Bulk User Creation in Active Directory by CSV Import

This page contains the mandatory requirements as well as the guidelines that should be followed for successful creation of user accounts by importing the CSV file. It also explains about usage of some of the frequently used Active Directory attributes.

Click to view the list of LDAP attributes supported by ADManager Plus and a sample CSV file.

Steps:

  1. know more about templates, click
    Click AD Mgmt tab.
  2. Click the Create Bulk Users link under User Creation to invoke the Create Bulk Users wizard.
  3. Select the domain from the Selected Domain drop down menu.
  4. System template is the default selection in the Selected Template field. You can select a different template from the Selected Template drop down menu, as required. To know more about templates, click here.
  5. Click Import button and then the Choose File button to import the CSV file containing user details. Click OK , and then Next. Read about how to create a CSV file here.
  6. After adding all the users, the next step is to select the container object where the user accounts have to be created. Select the OU from the list displayed or click Create New OU to create a new container. Click Create Users to create the defined uses in the selected container.

Some of the frequently used Active Directory attributes:

OU Name :

To create users under different OUs, mention the OU name under the header OUName in the CSV file. OU name should be specified in the distinguished name (DN) format. Also, ensure that you enclose the DN within double quotes.
Example: John, "OU=FinanceOU, DC=abc, DC=com"

Password:

The CSV file should contain the password of the user under the header Password.
Example: user1,Password@123

Template Name:

If you wish to use different templates for different users for creating their accounts in AD, in the CSV file, mention the appropriate template for each user under the header templateName.
Example: user1, CreationTemplate1

Example for attributes - password,OUName,templateName:

givenName,sn,samAccountName,password,telephoneNumber,department,OUName,templateName

james,smith,jamessmith,Password@123,+1-980-765-1234,Account,"OU=Finance,DC=admp,DC=com",CreationTemplate1

james,william,jameswilliam,Password@123,+1-980-765-1234,Human Resource,"OU=PayRoll,OU=HR,DC=admp,DC=com",CreationTemplate2

MemberOf:

To add the user to a group, you can specify the desired group under the header memberOf, in the CSV file. While specifying the groups, ensure that you mention the distinguished name (DN) of the group enclosed within double quotes.

Example:   "User1","CN=Group1,CN=Users,DC=domain,DC=com"

A user can be a member of more than one group, to support multiple values Distinguished Name (DN) of the groups should be separated by semicolon (;).

Example:   "User1","CN=Group1,CN=Users,DC=domain,DC=com;CN=Group2,CN=Users,DC=domain,DC=com"

primaryGroupID:

To specify the primary group for a user, mention the RID of the group which you want to set as primary group under the header primaryGroupID.

Example for attributes - memberOf,primaryGroupID:

givenName,sn,password,memberOf,primaryGroupID

james,smith,Password@123,"CN=group1,OU=Finance,DC=admp,DC=com;CN=Group2,OU=Sales,DC=admp,DC=com",513

james,william,Password@123,"CN=group1,OU=Finance,DC=admp,DC=com",513

Manager:

To specify a manager for a user, the CSV file should contain the Distinguished Name(DN) of the user (whom you wish to assign as the manager) existing in active directory. Ensure that you enclose the user's DN within double quotes.
Example: To set the user 'administrator' as manager for an user, value should be "CN=administrator,CN=Users,DC=admp,DC=com"

Country:

The three values c, co, countryCode are mandatory.

  1. c - 2 letter country code (eg. US for United states).
  2. co - Country Name(Full Country Name).
  3. countryCode - 3 digit country code(eg. 840 for United States).

Example for attributes - manager,c,co,countryCode:

givenName,sn,password,manager,c,co,countryCode

james,smith,Password@123,"CN=ManagerUser,OU=Managers,DC=admp,DC=com",FR,France,250

james,william,Password@123,"CN=ManagerUser,OU=Managers,DC=admp,DC=com",US,United States,840

Useraccountcontrol :

In the CSV file, the userAccountControl attribute should contain the flag value of the user account properties. For example, a flag value of 512 indicates that the account is general while 514 indicates that the account is disabled.
For detailed information, click http://support.microsoft.com/kb/305144

To check 'User must change password at next logon': Attribute 'pwdLastSet' must be set to 0.

To uncheck 'User must change password at next logon': Attribute 'pwdLastSet' must be set to -1.

Account Expires:

  1. To set the account expiry date for a user as never, the value for accountExpires attribute in the CSV file should be mentioned as 0.
  2. To set an expiry date for an user account, the end date can be converted to a long value.[This value represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). ]
  3. Or alternatively can also be set by providing the value in "MM-dd-yyyy" format.
    Example:"05-31-2016"

Logon Workstations:

To specify the computers from which the users can logon to the domain, enter the NetBIOS names of the desired computers separated by commas(,) under the header userWorkstations.
Example: "Computer1,Computer2,Computer3"

Example for attributes - userAccountControl,accountExpires,pwdLastSet,userWorkStations:

givenName,sn,password,userAccountControl,accountExpires,pwdLastSet,userWorkstations

james,smith,Password@123,512,0,0,"computer1,computer2,computer3"

james,william,Password@123,514,130653018000000000,-1,""

Home Drive:

To specify the home drive, the CSV file should contain the drive name followed by colon under the header homeDrive. For example,to set 'E' as the home drive, under the header homeDrive must contain the value "E:"

Home Folder, Profile Path, TS Home Folder,TS ProfilePath:

  1. CSV headers can be homeDirectory,profilePath,tsHomeDir,tsProfilePath
  2. The values can be an absolute path of the folder
  3. Can contain variables like %userName%, %givenName% etc..

Example for attributes-profilePath,homeDrive,homeDirectory:

givenName,sn,password,profilePath,homeDirectory,homeDrive

james,smith,Password@123,"\\admp-dc1\UserProfile\%givenName%","\\admp-dc2\HomeFiles\%displayName%","E:"

james,william,Password@123,"\\admp-dc1\UserProfile\%givenName%","\\admp-dc2\HomeFiles\%displayName%","C:"

Terminal Session Limits

The CSV file must have these attributes: tsTimeOutSettingsConnections (for 'Active session limit'), tsTimeOutSettingsIdle (for 'Idle session limit') and tsTimeOutSettingsDisConnections ( for 'End a disconnected session'). For these attributes / limits, you must enter the values in milliseconds.

Note: For example, to set an Active session limit of 5 minutes, you must enter 300000 (milliseconds) as the value for tsTimeOutSettingsConnections in the CSV file.

Example for attributes-tsTimeOutSettingsConnections,tsTimeOutSettingsIdle,tsTimeOutSettingsDisConnections:

givenName,sn,password,tsTimeOutSettingsConnections,tsTimeOutSettingsIdle,tsTimeOutSettingsDisConnections

james,smith,Password@123,600000,300000,300000

james,william,Password@123,600000,300000,300000

Additional email address

    The user should have the attribute 'proxyAddresses' set to a value.
    Example - "smtp:user@mail1.com;smtp:user@mail2.com"

MailBox Enabled Users attribute in CSV:
The CSV file should have:

  1. Minimum Attributes Needed - mailNickname, homeMDB, msExchHomeServerName.
  2. homeMDB - should contain the DN of the mailbox store.
  3. msExchHomeServerName - value of mail server in legacyExchangeDN Format

Example for creating a mailbox enabled user:

givenname,displayname,password,mailNickame,homeMDB,msExchHomeServerName,proxyAddresses,msExchRequireAuthToSendTo,targetAddress,msExchRecipLimit

james,Smith James,Password@123,jamessmith,"CN=Mailbox Store (EMP-EX03),CN=First Storage Group,CN=InformationStore,CN=EMP-EX03,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=admp,DC=com","/o=First Organization/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=EMP-EX03","SMTP:jamessmith@admp.com",true,"smtp:jamessmith@ymail.com",999

james,William James,Password@123,jameswilliam,"CN=Mailbox Store (EMP-EX03),CN=First Storage Group,CN=InformationStore,CN=EMP-EX03,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=admp,DC=com","/o=First Organization/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=EMP-EX03","SMTP:jameswilliam@admp.com",true,"smtp:jameswilliam@gmail.com",999

Mail Enabled Users attribute in CSV:
The CSV file should have:

  1. Minimum Attributes Needed - mailNickname, targetAddress, msExchAdminGroup
  2. targetAddress - the value should be mentioned in this format: SMTP:user@yahoo.com
  3. msExchAdminGroup- value of Exchange Admin Group in legacyExchangeDN Format.

Example for creating mail-enabled users:

givenname,displayname,password,msexchadmingroup,targetaddress,mailNickname

james,Smith James,Password@123,"/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)","smtp:jamessmith@admp.com",james1

james,William James,Password@123,"/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)","smtp:jameswilliam@admp.com",james2

Custom Attributes:

The CSV file should contain the appropriate values, as defined in the Active Directory, under the LDAP name of the relevant custom attributes.

Note: Before attempting to add values to custom attributes via CSV import, you have to configure the custom attributes in the admin tab of ADManager Plus.

After importing the values from the csv file to modify/specify the value of the custom attribute of any specific user:

  1. Click the modify icon located in the action column of the desired user account
  2. click the custom attribute tab
  3. enter the appropriate values for the desired custom attributes and click OK

Custom script:

  1. Click the modify icon located in the action column of the desired user account
  2. click the custom attribute tab and select the custom script option
  3. In the script command window, enter the script that has to be executed on creation of this user account and click OK.

Office 365 License:

To assign Office 365 licenses while creating users' AD and Office 365 accounts, specify the desired licenses under the header waadLicenseInfo in the CSV file. If you want all the service plans in the licenses (say license1 and license2) to be assigned, the format is "license1;license2". If you want only specific service plans to be applied, the format is "license1,servPlan1,servPlan2;license2,servPlan3,servPlan4".
To obtain the license and service plan names in the required format, you can export the Office 365 license details report in CSVDE format.

Example for assigning Office 365 licenses:

givenname,displayname,password,waadLicenseInfo

james,Smith James,Password@123,"admgr:ENTERPRISEPACK;admgr:ENTERPRISEPREMIUM_NOPSTNCONF"

joan,Daniels,Password@123,"admgr:ENTERPRISEPACK,Deskless,TEAMS1, PROJECTWORKMANAGEMENT, SWAY, INTUNE_O365, YAMMER_ENTERPRISE, RMS_S_ENTERPRISE, OFFICESUBSCRIPTION, MCOSTANDARD, SHAREPOINTWAC, SHAREPOINTENTERPRISE, EXCHANGE_S_ENTERPRISE;admgr:ENTERPRISEPREMIUM_NOPSTNCONF,THREAT_INTELLIGENCE, Deskless, FLOW_O365_P3, POWERAPPS_O365_P3, TEAMS1, ADALLOM_S_O365, EQUIVIO_ANALYTICS, LOCKBOX_ENTERPRISE, EXCHANGE_ANALYTICS, SWAY, ATP_ENTERPRISE, MCOEV, BI_AZURE_P2, INTUNE_O365, PROJECTWORKMANAGEMENT, RMS_S_ENTERPRISE, YAMMER_ENTERPRISE, OFFICESUBSCRIPTION"

G Suite Group:

To add the user to a group in G Suite, you can specify the desired group under the header gappsGroupEmail, in the CSV file.
Example: sales_group@example.com

A user can be a member of more than one group, to support multiple values email of the groups should be separated by semicolon (;). While specifying multiple groups, ensure that you mention the emails within double quotes
Example: "sales_group@example.com;development_group@example.com"

G Suite Organization Unit:

To create users under different Organization Units in your G Suite domain, mention the G Suite Organization Unit path under the header gappsOrgUnitPath in the CSV file. The value should be specified in path format.
Example: /corp/support/sales_support

Note: To save the CSV file in UTF-8 encoding, follow these steps:
In notepad, click File menu -> Save As -> Choose 'UTF-8' from the dropdown menu beside 'Encoding'. Click 'Save'.