Shulou(Shulou.com)06/01 Report--

Editor to share with you how Windows Server 2016 batch of new domain users, I believe that most people do not know much, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Briefly explain how to create domain users in batches through commands in order to efficiently complete the actual batch creation of user requirements in daily work, including dsadd user, net user and new-aduser. The details are as follows:

Dsadd user creates a user:

Add a single user to the directory.

Dsadd is a command line tool built into Windows Server 2008. If you have installed the Active Directory Domain Services (AD DS) server role, you can use it. To use dsadd, you must run the dsadd command from the elevated command prompt. To open an elevated command prompt, click start, right-click command prompt, and then click run as administrator.

Syntax:

Dsadd user [- samid] [- upn] [- fn] [- mi] [- ln] [- display] [- empid] [- pwd {| *}] [- desc] [- memberof.] [- office] [- tel] [- email] [- hometel] [- pager] [- mobile] [- fax] [- iptel] [- webpg] [- title] [- dept] [- company] [- mgr] [- hmdir] [- hmdrv:] [- profile] [- loscr] [- mustchpwd {yes | no}] [- canchpwd {yes | no}] [- reversiblepwd {yes | no}] [- pwdneverexpires {yes | no}] [- acctexpires] [- disabled {yes | no}] [{- s |-d}] [- u] [- p {| *}] [- Q] [{- uc |-uco |-uci}]]

Notes:

Yes, I do. Specifies the distinguished name of the user to add. If you omit the distinguished name, dsadd gets the name from the standard input (stdin). -samid: specify the Security account Manager (SAM) name as the unique SAM account name for this user, for example, Linda. If the SAM name is not specified, dsadd attempts to create the SAM account name using the first 20 characters in the common name (CN) value of the UserDN. -upn: specify the user principal name of the user to be added, for example, xiaowen@azureyun.local-fn: specify the name of the user to be added. -mi: specifies the middle initials of the user to be added. -ln: specifies the last name of the user to add. -display: specifies the display name of the user to be added. -empid: specifies the employee ID of the user to be added. -pwd {| *}: specifies that the user's password is set to Password or an asterisk (*). If you set the password to *, dsadd prompts you for a user password. -desc: specifies the description of the user to add. -memberof: specifies the distinguished name of the group to which you want the user to be a member. -office: specifies the office location of the user to be added. -tel: specifies the phone number of the user to add. -email: specifies the email address of the user to be added. -hometel: specifies the home phone number of the user to add. -pager: specifies the pager number of the user to be added. -mobile: specify the mobile phone number of the user to be added. -fax: specifies the fax number of the user to be added. -iptel: specifies the IP phone number of the user to add. -webpg: specifies the web page URL of the user to be added. -title: specifies the title of the user to add. -dept: specifies the department of the user to be added. -company: specifies the company information of the user to be added. -mgr: specifies the distinguished name of the administrator of the user to be added. -hmdir: specifies the home directory location of the user to be added. If you specify HomeDirectory as a Universal naming Convention (UNC) path, you must use the-hmdrv parameter to specify a drive letter for dsadd that maps to that path. -hmdrv: specifies the home directory drive letter of the user to be added (for example, E:). -profile: specifies the profile path of the user to be added. -loscr: specifies the login script path for the user to be added. -mustchpwd {yes | no}: specifies whether users must change their password the next time they log in. The available values are yes and no. By default, the user does not have to change the password (No). -canchpwd {yes | no}: specifies whether users can change their passwords. The available values are yes and no. By default, users can change their password (yes). "if the value of the-mustchpwd parameter is yes, the value of this parameter must be yes." -reversiblepwd {yes | no}: specifies whether to use reversible encryption to store user passwords. The available values are yes and no. By default, users cannot use reversible encryption (No). -pwdneverexpires {yes | no}: specifies whether the user password never expires. The available values are yes and no. By default, the user password expires (No). -acctexpires: specifies the number of days that the user account will expire from today. A value of 0 means expiration at the end of the day. Positive value set to expire in the future. A negative value sets the past expiration time. This value will never set the account to never expire. For example, a value of 0 means that the account expires at the end of the day. A value of-5 indicates that the account expired 5 days ago and sets the past expiration date. A value of 5 sets the account expiration date to the next 5 days. -disabled {yes | no}: specifies whether dsadd disables the user account used for login. The available values are yes or no. For example, the following command creates a Nicolettep user account in the enabled state: dsadd user CN=xxx,CN=Syncall,DC=azureyun,DC=Com-pwd Password123-disabled no {- s |-d}: connect to a specified remote server or domain. By default, the computer connects to a domain controller in the login domain. -u: specifies the user name that the user logs in to the remote server. By default,-u uses the user name that the user logs in. You can specify a user name using any of the following formats: username (for example, xiaowen) domain\ username (for example, azureyun\ xiaowen) user principal name (UPN) (for example, xiaowen@azureyun.com)-p {| *}: specify to log on to the remote server using a password or *. If you type *, you will be prompted for a password. -Q: suppresses all output to standard output (quiet mode). {- uc |-uco |-uci}: specifies that the output or input data is formatted in Unicode. The following list describes each format. -uc: specifies the Unicode format for import or output to pipe (|). -uco: specifies the Unicode format for output to a pipe (|) or file. -uci: specifies the Unicode format of the pipe (|) or file input. /? Displays help at the command prompt

Example 1: create an enabled user account named cs002 in the syncall user container of azureyun.local

Dsadd user CN=cs002,OU=Syncall,DC=azureyun,DC=local-disabled no

Example 2: create an enabled user account named cs003 with a password of P@ssw0rd, which must be changed when you log in for the first time:

Dsadd user "CN=cs002,OU=Syncall,DC=azureyun,DC=local"-disabled no-pwd P@ssw0rd-mustchpwd yes

Example 3: create a cs004 account, set the password to never expire, and make it a member of the AAA group in the same OU

Dsadd user "CN=cs004,OU=Syncall,DC=azureyun,DC=local"-disabled no-pwd P@ssw0rd-mustchpwd yes-memberof CN=AAA,OU=Group,OU=Syncall,DC=azureyun,DC=local-acctexpires never

Net user creates domain users in bulk:

For / L% ain (1meme 1pm 10) do net user TS%a P@ssw0rd / add / domain

Note: (1) correspond to (starting value, incremental value, final value) respectively. If you want to decrease (10), TS%an is the user name, P@ssw0rd is the password, and the password must meet the complexity requirements.

Active Directory users and computers view created users:

New ADUser creates a domain account

Syntax:

New-ADUser [- WhatIf] [- Confirm] [- AccountExpirationDate] [- AccountNotDelegated] [- AccountPassword] [- AllowReversiblePasswordEncryption] [- AuthenticationPolicy] [- AuthenticationPolicySilo] [- AuthType] [- CannotChangePassword] [- Certificates] [- ChangePasswordAtLogon] [- City] [- Company] [- CompoundIdentitySupported] [- Country] [- Credential] [- Department] [- DisplayName] [- Division] [- EmailAddress] [- EmployeeID] [- EmployeeNumber] [- Enabled] [- Fax] [- GivenName] [- HomeDirectory] [- HomeDrive] [ -HomePage] [- HomePhone] [- Initials] [- KerberosEncryptionType] [- LogonWorkstations] [- Manager] [- MobilePhone] [- Name] [- Office] [- OfficePhone] [- Organization] [- OtherAttributes] [- OtherName] [- PasswordNeverExpires] [- PasswordNotRequired] [- Path] [- POBox] [- PrincipalsAllowedToDelegateToAccount] [- ProfilePath] [- SamAccountName] [- ScriptPath] [- Server] [- ServicePrincipalNames] [- SmartcardLogonRequired] [- State] [- StreetAddress] [- Surname] [- Title] [- TrustedForDelegation] [- Type] [- UserPrincipalName] []

Example 1: create a cs001 account:

New-aduser-name cs001-samaccountname cs001-userprincipalname cs001@azureyun.local-givename 001-surname cs-displayname CS001-path "OU=Syncall,DC=azureyun,DC=local"

View current existing users:

Get-aduser-filter * | select name

Powershell creates test domain users in batches:

$Password = "P@ssw0rd" $SecurePassword = $Password | ConvertTo-SecureString-AsPlainText-Force1..10 | foreach-object {New-ADUser-Name "HP$_"-SamAccountName "HP$_"-UserPrincipalName HP$_@azureyun.local-path "OU=HelpDesk,DC=azureyun,DC=local"-AccountPassword $SecurePassword-Enabled $true-ChangePasswordAtLogon $false}

View the currently created domain user account:

Get-aduser-filter * | select name

The above is all the content of the article "how to batch new domain users in Windows Server 2016". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.