Streamline Employee Onboarding with PowerShell: A Step-by-Step Guide

Published:16 June 2019 - 2 min. read

Employee onboarding is one of those tasks that is ripe for automation. A PowerShell onboarding script is a perfect tool for the job.

Not a reader? Watch this related video tutorial!
Not seeing the video? Make sure your ad blocker is disabled.

Onboarding is a task that’s performed hundreds of times that rarely changes. When hired, every employee needs an Active Directory user account, an email mailbox, access to this and that system, a home folder with specific permissions only to them and so on. A task that’s performed the same way multiple times is a perfect candidate for automation.

It seems like nearly every organization has Active Directory (AD). AD is a big part of employee onboarding that a lot of organizations may still be doing manually. The helpdesk is still opening Active Directory Users & Computers, right-clicking and creating a new user. They’re then manually adding that user to a specific set of groups and will ultimately screw it up do to all of their other responsibilities. Again, something automation can alleviate!

So you’re convinced automation is the way to go when onboarding new employee in AD, right? If so, how to do it?

One of the easiest ways to automate Active Directory tasks is with a PowerShell onboarding script. By using a freely available PowerShell module, you can create scripts to do just about anything with AD. For our purposes, we need to create a script to create a new user account for an employee and perhaps add her to a few common groups. To do this, grab a copy of Remote Server Administration Tools. This will give you the ActiveDirectory PowerShell module. Once you do this, ensure you’re on a domain-joined computer and you have the appropriate rights to create new users.

In the ActiveDirectory PowerShell module, you have a command called New-AdUser. There are lots of ways to use this command but below is a common way. In this PowerShell code, I’m generating a random password and then using it along with a first name, last name and username to create a new AD user. That’s it! No mouse clicking involved.

Add-Type -AssemblyName System.Web
$password = [System.Web.Security.Membership]::GeneratePassword((Get-Random -Minimum 20 -Maximum 32), 3)
$secPw = ConvertTo-SecureString -String $password -AsPlainText -Force

$NewUserParameters = @{
	GivenName = 'Adam'
	Surname = 'Bertram'
	Name = 'abertram'
	AccountPassword = $secPw
}
New-AdUser @NewUserParameters

We also have a command called Add-AdGroupMember. This will add the user that was just created to a group.

Add-AdGroupMember -Identity 'Accounting' -Members 'abertram'

One the great things about automation employee onboarding with PowerShell is that once the code is built, it can be ran for one, ten or a hundred employees with no extra effort. For example, perhaps I have a ton of new employees I need to provision in AD. By using the Import-Csv command, I can read each row in that CSV file and run the code we just went over.

This example is assuming you have a CSV with the columns FirstName and LastName.

Add-Type -AssemblyName System.Web
Import-Csv -Path C:\Employees.csv | foreach {
    $password = [System.Web.Security.Membership]::GeneratePassword((Get-Random -Minimum 20 -Maximum 32), 3)
    $secPw = ConvertTo-SecureString -String $password -AsPlainText -Force

	$userName = '{0}{1}' -f $_.FirstName.Substring(0,1),$_.LastName
	$NewUserParameters = @{
		GivenName = $_.FirstName
		Surname = $_.LastName
		Name = $userName
		AccountPassword = $secPw
	}
	New-AdUser @NewUserParameters
	Add-AdGroupMember -Identity 'Accounting' -Members $userName
}

We just scratched the surface here to what’s possible to automate employee onboarding in Active Directory. If your organization has a predefined process with specific rules that have to be followed, this code could be just the beginniing of a much larger employee onboarding process that can be 100% automated!

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!