Advanced Active Directory Management with PowerShell

By /

πŸ“˜ Managing Active Directory with PowerShell: CSV Imports and Advanced User Search

In managing Active Directory (AD), PowerShell provides powerful capabilities beyond basic user and group management. Two common tasks that administrators often face are:

1. Managing large sets of user accounts via CSV files
2. Finding users based on specific criteria

This guide walks you through both use cases with practical PowerShell examples you can reuse and adapt.

βœ… 1. Create or Update AD Users from a CSV File

Let’s say you received a list of new hires in a CSV file. Instead of manually creating each user, automate the process.

CSV Example (NewUsers.csv):

FirstName,LastName,Username,OU,Department
Alice,Smith,asmith,OU=Sales,DC=contoso,DC=com
Bob,Johnson,bjohnson,OU=IT,DC=contoso,DC=com

PowerShell Script:

# Import the ActiveDirectory module
Import-Module ActiveDirectory

# Import user list from CSV
$users = Import-Csv -Path "C:\Scripts\NewUsers.csv"

foreach ($user in $users) {
    $name = "$($user.FirstName) $($user.LastName)"
    $samAccountName = $user.Username
    $ou = $user.OU
    $department = $user.Department

    # Check if user already exists
    if (Get-ADUser -Filter "SamAccountName -eq '$samAccountName'" -ErrorAction SilentlyContinue) {
        Write-Host "User $samAccountName already exists. Skipping..." -ForegroundColor Yellow
        continue
    }

    # Create the new user
    New-ADUser `
        -Name $name `
        -GivenName $user.FirstName `
        -Surname $user.LastName `
        -SamAccountName $samAccountName `
        -UserPrincipalName "$samAccountName@contoso.com" `
        -Path $ou `
        -Department $department `
        -AccountPassword (ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force) `
        -Enabled $true

    Write-Host "Created user: $name ($samAccountName)" -ForegroundColor Green
}

πŸ” Security Tip: Always change the initial password and enforce a password change at next login.

πŸ” 2. Find AD Users with Missing Attributes or Based on Filters

Ever needed to find users missing email addresses? Or maybe all users from a certain department?

Here’s how you can do that efficiently:

πŸ”Ž Find users with no email address:

Get-ADUser -Filter {EmailAddress -notlike "*"} -Properties EmailAddress |
    Select-Object Name, SamAccountName, EmailAddress

πŸ” Find all users from a specific department:

Get-ADUser -Filter {Department -eq "IT"} -Properties Department |
    Select-Object Name, SamAccountName, Department

πŸ”§ Find all disabled accounts:

Get-ADUser -Filter {Enabled -eq $false} -Properties Enabled |
    Select-Object Name, SamAccountName, Enabled

βœ… You can export any of these to CSV for reporting:

| Export-Csv "C:\Reports\DisabledUsers.csv" -NoTypeInformation

🧰 Bonus Tip: Bulk Disable Users from a CSV

If you need to bulk-disable users (e.g., leavers), list their usernames in a CSV and run:

CSV Example:

Username
asmith
bjohnson

PowerShell Script:

Import-Csv -Path "C:\Scripts\Leavers.csv" | ForEach-Object {
    $user = $_.Username
    Disable-ADAccount -Identity $user
    Write-Host "Disabled account: $user" -ForegroundColor Cyan
}

πŸš€ Wrap-Up

PowerShell is a game-changer when it comes to managing AD at scale. Whether you’re onboarding dozens of users or auditing attribute completeness, a few lines of code can save hours of manual work.

If you found these examples helpful, let me know in the comments β€” or suggest other AD tasks you’d like covered in the next guide!

Leave a Comment

Scroll to Top