I spent last week in the Microsoft UK Performance and Scalability labs with an ADC customer. We had to load test their web application which used windows auth but had a custom roleprovider. This meant that we needed to script out a bunch of AD accounts for our load tests to use. Needless to say, I turned to powershell :)

We created a list of users names and dropped them into a CSV file with just one column: UserName.

$users = import-csv "C:\usersToBeCreated.csv"
$container = [ADSI] "LDAP://cn=Users,dc=YourDomain,dc=local"
$users | foreach {
    $UserName = $_.UserName
    $newUser = $container.Create("User", "cn=" + $UserName)
    $newUser.Put("sAMAccountName", $UserName)
    $newUser.SetInfo()
    $newUser.psbase.InvokeSet('AccountDisabled', $false)
    $newUser.SetInfo()
    $newUser.SetPassword("P@55w0rd")
}

This was all easy enough but once again, this script isn't perfect. The accounts the script created were disabled but I couldn't, for the life of me, get PowerShell to enable the scripts. It seems I should just have to say $newUser.AccountDisabled = $false? Anyway, we didn't have much time to waste so I simply popped into the AD GUI and selected all the accounts (all 6000 of them) and selected Enable. Done.

UPDATE - Thanks to BomBom's comment the script now enables the accounts propertly too! Thanks BomBom!

Note - this script was run on the domain controller itself.