- Updated on February 11, 2024
- Powershell, Windows Server
- 18 Comments
There are times when you want to bulk import users into Active Directory. You already did an AD users export to CSV file. But, now you like to use that CSV file to import the users back into AD. The fastest and most excellent approach is to use PowerShell. In this article, you will learn how to import AD users from CSV with PowerShell.
Table of contents
- Import AD users PowerShell script
- How to import users into Active Directory from CSV file
- Step 1: Create CSV file with users
- Step 2: Prepare import AD users PowerShell script
- Step 3: Run import AD users PowerShell script
- Step 4: Verify AD users
- Conclusion
Import AD users PowerShell script
The Import-ADUsers.ps1 PowerShell script will go through the CSV file and create AD users with the below information per user:
- Full name
- First name
- Last name
- Display name
- User logon name
- User principal name
- Street
- City
- State
- Postal Code
- Country
- Job Title
- Department
- Company
- Manager
- OU
- Description
- Office
- Telephone number
- Mobile
- Notes
- Account status
Note: The account will have the password set as P@ssw0rd1234. Change this to a different password in the PowerShell script.
How to import users into Active Directory from CSV file
Let’s go through the steps and bulk import Active Directory users from CSV file with PowerShell.
Step 1: Create CSV file with users
Without a CSV file, you can’t use the script and import the users into AD.
- If you already have an Active Directory, you can run the script in the article Export AD users to CSV with PowerShell. After that, use that CSV file.
- Suppose you don’t have an Active Directory to export the AD users to CSV file and only want a CSV file example so you can edit and use it; download the CSV file ImportADUsers.csv.
Step 2: Prepare import AD users PowerShell script
Download and place Import-ADUsers.ps1 PowerShell script on the Domain Controller C:\scripts folder. If you don’t have a scripts folder, create one.
Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Another option is to copy and paste the below code into Notepad. Give it the name Import-ADUsers.ps1 and place it in the C:\scripts folder.
<# .SYNOPSIS Import-ADUsers.ps1 .DESCRIPTION Import Active Directory users from CSV file. .LINK alitajran.com/import-ad-users-from-csv-powershell .NOTES Written by: ALI TAJRAN Website: alitajran.com LinkedIn: linkedin.com/in/alitajran .CHANGELOG V2.00, 02/11/2024 - Refactored script#># Define the CSV file location and import the data$Csvfile = "C:\temp\ImportADUsers.csv"$Users = Import-Csv $Csvfile# The password for the new user$Password = "P@ssw0rd1234"# Import the Active Directory moduleImport-Module ActiveDirectory# Loop through each userforeach ($User in $Users) { try { # Retrieve the Manager distinguished name $managerDN = if ($User.'Manager') { Get-ADUser -Filter "DisplayName -eq '$($User.'Manager')'" -Properties DisplayName | Select-Object -ExpandProperty DistinguishedName } # Define the parameters using a hashtable $NewUserParams = @{ Name = "$($User.'First name') $($User.'Last name')" GivenName = $User.'First name' Surname = $User.'Last name' DisplayName = $User.'Display name' SamAccountName = $User.'User logon name' UserPrincipalName = $User.'User principal name' StreetAddress = $User.'Street' City = $User.'City' State = $User.'State/province' PostalCode = $User.'Zip/Postal Code' Country = $User.'Country/region' Title = $User.'Job Title' Department = $User.'Department' Company = $User.'Company' Manager = $managerDN Path = $User.'OU' Description = $User.'Description' Office = $User.'Office' OfficePhone = $User.'Telephone number' EmailAddress = $User.'E-mail' MobilePhone = $User.'Mobile' AccountPassword = (ConvertTo-SecureString "$Password" -AsPlainText -Force) Enabled = if ($User.'Account status' -eq "Enabled") { $true } else { $false } ChangePasswordAtLogon = $true # Set the "User must change password at next logon" } # Add the info attribute to OtherAttributes only if Notes field contains a value if (![string]::IsNullOrEmpty($User.Notes)) { $NewUserParams.OtherAttributes = @{info = $User.Notes } } # Check to see if the user already exists in AD if (Get-ADUser -Filter "SamAccountName -eq '$($User.'User logon name')'") { # Give a warning if user exists Write-Host "A user with username $($User.'User logon name') already exists in Active Directory." -ForegroundColor Yellow } else { # User does not exist then proceed to create the new user account # Account will be created in the OU provided by the $User.OU variable read from the CSV file New-ADUser @NewUserParams Write-Host "The user $($User.'User logon name') is created successfully." -ForegroundColor Green } } catch { # Handle any errors that occur during account creation Write-Host "Failed to create user $($User.'User logon name') - $($_.Exception.Message)" -ForegroundColor Red }}- Line 21: Edit the CSV file location.
- Line 25: Change password.
Step 3: Run import AD users PowerShell script
Run PowerShell as administrator and run the PowerShell script to import AD users from CSV file. Wait till it completes.
C:\scripts\.\Import-ADUsers.ps1The script will show if:
- The user is created successfully.
- The user already exists.
- The user can’t be created with the error message.
A user with username Kylie.Davidson already exists in Active Directory.A user with username Leonard.Clark already exists in Active Directory.A user with username Madeleine.Fisher already exists in Active Directory.A user with username Melanie.Scott already exists in Active Directory.A user with username Nicholas.Murray already exists in Active Directory.A user with username Piers.Bower already exists in Active Directory.A user with username Ruth.Dickens already exists in Active Directory.The user Sebastian.Nolan is created successfully.The user Zoe.Roberts is created successfully.Step 4: Verify AD users
Verify that the users are successfully created in Active Directory.
Read more: Add users to multiple groups with PowerShell »
Conclusion
You learned how to Import AD users from CSV with PowerShell. If you use the Export AD Users PowerShell script, and you want to import the users back into Active Directory, run the Import AD Users PowerShell script.
Did you enjoy this article? You may also like Export disabled users from Active Directory. Don’t forget to follow us and share this article.
Active DirectoryADADUCCSVImportPowerShell script
What Others Are Reading
How to fix Microsoft Entra Connect Sync stopped-server-down error
The Synchronization Service Manager shows the stopped-server-down error. It's not synchronizing anymore between on-premises Active…
Active Directory country code list
We like to create Active Directory users with PowerShell. This time, we need to add…
How to Uninstall Microsoft Entra Password Protection for on-premises
The organization has configured Microsoft Entra Password Protection for on-premises. However, it's moving entirely to…
This Post Has 18 Comments
The script seems to fail if the OU is not already in existence .. is it possible to create the OU first in another step?
Reply
Hello Ali,
I’m going to import bulk users to my AD but need to have Telephone/Fax and ExtendedAttribute5 to each profile. How do I incorporate this into the script ?
Reply
Hi,
great tutorial and scripts! thank you so much. the only issue I encountered so far is that Email is not filling up the e-Mail section in the general tab of the user Properties. Any idea why is not getting populated?. Also, quick question, how many characters are the limit for the User Logon Name?
Reply
I just tested the script, and the email field was added successfully. You should double-check everything on your end.
User logon name – 104 characters
User logon name (pre-Windows 2000) – 20 charactersKeep the same user logon name for both properties and less than 20 characters.
Reply
Hi Ali,
It is working now, I have misspelled some field and that was causing the issue.
Thank you again for the Script!
Reply
Does this script preserve group memberships? I need to be able to create a backup of a user, delete the user account, and then re-create it in exactly the same way.
Reply
Nice script, I used the export script first and was thinking to use this in order to bulk fill in missing AD-attributes for several users in Excel. But all users already exist in AD and the import script will skip these users and so not filling in the missing attributes?
Regards,
Marchel
Reply
Hi. I performed the export and now I am performing the import.
However, when creating new users it returns failure.
WARNING: Failed to create user paulo.teste. The directory service was unable to allocate a relative identifier.
Have you ever seen anything similar?Reply
The error appears when the RID Master FSMO role is not operating. For example, you did a Domain Controller restore and have not seized the FSMO roles.
Read the chapter “Seize FSMO roles” in the article Transfer FSMO roles in Active Directory.
Once that is done, try again.
Reply
can we use password users existing?
how to we modify the script?Reply
No, it’s not possible.
Reply
Appreciate the script! It saved me a ton of time!
Reply
This eventually worked…so THANK YOU VERY MUCH.!!
I needed more understanding.
The OU column needs FULL PATH.
Those read backwards ..right to left. The last 2 items are your domain Name…
so if it is PurpleSky.com……the last 2 items would be: “DC=PurpleSky, DC=com”
Prior that are the OU’s and sub-OU’s
So a full example of what should be in the OU column of the .csv is this:
EXAMPLE:’ OU=Flower department. OU=VPN Users , OU=Company ,DC=BlueSky,DC=comAlso..the GivenName populated the Full name.
GivenName is the person’s First name in the profile properties of a SPECIFIC person.
FULL NAME is the column on your main screen,,called “Name” when viewing an OU of users.
I left that column blank but now it is populated.Can there be a powershell to bulk replace attributes, Such as the name…such as the Full Name field….replaced the single name with the 2 word formal name?
My accounts created in the DISABLED state because I left the Accountstatus column empty.
I believe I need to type “Enabled”Reply
So, get this…
I just used this to import several thousand users.
Worked well.EXCEPT FOR PEOPLE WITH A FIRST NAME “RON”!!
They all failed, saying:
“The password does not meet the length, complexity, or history requirement of the domain.”There was NO problem with the values for these “Ron” users.
In fact, they WERE created, but they were disabled.
(BUG #1)Here is what fixed the import issues:
I had chosen a default password of “T0mk4Cronezbs!”
The only thing I noticed was the text string “Ron” in the middle of the password.
I laughed and said, “I wonder”, and I made the o zero in the password.
“T0mk4Cr0nezbs!” instead of “T0mk4Cronezbs!”And they all imported – even the Rons!!!!
(BUG #2) – and a BIZARRE ONE too.So,
1) We need to trap that error better because they were created but disabled.
2) The presence of the r o n sequence in the password is (somehow) a problem.How weird is that?!
I wonder if I put other names in the password, it would also fail.
EDIT/UPDATE:
Yes, you cannot have any part of your name in a password since Windows 2000.We still need to trap that creation status, though, it’s not accurate. 🙂
Reply
I tried it out, and you are correct.
If you try to create the user “Ron Roberts” in AD GUI with the password “T0mk4Cronezbs!” or change the password to “T0mk4Cronezbs!”, you get the error that Windows cannot complete the password change. While this works for all the other users.
Microsoft needs to look into this error and fix it.
The account gets created with the script, but it will disable the account for security reasons because the password is not accepted.
Reply
Looking to export home directory, and password as well. I imagine that’d be added in the Create List subsection, but entirely sure the syntax necessary. Figured I’d check here before winging it myself.
Reply
Great, thanks a lot!
Do you also have a script on how to delete users in bulk and remove their HOME and PROFILES folders? That what be just awesome.
Best regards
TobiasReply
Thanks Ali really helpful topic.
Reply
