GuidesEnabling Multiple User Accounts via PowerShell in Active Directory

Enabling Multiple User Accounts via PowerShell in Active Directory

ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.




PowerShell is a great scripting tool — it not only helps save you time, it also provides greater flexibility for executing repeated tasks. Almost all Windows roles and features ship with PowerShell cmdlets.

You can use Windows Operating System cmdlets to perform operational tasks such as checking the status of a particular Windows service on multiple computers, checking the list of software installed on Windows computers, and so on.

And when it comes to interacting with Active Directory, most Active Directory admins also use PowerShell scripting. There are many PowerShell cmdlets provided with Active Directory.Windows Server Tutorials

In Today’s Server Tutorial, we will explain how to use PowerShell to enable bulk user accounts in Active Directory. Note: You will be required to install Active Directory PowerShell modules on a supported Windows Operating System before you can use any of the PowerShell command examples provided in this Server Tutorial.

Enabling Multiple User Accounts

By default, when you create a user account in Active Directory, the user account is enabled. However, you may find yourself in a situation where you need to enable previously disabled user accounts.

While you can use Active Directory Users and Computers to enable user accounts individually, it might take a considerable amount of time when a large number of accounts is involved. This is where the Enable-ADAccount PowerShell cmdlet comes handy.

While it is easy to enable a single Active Directory user account from the Active Directory Users and Computers snap-in, the example below shows how you can enable multiple AD user accounts using PowerShell. Let’s say you would like to enable user accounts residing in a particular organizational unit. You will need to execute the following PowerShell command to do this:

Get-ADUser -Filter "Name -like "*"" -SearchBase "OU=ProdOU1, OU=TestUsers, DC=ServerWatch, DC=Com" | Enable-ADAccount

The above command uses the Get-ADUser PowerShell cmdlet to collect all the users residing in the “OU=ProdOU1, OU=TestUsers, DC=ServerWatch, DC=Com” organizational unit, and then the Enable-ADAccount PowerShell cmdlet runs against each retrieved user account from the organizational unit.

While the above command targets a specific organizational unit, the command below can be used if you have the user account names stored in a text file:

$UserFile = "C:TempUserfile.CSV"

Remove-item $UserFile -ErrorAction SilentlyContinue
$ReportFile = "C:TempUserStatus.CSV"

$ThisSTR = "User Name, Account Status"
Add-Content $ReportFile $ThisSTR

Foreach ($UserName in Get-Content "$UserFile")
{
$Error.Clear()
Enable-ADAccount -Identity "$UserName"
IF ($Error.Count -ne 0)
{
$ThisSTR = $UserName+", Was enabled successfully."
Add-Content $ReportFile $ThisSTR
}
else
{
$ThisSTR = $UserName+", Error enabling User account"
Add-Content $ReportFile $ThisSTR
}
}

Write-Host "PowerShell Script to enable user accounts completely successfully and report saved in $ReportFile"

Once the above script has finished executing, a report file will be generated in the C:Temp directory with the name UserStatus.CSV, which contains the user name as well as whether or not the Enable-ADAccount was executed successfully for the target user. The report will also contain any error messages thrown by the Enable-ADAccount PowerShell cmdlet.

Note:The UserFile.CSV file that contains the list of user accounts can be in two formats — either in SamAccountAccount or “DistinguishedName.” It is also worth mentioning that some of the user accounts listed in the UserFile.CSV file might not exist in the Active Directory.

When Enable-ADAccount runs as part of the script, it will clearly detail why it couldn’t perform the operation successfully in the case of an issue. As mentioned above, the reason could be that a specified user account doesn’t exist in the Active Directory.

Conclusion

You can use the Enable-ADAccount PowerShell cmdlet to batch enable user accounts in Active Directory. Today’s server tutorial has detailed how you can target a specific organizational unit and has also illustrated how to enable user accounts from a CSV file that contains the user account names. In our next Server tutorial, we will explain how to disable bulk user accounts using PowerShell.


Nirmal Sharma is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He specializes in directory services, Microsoft Azure, Failover clusters, Hyper-V, System Center and Exchange Servers, and has been involved with Microsoft technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Health Packs for ADHealthProf.ITDynamicPacks.Net solutions. Nirmal can be reached at nirmal_sharma@mvps.org.

Follow ServerWatch on Twitter and on Facebook

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends & analysis

Latest Posts

Related Stories