Over the last couple of weeks I’ve done a bunch of community stuff mostly revolving around Cloud and PowerShell.

If you were at SharePoint Summit in Toronto, SPSOSLO or SPSDC you may well have seen some of the new demos that I’ve included in PowerShell sessions, one of which revolves around an age old question of “can we use SharePoint to create users in Active Directory without code and without spending any money on sophisticated management or workflow tooling?”.

I’m often overheard saying “anything is possible with PowerShell” but I’m also constantly lodging a caveat that “just because you can does not always mean you should” – the purpose of the scripts contained in this post aligns with the caveat.  It’s a demonstration of functionality, not an endorsement of method – so think about that.

Here’s the scenario.

“We’d like to be able to add user names to a SharePoint list which are then picked up somehow and created in AD as users – can we do this without code?”

It’s a commonly asked question in SharePoint circles and there are many ways to deliver against this requirement but few of those are without code or 3rd party tools.

We can take a leap of imagination here and think about some business process where HR on-board a new member of staff and as part of this process somebody enters user details into a list (which we’re simulating in the helper script).  Clearly, in the real world, the list could be populated by workflow or through some other form of automation, but we’re looking for simplicity in the context of this post, so I’ve taken the simplest route.

Let’s take a look at what we’re doing with the scripts.

1st up we have Add-DemoUserDetailsToSPList.ps1, a helper script that takes username values from a CSV file (also included for your ease of testing) and uses a simple approach to create list items simulating the completion of the form mentioned above.

Secondly we have Create-NewADDemoScheduledTask.ps1, a script that is invoked to drive the creation of the scheduled task that will be the heartbeat of this demonstration.  See the comments in the script before you add comments here about scheduled task management in PowerShell – we’re focused here on V2.

Last but not least we have Add-ADUserFromSPList.ps1, the script that does the work.  The scheduled task that is created by the 2nd script invokes this script periodically, it checks the pre-determined “New User” list for the existence of users that have not been added to AD and then adds them.  Simple but effective.

There are some pre-req conditions for the scripts to function as you would expect:

  • the URLs and list names are stated in the scripts as variables (mostly) as parameters for functions, update them to match your environments
  • you need to add a text column with a default value of a password that meets the complexity requirements defined in your AD (in my demo rig it’s “pass@word1”
    • this is because the helper only adds first, last and user names
  • look at the fields in the scripts (especially the scheduled task script) as user name and password values will clearly not work for you until you update them
  • run the scripts in the order they’re listed above.  Obvious, I know, but I’m saying it anyway 🙂

Rather than burning a bunch of page real estate showing the scripts in this post line-for-line, I’ve uploaded them here for you pull down, play with and pick apart how they do what they do.

No magic, rocket science or super obscure PowerShell here, it’s all actually quite simple.

I hope you get something out of them, feel free to leave your comments.

more to follow…