We needed to setup about a hundred new users in our Exchange 2007 environment.  Rather than create each user individually I researched how to import the users from a CSV file.  To do this you need to download and install Quest Software’s free active directory powershell commands.
Here is the script I finally ended up with:

$OuBorn = ‘OU=OrganizationalUnit,DC=MyDomain,DC=com’
$Freshmen = ‘C:\ImportUsers.csv’
import-csv $Freshmen |`
where {new-QADUser -ParentContainer $OuBorn `
-name $_.name -sAMAccountName $_.sAMAccountName `
-City $_.city -Company $_.Company -Department $_.Department `
-FirstName $_.FirstName -LastName $_.LastName `
-StreetAddress $_.StreetAddress -State $_.State `
-Title $_.Title -userPrincipalName $_.userPrincipalName `
-userPassword $_.userPassword -DisplayName $_.name `
-Office $_.Office ; enable-QADUser $_.name `

The first 2 lines setup where you are creating the new users and the path to the file you are creating them from. Line 3 through the end is the main work.  This will create users populated from a CSV file and fills in the First and Last name, City, Company, Department, Street Address, User Principal Name, Password, Display Name and their Office.  Finally it also enables the user account.  (Note:  take notice of the ` at the end of each line in the main script.  This allows you to write the script in a text editor and use multiple lines which helps with readability)

I created the users into a new OU so I could keep track of the users and make it easier to work with just those accounts.  You could get fancy and add to the script to make the mailboxes and such but I just decided to make the users and then use the Exchange GUI to make the mailboxes since you can pick a whole OU of users and generate mailboxes from there.

One problem I ran into was I tried to give all of the user accounts a generic password and then set the “User must change password on next logon” flag.  This worked but these users will only be logging onto the network using Outlook Web Access.  Exchange 2007’s Outlook Web Access get’s stuck and won’t let the user logon to change the password unless you first logon to the account then set the “User must change password on next logon” setting.  Since I didn’t want to have to log onto 90 something user accounts I just generated their password for them and it’ll prompt them to change the password in 6 months.

Here is a sample CSV file that I used for testing.

Also I wanted to restrict these new users from receiving email from outside the organization to cut down on potential spam.  I did this by using the following powershell:

Get-Mailbox -OrganizationalUnit “NewUsers” | Set-Mailbox -AcceptMessagesOnlyFromDLMembers “All Company Email”

So we have a dynamic distribution list called “All Company Email” that has everyone in the organization in it.  This script restricts everyone in the NewUsers OU (by using the Get-Mailbox command) to only be able to receive email from those in the “All Company Email” distribution list.