Inspired by this thread I have made a revision including terminal services settings, that are not created when not using the SBS Wizard.

Also some of the data is unnecessary in the CSV-fil, because they can be made of other informations already present:
name, displayname, userprincipalname and parentcontainer

Since i don’t use telephone and department they are shaved of in my code. They can of course be found in the original script.

Here goes:

Clear-Host

$UsersCSVPath = “D:\JMA\brugere.csv”
$LocalDomain = (([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Domains | foreach { $_.forest.name }) -as [string]
$ParentContainer= “$LocalDomain/MyBusiness/Users/SBSUsers”
$Password = “07Navision”

$TimeSpanZero = New-TimeSpan -Days 0 -Hours 0 -Minutes 0 -Seconds 0

function WhatIsTehName ([string]$GivenName,[string]$sn) {

if (($GivenName) -and ($sn)) {
return “$GivenName $sn”
} else {
if ($_.givenname) {
return $GivenName
} else {
return $null
}
}

}

function CreateUsersFromCSV {

import-csv $UsersCSVPath |
foreach-object {

$Name = WhatIsTehName $_.givenname $_.sn

if ($Name) {

$username = $_.SamAccountName

$TsSettings = get-qaduser -Identity support |
select-object TsAllowLogon,TsRemoteControl,TsMaxDisconnectionTime,TsMaxConnectionTime,TsMaxIdleTime,TsReconnectionAction,TsBrokenConnectionAction,TsConnectClientDrives,TsConnectPrinterDrives,TsDefaultToMainPrinter

if (!(get-qaduser -SamAccountName $username)){

try {

New-QADUser `
-FirstName $_.givenname `
-LastName $_.sn `
-ParentContainer $ParentContainer `
-SamAccountName $username `
-Name $Name `
-displayname $Name `
-Description $_.description `
-userprincipalname “$username@$LocalDomain” `
-UserPassword $Password |
Get-QADUser |
Set-QADUser `
-TsAllowLogon $TsSettings.TsAllowLogon `
-TsRemoteControl $TsSettings.TsRemoteControl `
-TsMaxDisconnectionTime $TsSettings.TsMaxConnectionTime `
-TsMaxConnectionTime $TsSettings.TsMaxDisconnectionTime `
-TsMaxIdleTime $TsSettings.TsMaxIdleTime `
-TsReconnectionAction $TsSettings.TsReconnectionAction`
-TsBrokenConnectionAction $TsSettings.TsBrokenConnectionAction `
-TsConnectClientDrives $TsSettings.TsConnectClientDrives `
-TsConnectPrinterDrives $TsSettings.TsConnectPrinterDrives `
-TsDefaultToMainPrinter $TsSettings.TsDefaultToMainPrinter |
Enable-QADUser

} catch {
#$Error[0]
Write-Host $_.exception.gettype().fullname
Write-Host $_.exception.message
}
} else {
Write-Host “$Name ($username) allready created (No Problemo)” -BackgroundColor yellow -ForegroundColor Green
}
}
}
}

if (Test-Path $UsersCSVPath) {
CreateUsersFromCSV
}

I’ll keep using (for a while, at least) my VBS + Excel (hacked at MS scriptcenter), but you told me what I was looking for: set “my” users as if they were added using that wizard.

Rodeca
P.S. Besides your “laziness” reason, there is another one: avoid mistakes & errata

Regards,

Yves

I`m glad the sample helped you.

Here is another sample which also creates the homefolders:
import-csv “C:\import.csv” | foreach-object { $username = $_.samaccountname;New-QADUser -FirstName $_.givenname -LastName $_.sn -ParentContainer $_.ParentContainer -SamAccountName $_.samaccountname -Name $_.name -displayname $_.displayname -userprincipalname $_.userprincipalname -Company $_.company -Department $_.department -PhoneNumber $_.telephonenumber | Set-QADUser -UserPassword Passord1 -ObjectAttributes @{homeDrive= ‘F:’ ;homeDirectory= “\\domain.local\Data\Users\$username” ;scriptPath=’netlogon.cmd’}|Enable-QADUser;New-Item -Path \\domain.local\Data\Users\$username -type directory}

For setting NTFS security on the homefolders I`ve used Eric McCarty`s set-FileSystemSecurity function available on his blog: http://ewmccarty.spaces.live.com/blog/cns!CE2AE9EFF99E6598!131.entry

Hint: Install PowerShell Community Extensions (PSCX) SCX 1.1.1 from http://www.codeplex.com/PowerShellCX
and install it.

Then grant the “SeRestore” privilege to the PowerShell process (needed for the set-FileSystemSecurity function to be able to set permissions):

PS > $SeRestore = new-object Pscx.Interop.TokenPrivilege “SeRestorePrivilege”, $true

Then, grant it to the current process’s token (powershell.exe):

PS > Set-Privilege $SeRestore

Then run set-FileSystemSecurity C:\homefolders domain.local

your powershell sample helped me out alot. I had some problems with setting the homedirectory and drive. Now it all works fine. In my older 2000 environment I had an automated script that also created the user folders, how do you do that after importing the users? Anyway, thanks alot for sharing this info.

Regards,

Yves