Monday, December 02, 2013

PowerShell, New-AdUser Cmdlet for Creating SQL/SharePoint Service Accounts


Description

I think the degree to which you seek to automate various administrative tasks during a SQL Server / SharePoint deployment depends on a variety of things; of which your immediate time and value of reuse-ability in time invested are certainly at the top of the list.  I recently needed to create about ten AD service accounts for a new deployment.  While I could have fully automated the process with a PowerShell script that would read from an Excel file (Microsoft Script Center, 2013), all I really wanted to do was simplify the process of creating AD users, inline, using PowerShell.

Solution

The New-ADUser cmdlet has several parameters.  The example below creates one AD User Account called SvcSampleUser01 with parameters values that make sense for my purposes.  Of course, each environment will differ and so this example may need to be modified accordingly.

New-ADUser –SamAccountName “SvcSampleUser01” -UserPrincipalName "SvcSampleUser01@domain.com” -GivenName “” -Surname “” -Name "SvcSampleUser01" -DisplayName “SvcSampleUser01” -Description "Service Account, SharePoint Farm 01, SharePoint Sample Service Account." -Enabled $true -PasswordNeverExpires $true -CannotChangePassword $true -ChangePasswordAtLogon $false -path “OU=LowOU, OU=MidOU, OU=HighOU, DC=DOMAINNAME, DC=com” -AccountPassword (Read-Host -AsSecureString "Specify Account Password, Enter")

One thing to take note of is the -path parameter.  Most of the examples on the Web only have a single OU listed.  In cases where the target OU is nested, then you list the OU's sequentially from the lowest to the highest as shown in the example.

Also, note that this cmldet will prompt for the password to be typed in.

Using this cmdlet inline in a PowerShell window will be faster than using the AD user interface.  However, this may be slower than using a fully automated approach with an Excel input, depending on how many accounts need to be created.


References

Microsoft Script Center (2013).  PowerShell: Create Active Directory Users Based On Excel Input.  Retrieved December 2, 2013 from http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Create-Active-7e6a3978.

Microsoft TechNet (2013).  Active Directory Cmdlets in Windows PowerShell.  Retrieved December 2, 2013 from http://technet.microsoft.com/en-us/library/ee617195.aspx.

Microsoft TechNet (2013).  New-ADUser.  Retrieved December 2, 2013 from http://technet.microsoft.com/en-us/library/ee617253.aspx.

No comments:

Post a Comment