “surname” –AccountPassword (ReadHost –AsSecureString “Message”) –Enabled $true –Path ‘CN=Users,DC=Doc,DC=Com’ –CannotChangePassword $false –ChangePasswordAtLogon $true –PasswordNeverExpires $false -EmailAddress “email” –EmployeeID “ID” –Department “string”
Create New User

Below are the descriptions of parameters used in the above CMDlet

Parameter Description
SamAccountName Specifies the SAM Account name of the user. ”New-ADUser” command should have this parameter for creating a user. You can pass a string value in it.
DisplayName Specifies the name to be displayed.
Surname Specifies the surname of the user.
AccountPassword Specifies the account password for the user. However, the password has to be provided after executing the command as a secured string. The default value for this parameter would be as follows.–AccountPassword (ReadHost –AsSecureString “Message”)
Enabled Specifies whether the new user will be enabled or disabled. If you’re not providing the password, then the user will be disabled by default. You can provide $true for true and $false for false.
Path Specifies the path of Active Directory where the new user will be created. Its value should be passed between single quotes, such as –Path ‘CN=Users,DC=Domain,DC=Com’
CannotChangePassword Specifies whether the user can change the password or not. The two acceptable values will be $true and $false.
ChangePasswordAtLogon Specifies whether the new user has to change the password on first logon or not. The two acceptable values will be $true and $false.
PasswordNeverExpires Specifies whether the password will never expire. The two acceptable values will be $true and $false.
EmailAddress Specifies the email address of the new user
Department Specifies the department of the new user.
EmployeeID Specifies the employee ID of the new user.

After executing the command, the PowerShell will ask for the password.

Enter the password and the user will be created.

Enter Password

Creating Bulk Users in Active Directory

It’s required to create a CSV file before going to create the bulk users through PowerShell using the Import-CSV CMDlet. Following is a screenshot of the required CSV file.

bulk users in CSV

Now, execute the following command to create bulk users in AD.

Import-CSV d:\Share\testing.csv | New-ADUser
Creating Bulk Users

The Import-CSV provides pipeline input to the New-ADUser CMDlet. It processes the values of the CSV file to create the new users. Executing this command will load the Active Directory module first.

Bulk User Creation Process

After completing the action, you’ll return to the same prompt.

Prompt

Check the Active Directory for the newly created users.

New Users in AD

Modify Users in Active Directory

Use the Set-ADUser CMDlet to modify the user in AD.

Set-ADUser –Identity “CN=TestUser7,CN=Users,DC=www,DC=DOC,DC=com” –SamAccountName “TestUser7” –LogonWorkStations “Test”

Modify User in AD

Some of the available parameters for this CMDlet are listed below.

Parameter Description
ChangePasswordAtLogon Specifies the location of the user in the Active Directory. Its value can be in the following format.-Identity “CN=Username,CN=Users,DC=www,DC=doc,DC=com”
PasswordNeverExpires Specifies whether the account password will never expire.
PasswordNotRequired Specifies whether a password is required or not.
SamAccountName Specifies the SAM Account name of the user.
LogonWorkstations Specifies the workstations, on which the user can logon. Its values have to be provided in the following format.-LogonWorkstations “workstation1,workstation2.www.domain.com”

Reset Password for AD Users

You can reset the password of a user with Set-ADAccountPassword CMDlet.

Set-ADAccountPassword –Identity “CN=TestUser7,CN=Users,DC=www,DC=DOC,DC=com” –SamAccountName “TestUser7” –LogonWorkStations “Test”

Reset Password

Some of the acceptable parameters for this CMDlet are listed below.

Parameter Description
Identity Specifies the location of the user in the Active Directory. Its value can be in the following format.-Identity “CN=Username,CN=Users,DC=www,DC=doc,DC=com”
OldPassword Specifies the old password.
NewPassword Specifies the new password.

Both OldPassword and NewPassword have to be provided as the Secure String, therefore, their values should be in the following format.

–NewPassword (ReadHost –AsSecureString “Message”)
–OldPassword (ReadHost –AsSecureString “Message”)

After executing the command, PowerShell will ask for the new password. Enter the new password and hit Enter key to apply the change.

Change Password

Removing a Active Directory User Account

You can remove a user account using the Remove-ADUser CMDlet.

Remove-ADUser –Identity “CN=Username,CN=Users,DC=doc,DC=com”

Remove User

Pressing the Enter key will ask for confirmation to delete the user.

Remove Confirmation

Press Y to confirm the action.

Conclusion

To ensure security of your Active Directory it is important to keep track of user creation, modification and deletion activities. With native methods, it is very difficult to monitor these activities. Lepide Active Directory Auditor can help you to audit user creation, modification and deletion in real time with other important AD changes.

Check out our Active Directory Auditing solution
x
Or Deploy With Our Virtual Appliance
Learn More...

Audit Active Directory changes with Lepide Active Directory Auditor

x
Or Deploy With Our Virtual Appliance
Learn More...