Concepts: Information Architecture, Knowledge Management, Portals, Enterprise Search, Collaboration, Extranets, Intranets, Business Intelligence, Business Process Automation, ECM, Records Management, CRM, ERP, Mobile, Web
Approach: Project Management, Business Analysis, Strategy, Design, Development, Implementation
Technologies: Microsoft SharePoint, Office 365, Azure, SQL Server, Windows, HTML5, CSS, JavaScript, ASP.NET
Monday, December 02, 2013
PowerShell, New-AdUser Cmdlet for Creating SQL/SharePoint Service Accounts
Description
I think the degree to which you seek to automate various administrative tasks during a SQL Server / SharePoint deployment depends on a variety of things; of which your immediate time and value of reuse-ability in time invested are certainly at the top of the list. I recently needed to create about ten AD service accounts for a new deployment. While I could have fully automated the process with a PowerShell script that would read from an Excel file (Microsoft Script Center, 2013), all I really wanted to do was simplify the process of creating AD users, inline, using PowerShell.
Solution
The New-ADUser cmdlet has several parameters. The example below creates one AD User Account called SvcSampleUser01 with parameters values that make sense for my purposes. Of course, each environment will differ and so this example may need to be modified accordingly.
New-ADUser –SamAccountName “SvcSampleUser01” -UserPrincipalName "SvcSampleUser01@domain.com” -GivenName “” -Surname “” -Name "SvcSampleUser01" -DisplayName “SvcSampleUser01” -Description "Service Account, SharePoint Farm 01, SharePoint Sample Service Account." -Enabled $true -PasswordNeverExpires $true -CannotChangePassword $true -ChangePasswordAtLogon $false -path “OU=LowOU, OU=MidOU, OU=HighOU, DC=DOMAINNAME, DC=com” -AccountPassword (Read-Host -AsSecureString "Specify Account Password, Enter")
One thing to take note of is the -path parameter. Most of the examples on the Web only have a single OU listed. In cases where the target OU is nested, then you list the OU's sequentially from the lowest to the highest as shown in the example.
Also, note that this cmldet will prompt for the password to be typed in.
Using this cmdlet inline in a PowerShell window will be faster than using the AD user interface. However, this may be slower than using a fully automated approach with an Excel input, depending on how many accounts need to be created.
References
Microsoft Script Center (2013). PowerShell: Create Active Directory Users Based On Excel Input. Retrieved December 2, 2013 from http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Create-Active-7e6a3978.
Microsoft TechNet (2013). Active Directory Cmdlets in Windows PowerShell. Retrieved December 2, 2013 from http://technet.microsoft.com/en-us/library/ee617195.aspx.
Microsoft TechNet (2013). New-ADUser. Retrieved December 2, 2013 from http://technet.microsoft.com/en-us/library/ee617253.aspx.
No comments:
Post a Comment