Creating a user is basically the same as creating a Group or an OU. First we cast the OU we want to use into a [adsi] object and then start setting the properties. After adding all properties we set a password and set Disabled to false, otherwise the account will be disabled.
PS > $Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
PS > $OU = [adsi] $Connection
PS > $User = $OU.Create("user", "cn=jeapic")
PS > $User.Put("sAMAccountName", "jeapic")
PS > $User.Put("userPrincipalName", "jeapic@apa.corp")
PS > $User.Put("DisplayName", "Jean-Luc Picard")
PS > $User.Put("givenName", "Jean-Luc")
PS > $User.Put("sn", "Picard")
PS > $User.Put("Description", "Captain of the Enterprise")
PS > $User.Put("mail", "picard@enterprise.com")
PS > $User.SetInfo()
PS >
PS > $User.PsBase.Invoke("SetPassword", "Password123")
PS > $User.PsBase.InvokeSet("AccountDisabled", $false)
PS > $User.SetInfo()
If we want to set the account to never expires, we can edit the UserAccountControl
PS > $User.userAccountControl[0] = $User.userAccountControl[0] -bor (65536) PS > $User.SetInfo()Now we can check out the properties on our User.
PS > $User | Format-List *
objectClass : {top, person, organizationalPerson, user}
cn : {jeapic}
sn : {Picard}
description : {Captain of the Enterprise}
givenName : {Jean-Luc}
distinguishedName : {CN=jeapic,OU=NewOU,DC=APA,DC=CORP}
instanceType : {4}
whenCreated : {1/18/2009 12:08:29 AM}
whenChanged : {1/18/2009 12:08:32 AM}
displayName : {Jean-Luc Picard}
uSNCreated : {System.__ComObject}
uSNChanged : {System.__ComObject}
name : {jeapic}
objectGUID : {77 84 253 130 36 215 146 76 155 38 10 217 57 208 44 45
}
userAccountControl : {66080}
badPwdCount : {0}
codePage : {0}
countryCode : {0}
badPasswordTime : {System.__ComObject}
lastLogoff : {System.__ComObject}
lastLogon : {System.__ComObject}
pwdLastSet : {System.__ComObject}
primaryGroupID : {513}
objectSid : {1 5 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63 138 126 92
158 59 183 83 83 4 0 0}
accountExpires : {System.__ComObject}
logonCount : {0}
sAMAccountName : {jeapic}
sAMAccountType : {805306368}
userPrincipalName : {jeapic@apa.corp}
objectCategory : {CN=Person,CN=Schema,CN=Configuration,DC=APA,DC=CORP}
dSCorePropagationData : {1/1/1601 12:00:00 AM}
mail : {picard@enterprise.com}
nTSecurityDescriptor : {System.__ComObject}
AuthenticationType : Secure
Children : {}
Guid : 4d54fd8224d7924c9b260ad939d02c2d
ObjectSecurity : System.DirectoryServices.ActiveDirectorySecurity
NativeGuid : 4d54fd8224d7924c9b260ad939d02c2d
NativeObject : System.__ComObject
Parent : LDAP://Server1/OU=NewOU,DC=APA,DC=CORP
Password :
Path : LDAP://Server1/cn=jeapic,OU=NewOU,DC=APA,DC=CORP
Properties : {objectClass, cn, sn, description...}
SchemaClassName : user
SchemaEntry : System.DirectoryServices.DirectoryEntry
UsePropertyCache : True
Username :
Options : {}
Site :
Container :
If we check out the User through the Active-Directory MMC Snapin we can varify that all information added through PowerShell is added.
If we want to Delete a User in Active-Directory, we can use the Delete() method.
PS > $Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP" PS > $OU = [adsi] $Connection PS > $OU.delete(”user”,”CN=UserToDelete”)Below is the code used in this post
$Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
$OU = [adsi] $Connection
$User = $OU.Create("user", "cn=jeapic")
$User.Put("sAMAccountName", "jeapic")
$User.Put("userPrincipalName", "jeapic@apa.corp")
$User.Put("DisplayName", "Jean-Luc Picard")
$User.Put("givenName", "Jean-Luc")
$User.Put("sn", "Picard")
$User.Put("Description", "Captain of the Enterprise")
$User.Put("mail", "picard@enterprise.com")
$User.SetInfo()
$User.PsBase.Invoke("SetPassword", "Password123")
$User.PsBase.InvokeSet("AccountDisabled", $false)
$User.SetInfo()
$User.userAccountControl[0] = $User.userAccountControl[0] -bor (65536)
$User.SetInfo()
$Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
$OU = [adsi] $Connection
$OU.delete("user", "cn=UserToDelete")
[?]
