PowerShell Docs

Appearance

New-User

Users: Creates a new Active Directory user

Script
param(
	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string]$OUPath,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string]$GivenName,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string]$Surname,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[securestring]$Password,

	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[PSCredential]$DomainAccount,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$SAMAccountName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$UserPrincipalName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$UserName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$DisplayName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$Description,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$EmailAddress,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[switch]$ChangePasswordAtLogon,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[switch]$CannotChangePassword,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[switch]$PasswordNeverExpires,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$Department,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$Company,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$DomainName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[ValidateSet('Basic', 'Negotiate')]
	[string]$AuthType = "Negotiate"
)

try {
	Import-Module ActiveDirectory -ErrorAction Stop

	[hashtable]$cmdArgs = @{
		'ErrorAction' = 'Stop'
		'AuthType'    = $AuthType
	}
	if ($null -ne $DomainAccount) {
		$cmdArgs.Add("Credential", $DomainAccount)
	}
	if ([System.String]::IsNullOrWhiteSpace($DomainName)) {
		$cmdArgs.Add("Current", 'LocalComputer')
	} else {
		$cmdArgs.Add("Identity", $DomainName)
	}
	$Domain = Get-ADDomain @cmdArgs

	if ([string]::IsNullOrWhiteSpace($SAMAccountName)) {
		$SAMAccountName = "$GivenName.$Surname"
	}
	if ($SAMAccountName.Length -gt 20) {
		$SAMAccountName = $SAMAccountName.Substring(0, 20)
	}
	if ([string]::IsNullOrWhiteSpace($UserName)) {
		$UserName = "${GivenName}_$Surname"
	}
	if ([string]::IsNullOrWhiteSpace($DisplayName)) {
		$DisplayName = "$GivenName, $Surname"
	}
	if ([string]::IsNullOrWhiteSpace($UserPrincipalName)) {
		$UserPrincipalName = "$GivenName.$Surname@$($Domain.DNSRoot)"
	}
	if ([string]::IsNullOrWhiteSpace($EmailAddress)) {
		$EmailAddress = "$GivenName.$Surname@$($Domain.DNSRoot)"
	}

	$newArgs = @{
		'ErrorAction'           = 'Stop'
		'Server'                = $Domain.PDCEmulator
		'AuthType'              = $AuthType
		'Name'                  = $UserName
		'UserPrincipalName'     = $UserPrincipalName
		'DisplayName'           = $DisplayName
		'GivenName'             = $GivenName
		'Surname'               = $Surname
		'EmailAddress'          = $EmailAddress
		'Path'                  = $OUPath
		'SamAccountName'        = $SAMAccountName
		'AccountPassword'       = $Password
		'Confirm'               = $false
		'Description'           = $Description
		'Department'            = $Department
		'Company'               = $Company
		'ChangePasswordAtLogon' = $ChangePasswordAtLogon
		'PasswordNeverExpires'  = $PasswordNeverExpires
		'CannotChangePassword'  = $CannotChangePassword
		'Enabled'               = $true
		'PassThru'              = $true
	}
	if ($null -ne $DomainAccount) { $newArgs.Add("Credential", $DomainAccount) }

	$newUser = New-ADUser @newArgs
	Write-Output "User '$($newUser.Name)' created successfully."
	Write-Output $newUser
} catch {
	Write-Error $_
	exit 1
}
Customize

Specifies the Active Directory path (OU).

Specifies the user's first name.

Specifies the user's last name.

Specifies the initial password for the account.

Active Directory Credential for remote execution without CredSSP.

Specifies the SAM account name. If omitted, it defaults to GivenName.Surname.

Specifies the UPN. If omitted, it defaults to GivenName.Surname@Domain.

Specifies the name of the user object (CN).

Specifies the display name.

Specifies a description for the user.

Specifies the email address.

Off

Specifies whether the user must change their password at next logon.

Off

Specifies whether the user is prevented from changing their password.

Off

Specifies whether the password never expires.

Specifies the user's department.

Specifies the user's company.

Name of the Active Directory Domain.

Specifies the authentication method (Basic or Negotiate).

An interactive directory of PowerShell scripts.

MIT License