To make sure that we consistently create user accounts with the correct account properties and restrictions across all our platforms, we're building an inhouse identity-management system that ties into human resources (HR) and automatically creates user accounts for new hires. What's the simplest way to automate user account creation in Active Directory (AD)? Do I have to write a script?
You can do this task interactively or through a script. The simplest interactive approach is to create a template of a configured user account. Then, in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the template account and select Copy.
To accomplish the task automatically, such as in a script, you can use Ldifde, a handy Windows command-line utility. Ldifde uses the Lightweight Directory Access Protocol (LDAP) Data Interchange Format (LDIF—an Internet standard file format) to support batch export and import operations on LDAP directories, such as AD. You can create a simple text file that defines all the information Ldifde needs to create your user account. Ldifde has two modes: export (the default) and import, which lets you create, modify, and delete objects in AD. To specify import mode, you use the -i switch on the command line. To learn more about Ldifde and see examples of export and import commands, read the Microsoft article "Using LDIFDE to Import and Export Directory Objects to Active Directory" (http://support.microsoft.com/?kbid=237677). I recommend that you create a template user account with all properties correctly set, use Ldifde to export the template to an .ldif file, then use that file as the basis for files you create later to import new user accounts.
