VBScript program to create new Active Directory user accounts in bulk from the information in a Microsoft Excel spreadsheet. The program creates the user object, sets the initial password, enables the account, assigns values to several attributes, and sets the password expired so the user must change the password the first time they logon. The program can also make the new user a member of one or more groups. The name and path of the spreadsheet with the information on the new users is hard coded in the program.

Version 2.0 of this program, dated October 7, 2007, has been revised so that the Distinguished Name of the parent container (the container or Organizational Unit where each user will be created) is read from the spreadsheet. This allows you to create users in several containers or OU's. The Distinguished Name of the container or OU is read from the first column of the spreadsheet. All other values in the spreadsheet have been moved over one column from where they were in previous versions of this program. In addition, the program now accepts either the Distinguished Names or the NT names (NetBIOS Names) of groups.

Creating users from the information in a spreadsheet is very powerful. You can use formulas to assign values to many of the cells according to values in other cells. For example, the values for the cn and sAMAccountName attributes can be functions of the first and last names assigned to the user. The homeFolder attribute can also be calculated from the values in other cells. It's easy to copy values and formulas to other rows in the spreadsheet.

The first row of the input spreadsheet is skipped - it is assumed to have column headings. One user is created for each subsequent row in the spreadsheet, until the first blank row is encountered (actually, the first blank entry in column F, for cn). The columns of the spreadsheet should have values for the following attributes:

Column Attribute Description
A DN of parent container/OU
B givenName First name
C initials Middle name
D sn Last name
E Password
F cn Common name
G sAMAccountName NT logon name (pre-Windows 2000)
H userPrincipalName User logon name (email style)
I homeDirectory Home folder UNC path
J homeDrive Drive letter to map home folder
K scriptPath Logon script
L DN or NT names of group(s)

Any of the columns can be blank, except for A (DN of parent) and F (cn) which are required to create users. The sAMAccountName attribute is also mandatory, but the program defaults to assign the same value to cn and sAMAccountName if no value is provided for the later. Column "L" can have the Distinguished Name (DN) or the NT name (NetBIOS name) of a group. The new user will be made a member of this group. More groups can be designated in subsequent columns. The program will add the user to all groups designated from column "L" on until the first blank cell in the row is encountered. All users are automatically members of the group "Domain Users", which is the "primary" group.

If the value you provide for the cn attribute has a comma, be sure to escape this character with the backslash escape character, "\". For example, the value for cn could be "Wilson\, Mary". The list of characters that must be escaped if they appear in the Common Name include the following:

, \ / # + < > ; " =

These characters do not need to be escaped if they appear in any other attribute. However, the value assigned to sAMAccountName may not include any of the following characters:

[ ] : ; | = + ? < > * "

When the program assigns the homeDirectory attribute, it attempts to create the folder if it does not already exist. Then the program grants the new user all rights to this folder.

CreateUsers.txt <<-- Click here to view or download the program

A sample spreadsheet showing the format expected by the program is linked below.