top of page
Search

Create 73,000 Test AD User Accounts

Updated: Aug 18

Need to bulk-create Domain Users? This PowerShell script can generate over 73,000 accounts right out of the box. Want more? Just add extra first and last names to the CSV. While 73,000 test accounts should cover more than you’ll ever realistically need, the script can also be tweaked, remove the randomization and it’ll build real users directly from your CSV list.


Download the following script (CreateTestUsers.txt) and names.csv and copy them to C:\Downloads









Rename the 'CreateTestUsers.txt' to 'CreateTestUsers.ps1', open in PowerShell_ISE and update the domain specific entries.


Run the script and enter the number of accounts required.

ree

During testing the higher the percentage of maximum accounts the slower the script runs, it struggles to make unique names.


The accounts create have their Profile and Home shares, Group Membership

ree

Each account created has a random 14-character password that is outputted at the end to C:\Downloads\results.txt

ree

Here's the script...


#Get OU for users

import-module ActiveDirectory


#Get Targetted OU

$orgOU = Get-ADOrganizationalUnit "ou=Test Users,ou=Org,dc=sh,dc=loc"

$orgOU.distinguishedname


#set password length

$length = "14"


#Outs the account and password created

$results = "C:\Downloads\results.txt"


#Declares Inheritance

$inherNone = [System.Security.AccessControl.InheritanceFlags]::None

$propNone = [System.Security.AccessControl.PropagationFlags]::None

$inherCnIn = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit

$propInOn = [System.Security.AccessControl.PropagationFlags]::InheritOnly

$inherObIn = [System.Security.AccessControl.InheritanceFlags]::ObjectInherit

$propNoPr = [System.Security.AccessControl.PropagationFlags]::NoPropagateInherit


#current number of users in OU

$aduE = get-aduser -filter {samaccountname -like "*"} -SearchBase $orgOU

$existing = $aduE.count


#Import list of first and surnames

$Names = "C:\Downloads\names.csv"


#Imports and works out max possible users that can be created

$impName = Import-Csv -path $Names

$FNCT = ($impName.firstname | where {$_.trim() -ne ""}).count

$SNCT = ($impName.surname | Where {$_.trim() -ne ""}).count

$maxUN = $FNCT * $SNCT

$total = ($maxUn.ToString()) -10


do {$enter = ([int]$NOS = (read-host "Max User accounts is "$total", how many do you need"))

}

until ($nos -le $total)


$UserLists=@{}


#Randomises first and surnames

do {


$FName = ($impName.firstname | where {$_.trim() -ne ""})|sort {get-random} | select -First 1

$SName = ($impName.surname | Where {$_.trim() -ne ""}) |sort {get-random} | select -First 1

$UserIDs = $Fname + "." + $Sname

try {$UserLists.add($UserIds,$UserIDs)} catch {}

$UserIDs = $null


Write-Host $UserLists.count

} until ($UserLists.count -eq $nos)


$UserLists.count

$userlists.GetEnumerator()

$UserLists.key

$ADUs = $UserLists.values

Foreach ($ADu in $ADus)

{

#Set var for random passwords

$Assembly = Add-Type -AssemblyName System.Web

$RandomComplexPassword = [System.Web.Security.Membership]::GeneratePassword($Length,4)


Foreach ($pwd in $RandomComplexPassword)

{

#Splits username to be used to create first and surname

$ADComp = get-aduser -filter {samaccountname -eq $ADU}

$spUse = $ADu.Split('.')

$firstNe = $spUse[0]

$surNe = $spUse[1]


$pwSec = ConvertTo-SecureString "$pwd" -AsPlainText -Force


#Creates user accounts

if ($ADComp -eq $null)

{

New-aduser -Name "$ADU" `

-SamAccountName "$ADU" `

-AccountPassword $pwSec `

-GivenName "$firstNe" `

-Surname "$surNe" `

-Displayname "$FnS" `

-Description "TEST $ADu" `

-Path $orgOU `

-Enable $true `

-ProfilePath "\\shdc1\Profiles$\$ADU" `

-HomeDirectory "\\shdc1\Home$\$ADU" `

-HomeDrive "H:" `


#Creates Home Directory and Sets permissions

New-Item "\\shdc1\Home$\$ADU" -ItemType Directory -force

$gADU = Get-ADUser $ADU

$H = "\\shdc1\Home$\$ADU"

$getAcl = Get-Acl $H

$fileAcc = New-Object System.Security.AccessControl.FileSystemAccessRule($gADU.sid, "MODIFY", "$inherCnIn,$inherObIn", "None", "Allow")

$getacl.setAccessRule($fileAcc)

Set-Acl $H $getacl



#Add Group membership

Add-ADGroupMember -Identity "DFSAccess"-Members $ADU


#Outs results to Results file

$adu | out-file $results -Append

$pwd | out-file $results -Append

" " | out-file $results -Append

}

else {"nope exists "}

Write-host $ADU

}

}

# Total users in OU

$aduC = get-aduser -filter {samaccountname -like "*"} -SearchBase $orgOU

$TotalU = $aduC.count


#Total users created

Write-host "Total New Users"

$TotalU - $existing


Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page