When testing, it is usefull to be able to create and destroy users repeatedly. A straight forward method I use to create multiple users is using the PowerShell Range operator .. . This allows me to pipe a range of numbers (if you’re using PowerShell 6, the range operator also works with Characters) into the ForEach-Object cmdlet.
Using the Range operator:
1..4
Displays and outputs:
1
2
3
4
Using the Range Operator, ForEach-Object
and New-ADuser
, many test users can be created quickly.
New-ADOrganizationalUnit -Name "Employees" -Path "DC=TIMHAINTZ,DC=COM"
1..10 | ForEach-Object {New-ADUser -Name "User-$_" -SamAccountname "User-$_" -UserPrincipalName "User-$_`@timhaintz.com" -Path "OU=Employees,DC=timhaintz,DC=com" -Enabled $true -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force)}
The above code block creates 10 users in the OU=Employees,DC=timhaintz,DC=com OU.
Get-ADUser user-4
DistinguishedName : CN=User-4,OU=Employees,DC=timhaintz,DC=com
Enabled : True
GivenName :
Name : User-4
ObjectClass : user
ObjectGUID : 20106c20-3083-4ad5-ae13-2af862b999f1
SamAccountName : User-4
SID : S-1-5-21-1031186934-257834335-2802136171-1106
Surname :
UserPrincipalName : User-4@timhaintz.com
To delete all of the users in the Organizational Unit without prompting for confirmation, run the below.
Get-ADUser -Filter * -SearchBase 'OU=Employees,DC=timhaintz,DC=com' | Remove-ADUser -Confirm:$false
This method can be used to create many users very quickly. Changing the range of numbers will create that many users. For example, 1..10000
will create 10,000 users. Combining the range operator and Active Directory cmdlets, you can quickly deploy test solutions for your needs.
To delete the users, you can use Get-ADUser
and pipe the result to Remove-ADUser
. I have used the Employees OU to retrieve all of the users and then remove them.
From the documentation, “Represents the sequential integers in an integer array, given an upper, and lower boundary.” From PowerShell 6, the range operator works with Characters as well as Integers.
Create an Active Directory Organizational Unit.
Specifies the name of the object.
Specifies the X.500 path of the OU or container where the object is created. See -path under Optional Parameters for further details.
Performs an operation on each item in a collection. We piped the output from the range operator into ForEach-Object.
Creates a new user in Active Directory.
Specifies the name of the object.
Specifies the Security Account Manager SAM name of the user.
Specifies the User Principal Name UPN of the user.
Specifies the X.500 path of the OU or container where the new object is created.
Specifies if an account is enabled. An enabled account requires a password.
Specifies a new password value for an account. This value is stored as an encrypted string. Using ConvertTo-SecureString
allows for the password to be passed as part of the ForEach-Object
loop.
Converts encrypted standard strings to secure strings. I have used it to convert plain text to a secure string.
Not recommended to be used in production as the string is in plain text.
Specifies a plain text string to convert to a secure string.
Not recommended to be used in production as the string is in plain text.
Confirms that you understand the implications of using the AsPlainText parameter.
Not recommended to be used in production as the string is in plain text.
Gets one or more Active Directory users.
Specifies a query string that retrieves Active Directory objects. I’m using *
as a wildcard character.
Specifies an Active Directory path to search under.
Removes and Active Directory user.
Prompts you for confirmation before running the cmdlet. I have used -Confirm:$false
to remove the prompt for confirmation before removal.
The above is a quick and convenient way to generate generic users quickly. This can be very useful when you need multiple users to test against.
Hope you’re having a great day and this is of use.
Thanks, Tim.