Active Directory management & automation

Schedule Import of Users from a CSV File

With Adaxes you can schedule the import of users from a CSV file to Active Directory to take place automatically on a predefined time interval. To schedule data import you need to define a Scheduled Task that will periodically execute a PowerShell script. The script will read in a CSV file using the Import-Csv cmdlet and pass the results to the New-AdmUser cmdlet to create users in AD. The New-AdmUser cmdlet is included in the Adaxes PowerShell Module.

To use the New-AdmUser cmdlet, you need to install the PowerShell Module for Active Directory component of Softerra Adaxes. The component is installed with the same installation package as used to install Adaxes service.

To schedule an import of user accounts from a CSV file to Active Directory, do the following:

Launch Adaxes Administration Console, expand your Adaxes service, right-click Scheduled Tasks, point to New and click Scheduled Task. The Create Scheduled Task wizard will open.

Launching the Create Scheduled Task wizard

Enter a name for the new Scheduled Task and click Next.
When giving a name to a task, it is recommended to use nouns (e.g. User Importer, Location Updater), because the task name will appear in the Adaxes Log and approval e-mail notifications and denote the operation executor.

On the Task Schedule page, you need to define the time and time interval at which the task will run.

Task Schedule

Select the desired time and time interval and click Next.

Choose the type of Active Directory objects, on which the new Scheduled Task will be executed. Since we want to import user accounts to an Organizational Unit, select Organizational-Unit in the Object type list. Click Next.

Object Type for Scheduled Task

At the next step, you need to configure the Scheduled Task to execute a PowerShell script:
  • Click the Add Action link.
  • Select the Run a program of PowerShell script action in the list.
  • Enter a description of the script into the Short description field.
  • Click the Run Script Editor button.
Scheduled Task: Run PowerShell Script action

In the PowerShell Script Editor dialog, type the text of a PowerShell script that will import the data. The text of the script will depend on the contents of the CSV file that will be imported.

View Possible Columns for CSV Files

Column Name Description Example Type
AccountExpirationDate The expiration date for the account. When set to 0, the account never expires. 4/17/2006
Monday, April 17, 2006
Monday, April 17, 2006 2:22 PM
Mon, 17 Apr 2006 21:22:48 GMT
05/01/2012 5:00:00 PM
Date
AccountNotDelegated Specifies whether the security context of the user is delegated to a service. true
false
Boolean
AccountPassword The user password. secret Secure String
AllowReversiblePassword
Encryption
Specifies whether reversible password encryption is allowed for the account. true
false
Boolean
CannotChangePassword Specifies whether the account password can be changed. true
false
Boolean
ChangePasswordAtLogon Specifies whether the password must be changed during the first logon. true
false
Boolean
City The user's town or city. London String
Company The user's company. Acme String
Country The country or region code for the user's language of choice. US
FR
String
Department The user's department. Sales String
Description The description of the user. External subcontractor String
DisplayName The display name of the user. John Smith String
Division The user's division. Software String
EmailAddress The user's e-mail address. johndoe@example.com String
EmployeeID The user's employee ID. A123321 String
EmployeeNumber The user's employee number. 112233 String
Enabled Specifies if the account is enabled. true
false
Boolean
Fax The user's fax phone number. +1 (999) 555 1122 String
GivenName The user's first name. John String
HomeDirectory The user's home directory. \\SERVER\johnsmith String
HomeDrive The drive that is associated with the UNC path defined by the HomeDirectory property. D: String
HomePage The URL of the home page of the user. http://example.com/jsmith String
HomePhone The user's home telephone number. +1 (999) 555 2222 String
Initials The initials that represent part of the user's name. L String
LogonWorkstations The computers that the user can access. COMP1,COMP2.example.com String
Manager The user's manager. john.doe
CN=Doe,CN=Users,DC=acme,DC=com
7D1D1508-2A07-47D8-8933-C9E557ED86D0
S-1-5-21-1233211223-291919
ADUser
MobilePhone The user's mobile phone number. +1 (999) 555 3333 String
Name The user's full name. John Smith String
Office The location of the user's office or place of business. B1021 String
OfficePhone The user's office telephone number. +1 (999) 555 4444 String
Organization The user's organization. Accounting String
OtherAttributes Values for user properties that cannot be specified in the CSV file columns. 'extensionAttribute1'=value
'customAttribute'=value1,value2
'attr1'=val; 'attr2'=val1,val2
TTT
OtherName The name in addition to a user's given name and surname, such as the user's middle name. Peter String
PasswordNeverExpires Specifies whether the password of the account can expire. true
false
Boolean
PasswordNotRequired Specifies whether the account requires a password. true
false
Boolean
Path The DN of the Organizational Unit (OU) or container where the new user will be created. CN=Users,DC=acme,DC=com String
POBox The user's post office box number. 25656 String
PostalCode The user's postal code or zip code. 18711 String
ProfilePath The path to the user's profile. \\SERVER\profiles\johndoe String
ProtectedFromAccidental
Deletion
Specifies whether an object is protected from accidental deletion. true
false
Boolean
SamAccountName The user's logon name (pre-Windows 2000). johnsmith String
ScriptPath The path to the user's log on script. \\SCRIPTS\johnsmithLogin String
SmartcardLogonRequired Specifies whether a smart card is required to logon. true
false
Boolean
State The user's state or province. Nevada String
StreetAddress The user's street address. 100 Main Street String
Surname The user's last name or surname. Smith String
Title The user's title. Sales Manager String
TrustedForDelegation Specifies whether an account is trusted for Kerberos delegation. true
false
Boolean
UserPrincipalName The user's logon name. johnsmith@example.com String
See also: New-AdmUser.

If your CSV file doesn't contain the AccountPassword column and columns with data of the Boolean type (e.g. Enabled or ChangePasswordAtLogon), you can use the script given below.

CSV File With User Accounts

	Import-Module Adaxes
	$file = "\\SERVER\Share\users.csv"
	$targetDN = "%distinguishedName%"
	$domain = $Context.GetObjectDomain($targetDN)

	Import-CSV $file | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain
The -Path parameter specifies the Distinguished Name (DN) of the Organizational Unit or container where new users will be created. Value reference %distinguishedName% will be replaced with the DN of the Organizational Unit on which the Scheduled Task will be assigned.

If your CSV file contains the AccountPassword column or columns with data of the Boolean type (e.g. Enabled or ChangePasswordAtLogon), these columns must be processed in a special way (see the script below).

	Import-Module Adaxes
	$file = "\\SERVER\Share\users.csv"
	$targetDN = "%distinguishedName%"
	$domain = $Context.GetObjectDomain($targetDN)

	$importedUsers = Import-Csv $file
	foreach ($user in $importedUsers)
	{
		$user.AccountPassword =`
				ConvertTo-SecureString -AsPlainText $user.AccountPassword -Force
		$user.Enabled = [System.Boolean]::Parse($user.Enabled)
		$user.ChangePasswordAtLogon = [System.Boolean]::Parse($user.ChangePasswordAtLogon)
		 
		$user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain
	}

If you want the script to send an email notification if it fails to create a user account, you can use the following code:

	...
	try
	{
		$user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain`
				-ErrorAction Stop
	}
	catch [System.Exception]
	{
		$to = "admin@company.com"
		$subj = "Failed to Import User from CSV"
		$bodyText = "Adaxes failed to import user " + $user.Name + " from $file."`
				+ "`nError: " + $_.Exception.Message
		$bodyHtml = $NULL
		$Context.SendMail($to, $subj, $bodyText, $bodyHtml)

		$Context.LogMessage($bodyText, "Error")
	}
For information on how to create scripts for Business Rules, Custom Commands, and Scheduled Tasks, see Server-Side Scripting.

When finished, click OK two times and then click Next.


On the Activity Scope page you need to select the Organizational Unit in which new user accounts will be created by the task.

  • Click the Add button. In the Task Activity Scope dialog that opens, select the Organizational Unit in which you want the task to create user accounts. Click Add.
    Specifying task activity scope
  • In the Assignment Options dialog, uncheck the Child objects of this Organizational-Unit option, and check the This Organizational-Unit object option. Click OK.
  • Click OK.
You can define a Business Rule that will automatically move newly created users to the appropriate location based on specific rules. For details, see Move Newly Created Users to a Specific OU.

The selected Organizational Unit will be displayed in the Assignments list. Click Finish.
The activity scope of the Scheduled Task must include a single Organizational Unit! Otherwise the task will import user accounts to each OU included in the activity scope.


See also: Import User Accounts from a CSV File.

? Waiting

Progress status: Checking...