If you’ve ever been tasked with migrating a batch of users to an Active Directory, the mere thought of doing the data entry for all of those user accounts can be enough to make you question your choice of career. Thankfully, there are a wealth of scripts which can help make your life easier.

One tool I have been using recently is the Arposh New User Creation (ANUC) tool. The point of difference between this and a lot of other import scrips is the fact it has a GUI, and can be used easily for either data entry or data importing. This PowerShell Script can be run in two modes:

  1. Standard data entry, where all of the useful fields are displayed on one screen ready for you to enter. When you configure the app, you can set drop down menu values making the job more consistent and less error prone.
  2. CSV import mode, where you can import everything from a spreadsheet.

Requirements:

  • Powershell v2 (minimum)
  • Active Directory module (If you have Windows Server 2008 R2 running as a Domain Controller installed, you should be set)

How to use ANUC

  1. Download the Powershell Script from the TechNet Script Center. Save this file into an easy to access folder (e.g. your User folder)
  2. You may need to change your Execution Policy on your computer in order to run this script. To do so, load a PowerShell window as an Administrator. Type this command: “Set-ExecutionPolicy Bypass“. We suggest you change this back once you have completed your work with ANUCPowerShell: Set-ExecutionPolicy Bypass
  3. Right click on the ANUC file, and choose “Run with Powershell”. As this is your first run, it will prompt you to create a configuration file. It will auto generate this, and save it as “ANUC.options.xml” in the same directory as the script. It also loads up the file in Notepad so you can make your changes.
  4. Go through the XML file and fill out all of the details. In some cases, you may want to delete sections. For example, you may not have multiple domains or locations. If you don’t know how to set the LDAP Paths required in the file, skip down to the bottom of this post to read some pointers.
  5. Save the XML file and re-run the script. You will be presented with the default data entry screen. You can manually enter all of the users here.Alternatively, you can go to File > CSV Template and save an empty CSV spreadsheet ready for you to fill up with details. Once you have filled up the spreadsheet, you can import it and save everything to the Active Directory. If something goes wrong with the import (e.g. missing fields), you can open Active Directory Users and Computers, and delete the objects based on the date created.

    ANUC: Default Data Entry Screen

    ANUC: CSV Import Screen

  6. You should be done. Check and double check the results to ensure no massive errors occurred.

LDAP Directory Paths

Use of the configuration file assumes you have a basic working knowledge of LDAP Directory Paths. If not, keep reading for my quick and dirty explanation. You’ll need to understand this to configure the path values in ANUC. In fact, I would go so far to say this is fairly basic knowledge for anyone working with Active Directory.

Here’s some examples of the containers used within an Active Directory LDAP system, and how you reference their path:

  • Domain Names
    Each section of the domain’s DNS name is prefaced by “DC=”, and every element is separated by a comma.Example 1: If your Active Directory Domain Name is MyBusiness.local, the base of all your paths would be “DC=mybusiness,DC=local”.
    Example 2: If your Domain Name is LocalOrg.com.au, the base of all your paths would be “DC=localorg,DC=com,DC=au”.
  • Containers
    By default, Active Directory users get stored in the container aptly named “Users”. In a domain called “localorg.com.au”, this container could be referenced by the LDAP path “cn=Users,DC=localorg,DC=com,DC=au”
  • Organisational Units
    Active Directory allows you to create extra containers, called “Organisational Units” to store your objects. Say I create one called “Australian Workstations”, and place it at the same level as all of the other default containers (Users, Computers, Domain Controllers, etc). On a domain called “localorg.com.au”, this container could be referenced by the LDAP path “ou=Australian Workstations,DC=localorg,DC=com,DC=au”

You need to use these paths in the XML configuration file for the various locations of paths. Please customise them to fit the directory structure you have setup. If you have special OUs for your users you are importing, please ensure you reference them correctly. If in doubt, test the results with a small data set.