Creating Many Users with PowerShell and Admod

One of the mailing lists I read and occaisionally post on is named ActiveDir. A lot of heavy-hitters in the AD world hang-out around there. I've learned quite a bit by lurking there.

A recent poster had wanted to create a few thousand accounts for testing purposes, and have them all follow a certain format for the samaccountname, the mailnickname, and the e-mail address. That's tough to do with the standard tools (if you are on Exchange 2007, with "new-mailuser" this can be done in a couple of lines of PowerShell, but the poster was on Exchange 2000).

Joe Richards ('joe'), author of admod and adfind (two truly invaluable tools - if you don't have them, get them), said that his admod tool was perfect for this, and offered up the following command line (you'll have to scroll to the right to see it all):

admod -add -autobase 40:cn=Test,ou=test,dc=eng,dc=myco,dc=com -counterstart 23001 -bmod cn={{*cnt*}}_{{*name*}},{{*parent*}} -expand -csv -kerbenc samaccountname::{{*cnt*}}_{{*name*}} mailnickname::{{*cnt*}}_{{*name*}} unicodepwd::MyPassword1! objectclass::user useraccountcontrol::512 msExchHomeServerName::"::"/o=Org/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=mail1"

So the basic assumption here is that 40 users are going to be created in a particular OU. The name of the users are going to be of the format 230xx_Test, the accounts are going to be enabled, have a password set, have a mailnickname set, and a particular Exchange server set.

(By the way - setting mailnickname and msExchHomeServerName will cause RUS to stamp a user object on Exchange 2000 and Exchange 2003. It's not documented. SSSssshhhhh.)

What can you say? That's an amazing command line. But in his post, joe made a negative comment about PowerShell, so I had to respond. (Completely friendly rivalry there...)

Here is PowerShell code to do the same thing. As I shared in my response post - it's a few lines longer, but much easier to read!!! (If you wanted to do it all on one line - you could - but it would be impossible to read.)

function createUsers([string]$base,[string]$userPrefix,[string]$userSuffix,[string]$homeServer,[string]$password,[int]$baseCount,[int]$count)
	$objBase = [adsi]('LDAP://' + $base)
	[int]$top = $baseCount + $count
	for ([int]$i = $baseCount; $i -lt $top; $i++)
		[string]$user = $userPrefix + $i.ToString() + $userSuffix
		$objUser = $objBase.Create("user", "cn=" + $user)
		$objUser.Put("sAMAccountName",       $user)
		$objUser.Put("mailNickName",         $user)
		$objUser.Put("msExchHomeServerName", $homeServer)
		$objUser.psbase.Invoke("SetPassword",           $password)
		$objUser.psbase.InvokeSet("useraccountcontrol", 512)
	$objBase = $null

createUsers 'ou=OUtest,dc=essential,dc=local' '' '_Test' `
	'/o=First Organization/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=WIN2003-EXCH' `
	'MyPassword1!' 23001 4

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!

Published Saturday, June 07, 2008 2:30 PM by michael


Friday, June 13, 2008 11:07 AM by subject: exchange

# Weekend reading

Will Snow Leopard be the end of Entourage? Trustworthy Computing and Exchange Server The Exchange Team