Schedule Import of Users from a CSV File
With Adaxes you can schedule the import of users from a CSV file to Active Directory to take place automatically on a predefined time interval. To schedule data import you need to define a Scheduled Task that will periodically execute a PowerShell script. The script will read in a CSV file using the Import-Csv cmdlet and pass the results to the New-AdmUser cmdlet to create users in AD. The New-AdmUser cmdlet is included in the Adaxes PowerShell Module.
To use the New-AdmUser cmdlet, you need to install the PowerShell Module for Active Directory
component of Softerra Adaxes. The component is installed with the same installation
package as used to install Adaxes service.
To schedule an import of user accounts from a CSV file to Active Directory, do the following:
Launch Adaxes Administration Console, expand your Adaxes service, right-click
Scheduled Tasks, point to New and click Scheduled Task.
The Create Scheduled Task wizard will open.
Enter a name for the new Scheduled Task and click Next.
When giving a name to a task, it is recommended to use nouns
(e.g. User Importer, Location Updater), because the task name will appear in the Adaxes
Log and approval e-mail notifications and denote the operation executor.
On the Task Schedule page, you need to define the time and time interval at which
the task will run.
Select the desired time and time interval and click Next.
Select the desired time and time interval and click Next.
Choose the type of Active Directory objects, on which the new Scheduled Task will be executed.
Since we want to import user accounts to an Organizational Unit, select Organizational-Unit
in the Object type list. Click Next.
At the next step, you need to configure the Scheduled Task to execute a PowerShell script:
- Click the Add Action link.
- Select the Run a program of PowerShell script action in the list.
- Enter a description of the script into the Short description field.
-
Click the
Run Script Editor button.
In the PowerShell Script Editor dialog, type the text of a PowerShell script that will import the data. The text of the script will depend on the contents of the CSV file that will be imported.
View Possible Columns for CSV Files
| Column Name | Description | Example | Type |
|---|---|---|---|
| AccountExpirationDate | The expiration date for the account. When set to 0, the account never expires. |
4/17/2006 Monday, April 17, 2006 Monday, April 17, 2006 2:22 PM Mon, 17 Apr 2006 21:22:48 GMT 05/01/2012 5:00:00 PM |
Date |
| AccountNotDelegated | Specifies whether the security context of the user is delegated to a service. |
true false |
Boolean |
| AccountPassword | The user password. | secret | Secure String |
|
AllowReversiblePassword Encryption |
Specifies whether reversible password encryption is allowed for the account. |
true false |
Boolean |
| CannotChangePassword | Specifies whether the account password can be changed. |
true false |
Boolean |
| ChangePasswordAtLogon | Specifies whether the password must be changed during the first logon. |
true false |
Boolean |
| City | The user's town or city. | London | String |
| Company | The user's company. | Acme | String |
| Country | The country or region code for the user's language of choice. |
US FR |
String |
| Department | The user's department. | Sales | String |
| Description | The description of the user. | External subcontractor | String |
| DisplayName | The display name of the user. | John Smith | String |
| Division | The user's division. | Software | String |
| EmailAddress | The user's e-mail address. | johndoe@example.com | String |
| EmployeeID | The user's employee ID. | A123321 | String |
| EmployeeNumber | The user's employee number. | 112233 | String |
| Enabled | Specifies if the account is enabled. |
true false |
Boolean |
| Fax | The user's fax phone number. | +1 (999) 555 1122 | String |
| GivenName | The user's first name. | John | String |
| HomeDirectory | The user's home directory. | \\SERVER\johnsmith | String |
| HomeDrive | The drive that is associated with the UNC path defined by the HomeDirectory property. | D: | String |
| HomePage | The URL of the home page of the user. | http://example.com/jsmith | String |
| HomePhone | The user's home telephone number. | +1 (999) 555 2222 | String |
| Initials | The initials that represent part of the user's name. | L | String |
| LogonWorkstations | The computers that the user can access. | COMP1,COMP2.example.com | String |
| Manager | The user's manager. |
john.doe CN=Doe,CN=Users,DC=acme,DC=com 7D1D1508-2A07-47D8-8933-C9E557ED86D0 S-1-5-21-1233211223-291919 |
ADUser |
| MobilePhone | The user's mobile phone number. | +1 (999) 555 3333 | String |
| Name | The user's full name. | John Smith | String |
| Office | The location of the user's office or place of business. | B1021 | String |
| OfficePhone | The user's office telephone number. | +1 (999) 555 4444 | String |
| Organization | The user's organization. | Accounting | String |
| OtherAttributes | Values for user properties that cannot be specified in the CSV file columns. |
'extensionAttribute1'=value 'customAttribute'=value1,value2 'attr1'=val; 'attr2'=val1,val2 |
TTT |
| OtherName | The name in addition to a user's given name and surname, such as the user's middle name. | Peter | String |
| PasswordNeverExpires | Specifies whether the password of the account can expire. |
true false |
Boolean |
| PasswordNotRequired | Specifies whether the account requires a password. |
true false |
Boolean |
| Path | The DN of the Organizational Unit (OU) or container where the new user will be created. | CN=Users,DC=acme,DC=com | String |
| POBox | The user's post office box number. | 25656 | String |
| PostalCode | The user's postal code or zip code. | 18711 | String |
| ProfilePath | The path to the user's profile. | \\SERVER\profiles\johndoe | String |
|
ProtectedFromAccidental Deletion |
Specifies whether an object is protected from accidental deletion. |
true false |
Boolean |
| SamAccountName | The user's logon name (pre-Windows 2000). | johnsmith | String |
| ScriptPath | The path to the user's log on script. | \\SCRIPTS\johnsmithLogin | String |
| SmartcardLogonRequired | Specifies whether a smart card is required to logon. |
true false |
Boolean |
| State | The user's state or province. | Nevada | String |
| StreetAddress | The user's street address. | 100 Main Street | String |
| Surname | The user's last name or surname. | Smith | String |
| Title | The user's title. | Sales Manager | String |
| TrustedForDelegation | Specifies whether an account is trusted for Kerberos delegation. |
true false |
Boolean |
| UserPrincipalName | The user's logon name. | johnsmith@example.com | String |
If your CSV file doesn't contain the AccountPassword column and columns with data of the Boolean type (e.g. Enabled or ChangePasswordAtLogon), you can use the script given below.
Import-Module Adaxes $file = "\\SERVER\Share\users.csv" $targetDN = "%distinguishedName%" $domain = $Context.GetObjectDomain($targetDN) Import-CSV $file | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain
The -Path parameter specifies the Distinguished Name (DN) of the Organizational
Unit or container where new users will be created.
Value reference %distinguishedName% will be replaced with the DN
of the Organizational Unit on which the Scheduled Task will be assigned.
If your CSV file contains the AccountPassword column or columns with data of the Boolean type (e.g. Enabled or ChangePasswordAtLogon), these columns must be processed in a special way (see the script below).
Import-Module Adaxes $file = "\\SERVER\Share\users.csv" $targetDN = "%distinguishedName%" $domain = $Context.GetObjectDomain($targetDN) $importedUsers = Import-Csv $file foreach ($user in $importedUsers) { $user.AccountPassword =` ConvertTo-SecureString -AsPlainText $user.AccountPassword -Force $user.Enabled = [System.Boolean]::Parse($user.Enabled) $user.ChangePasswordAtLogon = [System.Boolean]::Parse($user.ChangePasswordAtLogon) $user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain }
If you want the script to send an email notification if it fails to create a user account, you can use the following code:
...
try
{
$user | New-AdmUser -Path $targetDN -AdaxesService localhost -Server $domain`
-ErrorAction Stop
}
catch [System.Exception]
{
$to = "admin@company.com"
$subj = "Failed to Import User from CSV"
$bodyText = "Adaxes failed to import user " + $user.Name + " from $file."`
+ "`nError: " + $_.Exception.Message
$bodyHtml = $NULL
$Context.SendMail($to, $subj, $bodyText, $bodyHtml)
$Context.LogMessage($bodyText, "Error")
}
For information on how to create scripts for Business Rules, Custom Commands, and Scheduled Tasks,
see Server-Side Scripting.
When finished, click OK two times and then click Next.
On the Activity Scope page you need to select the Organizational Unit in which new user accounts will be created by the task.
-
Click the Add button.
In the Task Activity Scope dialog that opens, select the Organizational Unit
in which you want the task to create user accounts. Click Add.
-
In the Assignment Options dialog, uncheck the Child objects of this Organizational-Unit option,
and check the This Organizational-Unit object option. Click OK.
- Click OK.
You can define a Business Rule that will automatically move newly created users to
the appropriate location based on specific rules.
For details, see
Move Newly Created Users to a Specific OU.
The selected Organizational Unit will be displayed in the Assignments list. Click Finish.
The activity scope of the Scheduled Task must include a single Organizational Unit! Otherwise
the task will import user accounts to each OU included in the activity scope.
See also: Import User Accounts from a CSV File.