Bulk User Creation in Active Directory by CSV Import

    This page contains the mandatory requirements as well as the guidelines that should be followed for successful creation of user accounts by importing the CSV file. It also explains about usage of some of the frequently used Active Directory attributes.

    Click to view the list of LDAP attributes supported by ADManager Plus and a sample CSV file.

    Steps:

    1. Click Management tab.
    2. Click the Create Bulk Users link under User Creation to invoke the Create Bulk Users wizard.
    3. Select the domain from the Selected Domain drop down menu.
    4. System template is the default selection in the Selected Template field. You can select a different template from the Selected Template drop down menu, as required. To know more about templates, click here.
    5. Click Import button and then the Choose File button to import the CSV file containing user details. Click OK , and then Next.
    6. After adding all the users, the next step is to select the container object where the user accounts have to be created. Select the OU from the list displayed or click Create New OU to create a new container. Click Create Users to create the defined uses in the selected container.

    Some of the frequently used Active Directory attributes:

    General attributes

    Group attributes

    Contact/Organization attributes

    Account attributes

    Profile/TS Profile attributes

    Exchange attributes

    Custom attributes

    Office 365 attributes

    Google Workspace attributes

    OU Name :

    To create users under different OUs, mention the OU name under the header OUName in the CSV file. OU name should be specified in the distinguished name (DN) format. Also, ensure that you enclose the DN within double quotes.
    Example: John, "OU=FinanceOU, DC=abc, DC=com"

    Password:

    The CSV file should contain the password of the user under the header Password.
    Example: user1,Password@123

    Template Name:

    If you wish to use different templates for different users for creating their accounts in AD, in the CSV file, mention the appropriate template for each user under the header templateName.
    Example: user1, CreationTemplate1

    Example for attributes - password,OUName,templateName:

    givenName,sn,samAccountName,password,telephoneNumber,department,OUName,templateName

    james,smith,jamessmith,Password@123,+1-980-765-1234,Account,"OU=Finance,DC=admp,DC=com",CreationTemplate1

    james,william,jameswilliam,Password@123,+1-980-765-1234,Human Resource,"OU=PayRoll,OU=HR,DC=admp,DC=com",CreationTemplate2

    MemberOf:

    To add the user to a group, you can specify the desired group under the header memberOf, in the CSV file. While specifying the groups, ensure that you mention the distinguished name (DN) or sAMAccount name or display name (displayNAme) or email address (mail) of the group enclosed within double quotes.

    A user can be a member of more than one group, to support multiple values Distinguished Name (DN) of the groups should be separated by semicolon (;).
    Example:   "User1","CN=Group1,CN=Users,DC=domain,DC=com;CN=Group2,CN=Users,DC=domain,DC=com"

    primaryGroupID:

    To specify the primary group for a user, mention the RID of the group which you want to set as primary group under the header primaryGroupID.

    Example for attributes - memberOf,primaryGroupID:

    givenName,sn,password,memberOf,primaryGroupID

    james,smith,Password@123,"CN=group1,OU=Finance,DC=admp,DC=com;CN=Group2,OU=Sales,DC=admp,DC=com",513

    james,william,Password@123,"CN=group1,OU=Finance,DC=admp,DC=com",513

    Manager:

    To specify a manager for a user, the CSV file should contain the Distinguished Name(DN) or sAMAccount name or display name (displayNAme) or email address (mail) of the user (whom you wish to assign as the manager) existing in Active Directory. Ensure that you enclose the user's DN within double quotes.

    Country:

    The three values c, co, countryCode are mandatory.

    1. c - 2 letter country code (eg. US for United states).
    2. co - Country Name(Full Country Name).
    3. countryCode - 3 digit country code(eg. 840 for United States).

    Example for attributes - manager,c,co,countryCode:

    givenName,sn,password,manager,c,co,countryCode

    james,smith,Password@123,"CN=ManagerUser,OU=Managers,DC=admp,DC=com",FR,France,250

    james,william,Password@123,"CN=ManagerUser,OU=Managers,DC=admp,DC=com",US,United States,840

    Useraccountcontrol :

    In the CSV file, the userAccountControl attribute should contain the flag value of the user account properties. For example, a flag value of 512 indicates that the account is general while 514 indicates that the account is disabled.
    For detailed information, click http://support.microsoft.com/kb/305144

    To check 'User must change password at next logon': Attribute 'pwdLastSet' must be set to 0.

    To uncheck 'User must change password at next logon': Attribute 'pwdLastSet' must be set to -1.

    Account Expires:

    1. To set the account expiry date for a user as never, the value for accountExpires attribute in the CSV file should be mentioned as 0.
    2. To set an expiry date for an user account, the end date can be converted to a long value.[This value represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). ]
    3. Or alternatively can also be set by providing the value in "MM-dd-yyyy" format.
      Example:"05-31-2016"

    Logon Workstations:

    To specify the computers from which the users can logon to the domain, enter the NetBIOS names of the desired computers separated by commas(,) under the header userWorkstations.
    Example: "Computer1,Computer2,Computer3"

    Example for attributes - userAccountControl,accountExpires,pwdLastSet,userWorkStations:

    givenName,sn,password,userAccountControl,accountExpires,pwdLastSet,userWorkstations

    james,smith,Password@123,512,0,0,"computer1,computer2,computer3"

    james,william,Password@123,514,130653018000000000,-1,""

    Home Drive:

    To specify the home drive, the CSV file should contain the drive name followed by colon under the header homeDrive. For example,to set 'E' as the home drive, under the header homeDrive must contain the value "E:"

    Home Folder, Profile Path, TS Home Folder,TS ProfilePath:

    1. CSV headers can be homeDirectory,profilePath,tsHomeDir,tsProfilePath
    2. The values can be an absolute path of the folder
    3. Can contain variables like %userName%, %givenName% etc..

    Example for attributes-profilePath,homeDrive,homeDirectory:

    givenName,sn,password,profilePath,homeDirectory,homeDrive

    james,smith,Password@123,"\\admp-dc1\UserProfile\%givenName%","\\admp-dc2\HomeFiles\%displayName%","E:"

    james,william,Password@123,"\\admp-dc1\UserProfile\%givenName%","\\admp-dc2\HomeFiles\%displayName%","C:"

    Terminal Session Limits

    The CSV file must have these attributes: tsTimeOutSettingsConnections (for 'Active session limit'), tsTimeOutSettingsIdle (for 'Idle session limit') and tsTimeOutSettingsDisConnections ( for 'End a disconnected session'). For these attributes / limits, you must enter the values in milliseconds.

    Note: For example, to set an Active session limit of 5 minutes, you must enter 300000 (milliseconds) as the value for tsTimeOutSettingsConnections in the CSV file.

    Example for attributes-tsTimeOutSettingsConnections,tsTimeOutSettingsIdle,tsTimeOutSettingsDisConnections:

    givenName,sn,password,tsTimeOutSettingsConnections,tsTimeOutSettingsIdle,tsTimeOutSettingsDisConnections

    james,smith,Password@123,600000,300000,300000

    james,william,Password@123,600000,300000,300000

    Additional email address

    1. The user should have the attribute 'proxyAddresses' set to a value.
      Example - "smtp:user@mail1.com;smtp:user@mail2.com"

    MailBox Enabled Users attribute in CSV:
    The CSV file should have:

    1. Minimum Attributes Needed - mailNickname, homeMDB, msExchHomeServerName.
    2. homeMDB - should contain the DN of the mailbox store.
    3. msExchHomeServerName - value of mail server in legacyExchangeDN Format

    Example for creating a mailbox enabled user:

    givenname,displayname,password,mailNickame,homeMDB,msExchHomeServerName,proxyAddresses,msExchRequireAuthToSendTo,targetAddress,msExchRecipLimit

    james,Smith James,Password@123,jamessmith,"CN=Mailbox Store (EMP-EX03),CN=First Storage Group,CN=InformationStore,CN=EMP-EX03,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=admp,DC=com","/o=First Organization/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=EMP-EX03","SMTP:jamessmith@admp.com",true,"smtp:jamessmith@ymail.com",999

    james,William James,Password@123,jameswilliam,"CN=Mailbox Store (EMP-EX03),CN=First Storage Group,CN=InformationStore,CN=EMP-EX03,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=admp,DC=com","/o=First Organization/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=EMP-EX03","SMTP:jameswilliam@admp.com",true,"smtp:jameswilliam@gmail.com",999

    Mail Enabled Users attribute in CSV:
    The CSV file should have:

    1. Minimum Attributes Needed - mailNickname, targetAddress, msExchAdminGroup
    2. targetAddress - the value should be mentioned in this format: SMTP:user@yahoo.com
    3. msExchAdminGroup- value of Exchange Admin Group in legacyExchangeDN Format.

    Example for creating mail-enabled users:

    givenname,displayname,password,msexchadmingroup,targetaddress,mailNickname

    james,Smith James,Password@123,"/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)","smtp:jamessmith@admp.com",james1

    james,William James,Password@123,"/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)","smtp:jameswilliam@admp.com",james2

    Custom Attributes:

    The CSV file should contain the appropriate values, as defined in the Active Directory, under the LDAP name of the relevant custom attributes.

    Note: Before attempting to add values to custom attributes via CSV import, you have to configure the custom attributes in the admin tab of ADManager Plus.

    After importing the values from the csv file to modify/specify the value of the custom attribute of any specific user:

    1. Click the modify icon located in the action column of the desired user account
    2. click the custom attribute tab
    3. enter the appropriate values for the desired custom attributes and click OK

    Custom script:

    1. Click the modify icon located in the action column of the desired user account
    2. click the custom attribute tab and select the custom script option
    3. In the script command window, enter the script that has to be executed on creation of this user account and click OK.

    Office 365 License:

    To assign Office 365 licenses while creating users' AD and Office 365 accounts, specify the desired licenses under the header waadLicenseInfo in the CSV file. If you want all the service plans in the licenses (say license1 and license2) to be assigned, the format is "license1;license2". If you want only specific service plans to be applied, the format is "license1,servPlan1,servPlan2;license2,servPlan3,servPlan4".

    Example for assigning Office 365 licenses:

    givenname,displayname,password,waadLicenseInfo

    james,Smith James,Password@123,"admgr:ENTERPRISEPACK;admgr:ENTERPRISEPREMIUM_NOPSTNCONF"

    joan,Daniels,Password@123,"admgr:ENTERPRISEPACK,Deskless,TEAMS1, PROJECTWORKMANAGEMENT, SWAY, INTUNE_O365, YAMMER_ENTERPRISE, RMS_S_ENTERPRISE, OFFICESUBSCRIPTION, MCOSTANDARD, SHAREPOINTWAC, SHAREPOINTENTERPRISE, EXCHANGE_S_ENTERPRISE;admgr:ENTERPRISEPREMIUM_NOPSTNCONF,THREAT_INTELLIGENCE, Deskless, FLOW_O365_P3, POWERAPPS_O365_P3, TEAMS1, ADALLOM_S_O365, EQUIVIO_ANALYTICS, LOCKBOX_ENTERPRISE, EXCHANGE_ANALYTICS, SWAY, ATP_ENTERPRISE, MCOEV, BI_AZURE_P2, INTUNE_O365, PROJECTWORKMANAGEMENT, RMS_S_ENTERPRISE, YAMMER_ENTERPRISE, OFFICESUBSCRIPTION"

    Google Workspace Group:

    To add the user to a group in Google Workspace, you can specify the desired group under the header gappsGroupEmail, in the CSV file.
    Example: sales_group@example.com

    A user can be a member of more than one group, to support multiple values email of the groups should be separated by semicolon (;). While specifying multiple groups, ensure that you mention the emails within double quotes
    Example: "sales_group@example.com;development_group@example.com"

    Google Workspace Organization Unit:

    To create users under different Organization Units in your Google Workspace domain, mention the Google Workspace Organization Unit path under the header gappsOrgUnitPath in the CSV file. The value should be specified in path format.
    Example: /corp/support/sales_support

    Note: To save the CSV file in UTF-8 encoding, follow these steps:
    In notepad, click File menu → Save As → Choose 'UTF-8' from the dropdown menu beside 'Encoding'. Click 'Save'.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Copyright © © 2020, ZOHO Corporation.All Rights Reserved.