Skip to content

This project demonstrates automated Active Directory user provisioning using PowerShell in a Windows domain lab environment.

License

Notifications You must be signed in to change notification settings

GrumpyKit10/AD-User-Provisioning-Script

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Active Directory Bulk User Creation Script

Overview

This project demonstrates automated Active Directory user provisioning using PowerShell in a Windows domain lab environment.

The script:

  • Imports users from a CSV file
  • Generates SamAccountName and UserPrincipalName
  • Assigns a temporary password
  • Creates users in a specified OU
  • Logs success and failure events
  • Detects and skips existing users
  • Supports dry-run testing

This simulates real-world Systems Engineer workflow for onboarding automation.


Lab Environment

  • 1 Domain Controller VM
  • 2 Domain-Joined Client VMs
  • Domain: lab.local
  • OU: OU=LabUsers,DC=lab,DC=local

The script was executed in an isolated AD lab environment.


Technologies Used

  • PowerShell
  • ActiveDirectory Module
  • Windows Server Domain Services

CSV Format

The script expects a CSV file structured as follows:

FirstName,LastName,Department
Alice,Johnson,IT
Bob,Smith,HR
Chris,Williams,Finance

Features

1. Username Generation

Creates:

  • SamAccountName = first initial + last name (lowercase)
  • UserPrincipalName = username@lab.local

Example:

Alice Johnson → ajohnson@lab.local

2. Duplicate Detection

Before creating a user, the script checks:

Get-ADUser -Filter "SamAccountName -eq '$($username)'"

If the account already exists:

  • User creation is skipped
  • Event is logged

3. Logging

All actions are logged with timestamps.

Example output:

26-02-27 17:01:24 - Successfully created ajohnson
26-02-27 17:03:48 - User ajohnson already exists.

This provides:

  • Auditability
  • Debug visibility
  • Safer bulk operations

4. Temporary Password Assignment

Users are created with a default temporary password:

TempP@ss123!

In a production environment, this would be:

  • Randomized
  • Forced to change at next logon
  • Generated securely per user

Script Workflow

  1. Import CSV
  2. Loop through users
  3. Generate username
  4. Check if user exists
  5. Create AD user if not present
  6. Log result

Testing Process

The script was validated using:

  • Initial run with syntax error (logged correctly)
  • Corrected filter syntax
  • Successful dry-run testing
  • Successful user creation
  • Re-run to confirm duplicate detection works

This verifies:

  • Error handling
  • Logging functionality
  • Idempotent behavior

Security Considerations

In enterprise environments:

  • Scripts should be executed from a management workstation, not a Domain Controller
  • Privileged accounts should be separated from standard user accounts
  • Password handling should avoid plaintext
  • Role-based delegation should be implemented

This lab simulates those principles where possible.


Future Improvements

  • Add -WhatIf support
  • Add -Verbose support
  • Random password generation
  • Force password change at next logon
  • Add group membership assignment
  • Add OU validation check
  • Add parameterization for domain and OU
  • Convert script into reusable PowerShell module

Why This Matters

Bulk user provisioning is a real-world responsibility of:

  • Systems Engineers
  • Identity Engineers
  • Infrastructure Engineers

This project demonstrates:

  • Active Directory automation
  • Structured error handling
  • Logging discipline
  • Idempotent scripting
  • Secure architecture thinking

Author

Matthew Wilson

About

This project demonstrates automated Active Directory user provisioning using PowerShell in a Windows domain lab environment.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors