Accounts
Powershell

To automate new users with powershell here is one way you could do this:

$ou=[ADSI] "LDAP://ou=NewYork,ou=America,dc=somedomain,dc=com"
$newUser=$OU.create("user","cn=Barak Obama")
$newUser.Put("sAMAccountName","BObama")
$newUser.SetInfo()

When you have a Excel Sheet in comma delimited format that would have Cells like this: (HR-Export.csv)

cn sAMAccountName FirstName LastName
Barak Obama barak.obama Barak Obama
George Bush George.Bush George Bush
Ronald Reagan Ronald.Reagan Ronald Reagan
Bill Clinton Bill.Clinton Bill Clinton

You would then script this with powershell like this:

$OU=[ADSI] "LDAP://OU=NewYork,ou=America,dc=SomeDomain,dc=com"
$dataSource=import-csv "HR-Export.csv"
foreach($dataRecord in $datasource) {
    $cn=$dataRecord.cn
    $sAMAccountName=$dataRecord.sAMAccountName
    $givenName=$dataRecord.FirstName
    $sn=$dataRecord.LastName
    $displayName=$sn + ", "+ $givenName
    $userPrincipalName=$givenName + "." + $sn + "@SomeDomain.com"

    $NewUser=$OU.Create("user","CN="+$cn)
    $NewUser.put("sAMAccountName",$sAMAccountName)
    $NewUser.put("userPrincipalName",$userPrincipalName)
    $NewUser.put("displayName",$displayName)
    $NewUser.put("givenName",$givenName)
    $NewUser.put("sn",$sn)
    $NewUser.SetInfo()
    $NewUser.SetPassword("P@ssw0rd")
    $NewUser.psbase.InvokeSet("AccountDisabled",$false)
    $NewUser.put("company","Presidential Suite Inc.")
    $NewUser.SetInfo()

What if you want to check if a user exists in a domain and if the data that is handed to you does not create errors like e.g. there are 2 jane doe's in the company. How would you check the list of names and verify it first. E.g. you want to add all users from one domain into a group on another domain. You will need to check to see if the data you got is indeed valid for adding the accounts into a e.g group on another domain. I wrote a little script that could be of help:
# function get-contoso
# in this function it will check if the name that is delivered has an account in Contoso domain and
# if it is unique, if there is more than one user found it will count the number and continue
# if the user is not found we can try to do the same kind of lookup in the other domain

function get-contoso {
param(
[string]$username='defaultusername'
     )
     if((Get-qaduser -identity $username -service contoso |measure-object).count -eq 1) {
     'there is one outcome ' + $username + ' excist in contoso' | Out-file c:\temp\users.txt -append
     }
     elseif ((Get-qaduser -identity $username -service contoso |measure-object).count -gt 1) {
     $countnumber = ((get-qaduser -identity $username -service contoso | measure-object).count )
     'there are ' + $countnumber + ' users found' + ' with ' + $username | out-file c:\temp\users.txt -append
     }
     else {$username + ' does not exist in Contoso perhaps in another domain' | Out-file c:\temp\users.txt -append }
}
get-content c:\temp\HR_text_users.txt | foreach-object { get-contoso $_ }

To find old computeraccounts and to see if they are still pingable, kind of contradiction but swa. Here is a oneliner that will get you going:
PS > Get-ADComputer -filter * -SearchBase 'OU=OLD,Dc=Contoso,dc=com' | % {if(Test-Connection -computername $_.Name -quiet -count 1){Write-host $_.Name is up -foregroundcolor green}else {write-host $_.Name is down -foregroundcolor red}}

If you like to query active directory and only show user with a specific description you could do this with get-aduser
Get-ADUser -LDAPFilter "(description=*)" -property description | select DistinguishedName, description | Where-Object {$_.Description -like "Helpdesk*"}

If you want a good start to delete a bunch of users leftovers :) that is there home drive, profile, links, favorietes I wrote a little script that gets you started:

[string]$user = read-host "user-G#";$gebruiker = get-aduser -identity $user | Select Name # $user contains G nummer and gebruiker the name of the person
$profile = [string]$user + '.V2'
Write-host 'je gaat de gegevens van de volgende gebruiker verwijderen:' -foregroundcolor green $gebruiker.name
$antwoord = read-host "is dit correct? (j/n)"
if ($antwoord -eq [string]"j") {Write-host 'je gaat de volgende gegevens verwijderen:' -foregroundcolor green
                remove-item -path \\fs001\home$\$user -filter * -recurse -whatif
                remove-item -path \\fs001\profile$\$profile -filter * -recurse -whatif
                remove-item -path \\fs001\g$\datafolder\ScanData\$user -filter * -recurse -whatif
                remove-item -path \\fs002\appdata$\$user -filter * -recurse -whatif
                remove-item -path \\fs002\g$\FolderRedirection\AppData\$user -filter * -recurse -whatif
                remove-item -path \\fs002\g$\FolderRedirection\Desktop\$user -filter * -recurse -whatif
                remove-item -path \\fs002\g$\FolderRedirection\Downloads\$user -filter * -recurse -whatif
                remove-item -path \\fs002\g$\FolderRedirection\Favorites\$user -filter * -recurse -whatif
                remove-item -path \\fs002\g$\FolderRedirection\Links\$user -filter * -recurse -whatif
                $antwoord = read-host "is dit correct? (j/n)"
                if ($antwoord -eq [string]"j") {
                                remove-item -path \\fs001\home$\$user -filter * -recurse -force
                                remove-item -path \\fs001\profile$\$profile -filter * -recurse -force
                                remove-item -path \\fs001\g$\Datafolder\ScanData\$user -filter * -recurse -force
                                remove-item -path \\fs002\appdata$\$user -filter * -recurse -force
                                remove-item -path \\fs002\g$\FolderRedirection\AppData\$user -filter * -recurse -force
                                remove-item -path \\fs002\g$\FolderRedirection\Desktop\$user -filter * -recurse -force
                                remove-item -path \\fs002\g$\FolderRedirection\Downloads\$user -filter * -recurse -force
                                remove-item -path \\fs002\g$\FolderRedirection\Favorites\$user -filter * -recurse -force
                                remove-item -path \\fs002\g$\FolderRedirection\Links\$user -filter * -recurse -force

                                }
                else {write-host "antwoord is niet j dus abort"}                
}
else {write-host "antwoord is niet j dus abort"}
[string]$exit = read-host "exit j/n"
if ($exit -eq [string]"n") {Write-host 'let op je gaat verder met het verwijderen van gegevens en user:' $gebruiker.name -foregroundcolor green

$antwoord = read-host "is dit correct? (j/n)"
if ($antwoord -eq [string]"j") {Write-host 'je gaat de volgende groepen verwijderen: LET OP DOMAIN USERS kan niet verwijderd worden' -foregroundcolor green
                            $membership = Get-ADPrincipalGroupMembership -Identity $user
                            $membership | select Name -ExpandProperty Name
                            $groep = $membership | select Name -ExpandProperty Name
                            $groep | foreach {
                            if ($_ -ne 'Domain Users') {
                            Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_ -WhatIf
                                $antwoord = read-host "is dit correct? (j/n)"
                                    if ($antwoord -eq [string]"j") {
                                        Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_ -Confirm:$false
                                        }
                                        else {write-host "antwoord is niet j dus abort"}
                                    [string]$exit = read-host "exit j/n"
                                    if ($exit -eq [string]"n") {Write-host 'let op je gaat verder met het verwijderen van gegevens en user:' $gebruiker.name -foregroundcolor green
                                    # here comes the lines after removing all the groups of the user

                                    }
                                    else{}
                               } 
                               Else {Write-host "De domain users is aanwezig, dus die wordt niet verwijderd"}

                        }
                    }
                    else {"Antwoord is niet j dus abort"}
              }
        else {"antwoord is niet j dus abort"}

On Me
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License