一种批量添加AD帐户的思路

这个思路是针对对AD帐户不是很了解的用户，特别是搞不清楚什么叫CN，什么叫DC的用户，比如我。

1、CMD打开命令行，首先使用dsquery user，得到当前已存在的用户，如
"CN=shenhj,CN=Users,DC=domain,DC=yuhooo,DC=net"

2、然后使用dsadd user "CN=shenhj,CN=Users,DC=domain,DC=yuhooo,DC=net"，当然，用户名要改一下了，比如改成
dsadd user "CN=MyNewName,CN=Users,DC=domain,DC=yuhooo,DC=net"
执行一下，就会看到新的用户已经被添加了，而事实上这样添加的用户是不能登录的，他被禁用了。
实际过程中我们可以用这样的命令：
dsadd user "CN=MyNewName,CN=Users,DC=domain,DC=yuhooo,DC=net" -upn UPN -fn firstname -ln lastname -display displayname -pwd MyPassword! -mustchpwd no -canchpwd no -pwdneverexpires yes -disabled no

参数的意思是：

-samid—The user ID in a form that is usable with non–Active Directory accounts management.
-upn—The user principal name is an alternate name that can be used for logon. In place of the usual domain\user, you can enter name@domain. For example, Bill Bailey could log on as bbailey@lantrainers.local.
-fn—The user's first name.
-mi—The user's middle initial.
-ln—The user's last name.
-display—The name that denotes the account in listings, such as in Active Directory Users and Computers.
-empid—An EmployeeID field.
-pwd—This field can contain the password to be assigned to the account. If you want to be prompted for a password when creating the account, enter *. This wildcard is probably not appropriate for mass-creating users because the script will stop each time a user is created asking for a password.
-desc—A description of the user.
-memberof—A list of distinguished names of the groups the user should be made a member of.
-office—The name of the user's office.
-tel—The user's main phone number.
-email—The user's email address.
-webpg—The user's Web page address.
-title—The user's title.
-dept—Department.
-company—Company.
-mgr—The manager of this user.
-hmdir—The path to the user's home directory.
-hmdrv—The drive letter assigned to the user's home directory.
-mustchpwd—The user must change the password at next logon: {yes | no}.
-canchpwd—The user is able to change the password: {yes | no}.
-reversiblepwd—The password is stored with reversible encryption (used with Macintosh systems and digest authentication): {yes | no}.
-pwdneverexpires—The password does not expire: {yes | no}.
-acctexpires—The number of days until the account expires.
-disabled—The account is disabled: {yes | no}.
-q—The command should run with no output to the console.

3、批量化操作
这一步的手段相当多，
比如用正则表达式批量替换输入文件生成一个dsadd命令列表
或写一个DOS OR VBS批处理文件
或写一个小工具，一劳永逸。