With Adaxes you can automate the provisioning of user accounts by importing data from a CSV file into Active Directory on a regular basis. To schedule the import process you need to create a Scheduled Task that will periodically execute a PowerShell script. The script will read in a CSV file using the Import-Csv cmdlet and pass the data to the New-AdmUser cmdlet to create users in Active Directory.
The New-AdmUser cmdlet is included in Adaxes PowerShell Module for Active Directory. To use the cmdlet in a Scheduled Task, you need to install Adaxes PowerShell Module on the computer, where your Adaxes service is running.
Perform the following steps to schedule the import of user accounts from a CSV file:
Create a CSV file with user data.
By default, Adaxes will expect the columns in the CSV file to be named like in the table below. If the columns in your CSV file are named differently, you will need to use column mapping.
Column Name | Description | Example | Type |
---|---|---|---|
AccountExpirationDate | The expiration date for the account. When set to 0, the account never expires. |
4/17/2006 Monday, April 17, 2006 Monday, April 17, 2006 2:22 PM Mon, 17 Apr 2006 21:22:48 GMT 05/01/2012 5:00:00 PM |
Date |
AccountNotDelegated | Specifies whether the security context of the user is delegated to a service. |
true false |
Boolean |
AccountPassword | The user password. | secret | Secure String |
AllowReversiblePassword Encryption |
Specifies whether reversible password encryption is allowed for the account. |
true false |
Boolean |
CannotChangePassword | Specifies whether the account password can be changed. |
true false |
Boolean |
ChangePasswordAtLogon | Specifies whether the password must be changed during the first logon. |
true false |
Boolean |
City | The user's town or city. | London | String |
Company | The user's company. | Acme | String |
Country | The country or region code for the user's language of choice. |
US FR |
String |
Department | The user's department. | Sales | String |
Description | The description of the user. | External subcontractor | String |
DisplayName | The display name of the user. | John Smith | String |
Division | The user's division. | Software | String |
EmailAddress | The user's e-mail address. | johndoe@example.com | String |
EmployeeID | The user's employee ID. | A123321 | String |
EmployeeNumber | The user's employee number. | 112233 | String |
Enabled | Specifies if the account is enabled. |
true false |
Boolean |
Fax | The user's fax phone number. | +1 (999) 555 1122 | String |
GivenName | The user's first name. | John | String |
HomeDirectory | The user's home directory. | \\SERVER\johnsmith | String |
HomeDrive | The drive that is associated with the UNC path defined by the HomeDirectory property. | D: | String |
HomePage | The URL of the home page of the user. | http://example.com/jsmith | String |
HomePhone | The user's home telephone number. | +1 (999) 555 2222 | String |
Initials | The initials that represent part of the user's name. | L | String |
LogonWorkstations | The computers that the user can access. | COMP1,COMP2.example.com | String |
Manager | The user's manager. |
john.doe CN=Doe,CN=Users,DC=acme,DC=com 7D1D1508-2A07-47D8-8933-C9E557ED86D0 S-1-5-21-1233211223-291919 |
ADUser |
MobilePhone | The user's mobile phone number. | +1 (999) 555 3333 | String |
Name | The user's full name. | John Smith | String |
Office | The location of the user's office or place of business. | B1021 | String |
OfficePhone | The user's office telephone number. | +1 (999) 555 4444 | String |
Organization | The user's organization. | Accounting | String |
OtherAttributes | Values for user properties that cannot be specified in the CSV file columns. |
'extensionAttribute1'=value 'customAttribute'=value1,value2 'attr1'=val; 'attr2'=val1,val2 |
TTT |
OtherName | The name in addition to a user's given name and surname, such as the user's middle name. | Peter | String |
PasswordNeverExpires | Specifies whether the password of the account can expire. |
true false |
Boolean |
PasswordNotRequired | Specifies whether the account requires a password. |
true false |
Boolean |
Path | The DN of the Organizational Unit (OU) or container where the new user will be created. | CN=Users,DC=acme,DC=com | String |
POBox | The user's post office box number. | 25656 | String |
PostalCode | The user's postal code or zip code. | 18711 | String |
ProfilePath | The path to the user's profile. | \\SERVER\profiles\johndoe | String |
ProtectedFromAccidental Deletion |
Specifies whether an object is protected from accidental deletion. |
true false |
Boolean |
SamAccountName | The user's logon name (pre-Windows 2000). | johnsmith | String |
ScriptPath | The path to the user's log on script. | \\SCRIPTS\johnsmithLogin | String |
SmartcardLogonRequired | Specifies whether a smart card is required to logon. |
true false |
Boolean |
State | The user's state or province. | Nevada | String |
StreetAddress | The user's street address. | 100 Main Street | String |
Surname | The user's last name or surname. | Smith | String |
Title | The user's title. | Sales Manager | String |
TrustedForDelegation | Specifies whether an account is trusted for Kerberos delegation. |
true false |
Boolean |
UserPrincipalName | The user's logon name. | johnsmith@example.com | String |
Launch Adaxes Administration Console, expand your Adaxes service, right-click Scheduled Tasks, point to New and click Scheduled Task.
Enter a name for the new Scheduled Task, and click Next.
Specify how often the task should run and click Next.
To import user accounts into an Organizational Unit, select the Organizational Unit object type.
Click Next.
Click Add an action and select Run a program or PowerShell script.
Click the Edit button to open the script editor.
If your CSV file doesn't contain any special columns and all columns are named exactly as in the table from Step 1 of this tutorial, use the below script to import new users.
Import-Module Adaxes $file = "\\SERVER\Share\users.csv" $targetDN = "%distinguishedName%" $domain = $Context.GetObjectDomain($targetDN) Import-CSV $file | New-AdmUser -Path $targetDN -Server $domain ` -AdaxesService localhost
The -Path parameter specifies the distinguished name (DN) of the Organizational Unit or container where to create user accounts. Value reference %distinguishedName% will be replaced with the DN of the Organizational Unit included in the activity scope of the task.
If your CSV file contains columns with the following data types, they need to be processed in the script:
Import-Module Adaxes $file = "\\SERVER\Share\users.csv" $targetDN = "%distinguishedName%" $domain = $Context.GetObjectDomain($targetDN) $importedUsers = Import-Csv $file foreach ($user in $importedUsers) { # Password column $user.AccountPassword = ` ConvertTo-SecureString -AsPlainText $user.AccountPassword -Force # Boolean columns $user.Enabled = [System.Boolean]::Parse($user.Enabled) $user.ChangePasswordAtLogon = [System.Boolean]::Parse($user.ChangePasswordAtLogon) # DN syntax column $managerID = $user.Manager $manager = Get-ADmObject -Filter {(employeeID -eq $managerID)} ` -AdaxesService localhost -ErrorAction SilentlyContinue $user.Manager = $manager.DistinguishedName $user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain }
The columns have to be processed because Active Directory expects data of a specific type. For example, to specify a manager, you need to pass the manager's distinguished name (DN). This means you need to obtain the DN in the script if the column in your CSV contains some other unique identifier, like employee ID.
You need to use column mapping in the script if your CSV file has custom column names.
If the columns in your CSV file have names that don't match AD property names, the CSV file has to be processed differently. Use the below script that maps custom column names to LDAP properties.
The $columnMap variable specifies a hashtable that maps column names from your file to property names of the new user accounts.
Import-Module Adaxes $file = "\\SERVER\Share\users.csv" $targetDN = "%distinguishedName%" $domain = $Context.GetObjectDomain($targetDN) $columnMap = @{ "First Name" = "givenName"; "Last Name" = "sn"; "EmpID" = "employeeID"; "EmpRole" = "adm-CustomAttributeText1"; } $importedUsers = Import-Csv $file foreach ($user in $importedUsers) { $propertyToValue = @{} foreach ($property in $user.PSObject.Properties) { # Get AD property name $propertyName = $columnMap[$property.Name] $value = $property.Value if ($NULL -eq $value) { continue } $propertyToValue.Add($propertyName, $value) } New-AdmUser -Path $targetDN -Server $domain -Name $name ` -AdaxesService localhost -Enabled $True -OtherAttributes $propertyToValue }
If you want the script to send an email notification if an error occurred during user account creation, you can use the following code:
... try { $user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain` -ErrorAction Stop } catch [System.Exception] { $to = "admin@company.com" $subj = "Failed to Import User from CSV" $bodyText = "Adaxes failed to import user " + $user.Name + " from $file."` + "`nError: " + $_.Exception.Message $bodyHtml = $NULL $Context.SendMail($to, $subj, $bodyText, $bodyHtml) $Context.LogMessage($bodyText, "Error") }
For information on how to create scripts for Business Rules, Custom Commands, and Scheduled Tasks, see Server-Side Scripting.
When finished, click OK two times and then click Next.
On the Activity Scope page, specify the Organizational Unit where imported user accounts will be created.
Select the target Organizational Unit.
In the Assignment Options dialog, check the The Organizational Unit object checkbox and uncheck the Objects located in the Organizational Unit checkbox.
The activity scope of the Scheduled Task must include a single Organizational Unit! Otherwise the task will import user accounts to each OU included in the activity scope.
Click Finish.