Schedule Import of Users from CSV


With Adaxes you can automate the provisioning of user accounts by importing data from a CSV file into Active Directory on a regular basis. To schedule the import process you need to create a Scheduled Task that will periodically execute a PowerShell script. The script will read in a CSV file using the Import-Csv cmdlet and pass the data to the New-AdmUser cmdlet to create users in Active Directory.

The New-AdmUser cmdlet is included in Adaxes PowerShell Module for Active Directory. To use the cmdlet in a Scheduled Task, you need to install Adaxes PowerShell Module on the computer, where your Adaxes service is running.


Perform the following steps to schedule the import of user accounts from a CSV file:


  1. Create a CSV file with user data.

    Column Name Description Example Type
    AccountExpirationDate The expiration date for the account. When set to 0, the account never expires. 4/17/2006
    Monday, April 17, 2006
    Monday, April 17, 2006 2:22 PM
    Mon, 17 Apr 2006 21:22:48 GMT
    05/01/2012 5:00:00 PM
    Date
    AccountNotDelegated Specifies whether the security context of the user is delegated to a service. true
    false
    Boolean
    AccountPassword The user password. secret Secure String
    AllowReversiblePassword
    Encryption
    Specifies whether reversible password encryption is allowed for the account. true
    false
    Boolean
    CannotChangePassword Specifies whether the account password can be changed. true
    false
    Boolean
    ChangePasswordAtLogon Specifies whether the password must be changed during the first logon. true
    false
    Boolean
    City The user's town or city. London String
    Company The user's company. Acme String
    Country The country or region code for the user's language of choice. US
    FR
    String
    Department The user's department. Sales String
    Description The description of the user. External subcontractor String
    DisplayName The display name of the user. John Smith String
    Division The user's division. Software String
    EmailAddress The user's e-mail address. johndoe@example.com String
    EmployeeID The user's employee ID. A123321 String
    EmployeeNumber The user's employee number. 112233 String
    Enabled Specifies if the account is enabled. true
    false
    Boolean
    Fax The user's fax phone number. +1 (999) 555 1122 String
    GivenName The user's first name. John String
    HomeDirectory The user's home directory. \\SERVER\johnsmith String
    HomeDrive The drive that is associated with the UNC path defined by the HomeDirectory property. D: String
    HomePage The URL of the home page of the user. http://example.com/jsmith String
    HomePhone The user's home telephone number. +1 (999) 555 2222 String
    Initials The initials that represent part of the user's name. L String
    LogonWorkstations The computers that the user can access. COMP1,COMP2.example.com String
    Manager The user's manager. john.doe
    CN=Doe,CN=Users,DC=acme,DC=com
    7D1D1508-2A07-47D8-8933-C9E557ED86D0
    S-1-5-21-1233211223-291919
    ADUser
    MobilePhone The user's mobile phone number. +1 (999) 555 3333 String
    Name The user's full name. John Smith String
    Office The location of the user's office or place of business. B1021 String
    OfficePhone The user's office telephone number. +1 (999) 555 4444 String
    Organization The user's organization. Accounting String
    OtherAttributes Values for user properties that cannot be specified in the CSV file columns. 'extensionAttribute1'=value
    'customAttribute'=value1,value2
    'attr1'=val; 'attr2'=val1,val2
    TTT
    OtherName The name in addition to a user's given name and surname, such as the user's middle name. Peter String
    PasswordNeverExpires Specifies whether the password of the account can expire. true
    false
    Boolean
    PasswordNotRequired Specifies whether the account requires a password. true
    false
    Boolean
    Path The DN of the Organizational Unit (OU) or container where the new user will be created. CN=Users,DC=acme,DC=com String
    POBox The user's post office box number. 25656 String
    PostalCode The user's postal code or zip code. 18711 String
    ProfilePath The path to the user's profile. \\SERVER\profiles\johndoe String
    ProtectedFromAccidental
    Deletion
    Specifies whether an object is protected from accidental deletion. true
    false
    Boolean
    SamAccountName The user's logon name (pre-Windows 2000). johnsmith String
    ScriptPath The path to the user's log on script. \\SCRIPTS\johnsmithLogin String
    SmartcardLogonRequired Specifies whether a smart card is required to logon. true
    false
    Boolean
    State The user's state or province. Nevada String
    StreetAddress The user's street address. 100 Main Street String
    Surname The user's last name or surname. Smith String
    Title The user's title. Sales Manager String
    TrustedForDelegation Specifies whether an account is trusted for Kerberos delegation. true
    false
    Boolean
    UserPrincipalName The user's logon name. johnsmith@example.com String
  2. Launch Adaxes Administration Console, expand your Adaxes service, right-click Scheduled Tasks, point to New and click Scheduled Task.



    Enter a name for the new Scheduled Task, and click Next.

    It is recommended to use nouns to name Scheduled Tasks (e.g. CSV Importer, Membership Manager), because tasks will appear as operation initiators in the Adaxes Log and approval email notifications.
  3. Specify how often the task should run and click Next.


  4. To import user accounts into an Organizational Unit, select the Organizational-Unit object type.


    Click Next.

  5. Click Add an action and select Run a program or PowerShell script.

    Click the button to provide a custom description for the action.
  6. Click the Edit button to open the script editor.

  7. If your CSV file doesn't contain column AccountPassword and columns with data of the Boolean type (e.g. Enabled or ChangePasswordAtLogon), you can use the script given below.

    Import-Module Adaxes
    
    $file = "\\SERVER\Share\users.csv"
    $targetDN = "%distinguishedName%"
    $domain = $Context.GetObjectDomain($targetDN)
    
    Import-CSV $file | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain

    The -Path parameter specifies the distinguished name (DN) of the Organizational Unit or container where to create user accounts. Value reference %distinguishedName% will be replaced with the DN of the Organizational Unit included in the activity scope of the task.


    If your CSV file contains column AccountPassword or columns with data of the Boolean type, the columns must be processed in a special way.


    Import-Module Adaxes
    
    $file = "\\SERVER\Share\users.csv"
    $targetDN = "%distinguishedName%"
    $domain = $Context.GetObjectDomain($targetDN)
    
    $importedUsers = Import-Csv $file
    foreach ($user in $importedUsers)
    {
        $user.AccountPassword =`
            ConvertTo-SecureString -AsPlainText $user.AccountPassword -Force
        $user.Enabled = [System.Boolean]::Parse($user.Enabled)
        $user.ChangePasswordAtLogon = [System.Boolean]::Parse($user.ChangePasswordAtLogon)
    
        $user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain
    }



    Error Email Notifications

    If you want the script to send an email notification if an error occurred during user account creation, you can use the following code:

    ...
    
    try
    {
        $user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain`
            -ErrorAction Stop
    }
    catch [System.Exception]
    {
        $to = "admin@company.com"
        $subj = "Failed to Import User from CSV"
        $bodyText = "Adaxes failed to import user " + $user.Name + " from $file."`
            + "`nError: " + $_.Exception.Message
        $bodyHtml = $NULL
        $Context.SendMail($to, $subj, $bodyText, $bodyHtml)
    
        $Context.LogMessage($bodyText, "Error")
    }

    For information on how to create scripts for Business Rules, Custom Commands, and Scheduled Tasks, see Server-Side Scripting.



    When finished, click OK two times and then click Next.

  8. On the Activity Scope page, specify the Organizational Unit where imported user accounts will be created.

    • Click the Add button.
    • Select the target Organizational Unit.


    • In the Assignment Options dialog, check the The Organizational Unit object checkbox and uncheck the Objects located in the Organizational Unit checkbox.

    • Click OK two times.
    Using Business Rules you can automatically move newly created users to appropriate Organizational Units based on certain rules. For more details, see Automatically Move Users between Organizational Units.
  9. The activity scope of the Scheduled Task must include a single Organizational Unit! Otherwise the task will import user accounts to each OU included in the activity scope.


    Click Finish.


See Also



Open tutorial filtering

Got questions?
Support Forum