With Adaxes you can automate the provisioning of user accounts by importing data from a CSV file into Active Directory on a regular basis. To schedule the import process you need to create a Scheduled Task that will periodically execute a PowerShell script. The script will read in a CSV file using the Import-Csv cmdlet and pass the data to the New-AdmUser cmdlet to create users in Active Directory.
The New-AdmUser cmdlet is included in Adaxes PowerShell Module for Active Directory. To use the cmdlet in a Scheduled Task, you need to install Adaxes PowerShell Module on the computer, where your Adaxes service is running.
Perform the following steps to schedule the import of user accounts from a CSV file:
Create a CSV file with user data.
Column Name | Description | Example | Type |
---|---|---|---|
AccountExpirationDate | The expiration date for the account. When set to 0, the account never expires. |
4/17/2006 Monday, April 17, 2006 Monday, April 17, 2006 2:22 PM Mon, 17 Apr 2006 21:22:48 GMT 05/01/2012 5:00:00 PM |
Date |
AccountNotDelegated | Specifies whether the security context of the user is delegated to a service. |
true false |
Boolean |
AccountPassword | The user password. | secret | Secure String |
AllowReversiblePassword Encryption |
Specifies whether reversible password encryption is allowed for the account. |
true false |
Boolean |
CannotChangePassword | Specifies whether the account password can be changed. |
true false |
Boolean |
ChangePasswordAtLogon | Specifies whether the password must be changed during the first logon. |
true false |
Boolean |
City | The user's town or city. | London | String |
Company | The user's company. | Acme | String |
Country | The country or region code for the user's language of choice. |
US FR |
String |
Department | The user's department. | Sales | String |
Description | The description of the user. | External subcontractor | String |
DisplayName | The display name of the user. | John Smith | String |
Division | The user's division. | Software | String |
EmailAddress | The user's e-mail address. | johndoe@example.com | String |
EmployeeID | The user's employee ID. | A123321 | String |
EmployeeNumber | The user's employee number. | 112233 | String |
Enabled | Specifies if the account is enabled. |
true false |
Boolean |
Fax | The user's fax phone number. | +1 (999) 555 1122 | String |
GivenName | The user's first name. | John | String |
HomeDirectory | The user's home directory. | \\SERVER\johnsmith | String |
HomeDrive | The drive that is associated with the UNC path defined by the HomeDirectory property. | D: | String |
HomePage | The URL of the home page of the user. | http://example.com/jsmith | String |
HomePhone | The user's home telephone number. | +1 (999) 555 2222 | String |
Initials | The initials that represent part of the user's name. | L | String |
LogonWorkstations | The computers that the user can access. | COMP1,COMP2.example.com | String |
Manager | The user's manager. |
john.doe CN=Doe,CN=Users,DC=acme,DC=com 7D1D1508-2A07-47D8-8933-C9E557ED86D0 S-1-5-21-1233211223-291919 |
ADUser |
MobilePhone | The user's mobile phone number. | +1 (999) 555 3333 | String |
Name | The user's full name. | John Smith | String |
Office | The location of the user's office or place of business. | B1021 | String |
OfficePhone | The user's office telephone number. | +1 (999) 555 4444 | String |
Organization | The user's organization. | Accounting | String |
OtherAttributes | Values for user properties that cannot be specified in the CSV file columns. |
'extensionAttribute1'=value 'customAttribute'=value1,value2 'attr1'=val; 'attr2'=val1,val2 |
TTT |
OtherName | The name in addition to a user's given name and surname, such as the user's middle name. | Peter | String |
PasswordNeverExpires | Specifies whether the password of the account can expire. |
true false |
Boolean |
PasswordNotRequired | Specifies whether the account requires a password. |
true false |
Boolean |
Path | The DN of the Organizational Unit (OU) or container where the new user will be created. | CN=Users,DC=acme,DC=com | String |
POBox | The user's post office box number. | 25656 | String |
PostalCode | The user's postal code or zip code. | 18711 | String |
ProfilePath | The path to the user's profile. | \\SERVER\profiles\johndoe | String |
ProtectedFromAccidental Deletion |
Specifies whether an object is protected from accidental deletion. |
true false |
Boolean |
SamAccountName | The user's logon name (pre-Windows 2000). | johnsmith | String |
ScriptPath | The path to the user's log on script. | \\SCRIPTS\johnsmithLogin | String |
SmartcardLogonRequired | Specifies whether a smart card is required to logon. |
true false |
Boolean |
State | The user's state or province. | Nevada | String |
StreetAddress | The user's street address. | 100 Main Street | String |
Surname | The user's last name or surname. | Smith | String |
Title | The user's title. | Sales Manager | String |
TrustedForDelegation | Specifies whether an account is trusted for Kerberos delegation. |
true false |
Boolean |
UserPrincipalName | The user's logon name. | johnsmith@example.com | String |
Launch Adaxes Administration Console, expand your Adaxes service, right-click Scheduled Tasks, point to New and click Scheduled Task.
Enter a name for the new Scheduled Task, and click Next.
Specify how often the task should run and click Next.
To import user accounts into an Organizational Unit, select the Organizational-Unit object type.
Click Next.
Click Add an action and select Run a program or PowerShell script.
Click the Edit button to open the script editor.
If your CSV file doesn't contain column AccountPassword and columns with data of the Boolean type (e.g. Enabled or ChangePasswordAtLogon), you can use the script given below.
Import-Module Adaxes $file = "\\SERVER\Share\users.csv" $targetDN = "%distinguishedName%" $domain = $Context.GetObjectDomain($targetDN) Import-CSV $file | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain
The -Path parameter specifies the distinguished name (DN) of the Organizational Unit or container where to create user accounts. Value reference %distinguishedName% will be replaced with the DN of the Organizational Unit included in the activity scope of the task.
If your CSV file contains column AccountPassword or columns with data of the Boolean type, the columns must be processed in a special way.
Import-Module Adaxes $file = "\\SERVER\Share\users.csv" $targetDN = "%distinguishedName%" $domain = $Context.GetObjectDomain($targetDN) $importedUsers = Import-Csv $file foreach ($user in $importedUsers) { $user.AccountPassword =` ConvertTo-SecureString -AsPlainText $user.AccountPassword -Force $user.Enabled = [System.Boolean]::Parse($user.Enabled) $user.ChangePasswordAtLogon = [System.Boolean]::Parse($user.ChangePasswordAtLogon) $user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain }
If you want the script to send an email notification if an error occurred during user account creation, you can use the following code:
... try { $user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain` -ErrorAction Stop } catch [System.Exception] { $to = "admin@company.com" $subj = "Failed to Import User from CSV" $bodyText = "Adaxes failed to import user " + $user.Name + " from $file."` + "`nError: " + $_.Exception.Message $bodyHtml = $NULL $Context.SendMail($to, $subj, $bodyText, $bodyHtml) $Context.LogMessage($bodyText, "Error") }
For information on how to create scripts for Business Rules, Custom Commands, and Scheduled Tasks, see Server-Side Scripting.
When finished, click OK two times and then click Next.
On the Activity Scope page, specify the Organizational Unit where imported user accounts will be created.
Select the target Organizational Unit.
In the Assignment Options dialog, check the The Organizational Unit object checkbox and uncheck the Objects located in the Organizational Unit checkbox.
The activity scope of the Scheduled Task must include a single Organizational Unit! Otherwise the task will import user accounts to each OU included in the activity scope.
Click Finish.