Create Active Directory users with PowerShell

Posted on November 6, 2011 by brian.wuchner

Last week I had the opportunity to present a PowerCLI self paced lab along with Jake Robinson and Ryan Birk. We presented this same lab a few months ago, but this event at the Greater Cincinnati VMware Users Group (GCVMUG) event added a slight twist. Our previous lab provided consisted of a vApp containing a vCenter and two ESXi hosts per student. Each student would then login to their vCenter using RDP. The twist in the GCVMUG event was due to the zero clients provided supported — they supported VMware View PCoIP connections only and didn’t provide an RDP option.

To work around this twist, we built a VMware View 4.6 environment inside of a vCloud Director environment at Bluelock. We went with View 4.6 because the zero clients were specifically certified with that version — the client would have likely worked with View 5.0, but we wanted to guarantee the lab would work, so we stuck with certified versions. This was an interesting twist and I learned a lot from it. Over the next few blog posts I plan to share some of the lessons learned.

The first additional requirement of this new twist was building Active Directory. VMware View leverages Active Directory authentication and authorization, so it was required to get this lab off the ground. I built a Windows 2008 R2 server and promoted it to a domain controller for the VIEWLAB.LOCAL domain. I then manually created an organizational unit for the View Lab users. I wanted to create unique user accounts for each lab station. Since we were going to have twenty stations I didn’t want to do this manually. The following code was used to create Active Directory users in the viewlab.local domain:

[cc lang=”powershell”]
$baseOU=”OU=View Lab,DC=viewlab,DC=local”

for ($i = 0; $i -le 25; $i++) {
$user = “Student”+$(“{0:D2}” -f $i)

Write-Host “Creating User for $user”
$usersOU = [ADSI] “LDAP://$baseOU”
$newUser = $usersOU.Create(“user”,”CN=$user”)
$newUser.put(“sAMAccountName”,$user)
$newUser.put(“givenName”,$user)
$newUser.put(“sn”,$user)
$newUser.put(“userPrincipalName”,”$user@viewlab.local)
$newUser.SetInfo()

$newUser.psbase.invoke(“SetPassword”,$user)
$newUser.psbase.CommitChanges()
}
[/cc]

Each account is created in a disabled state. I could have scripted changed the userAccountControl attribute to enable the account, but I simply used the Active Directory Users and Computers interface to multi-select the users in this organizational unit and then bulk enabled them.

I have a couple other ideas for posts on this project…I hope to have them posted in the next few weeks.

This entry was posted in Scripting, Virtualization. Bookmark the permalink.

One Response to Create Active Directory users with PowerShell

  1. Pingback: EnterpriseAdmins.org » Blog Archive » VMware View inside vCloud Director

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

Notify me of followup comments via e-mail. You can also subscribe without commenting.