3 Ways to Create New Active Directory Users

So you’ve installed Windows Server, the Directory Service (AD DS) bits, and promoted the server to a domain controller (DC), but now what? The first step is adding users to Active Directory by creating some Active Directory (AD) user accounts.

In this Ask the Admin, I’m going to show you how to create new Active Directory users with three different tools: Active Directory Administrative Center (ADAC), Active Directory Users and Computer (ADUC), and a command-line tool called dsadd. For more information on creating AD users with PowerShell, see Create New Active Directory Users with Excel and PowerShell on the Petri IT Knowledgebase.

If you haven’t already installed Windows Server and the AD Directory Service server role, make sure you check out How to Install Windows Server 2012 R2 and Install Active Directory on Windows Server 2012 with Server Manager.

Option #1: Creating new users with Active Directory Administrative Center

If you’ve never used Windows Server or Active Directory before, then the Active Directory Administrative Center is the easiest management tool to get to grips with. You’ll need to log in to Windows Server 2012 R2 with a domain administrator account, or a domain-connected PC where the Remote Server Administration Tools (RSAT) are installed. For more information on RSAT, see Remote Server Administration Tools (RSAT) for Windows 8: Download and Install.

• To run ADAC, start Server Manager by clicking the blue icon next to the Start button on the desktop taskbar, or the Server Manager tile on the Start screen.
• In Server Manager, select Active Directory Administrative Center from the Tools menu.
• In the Active Directory Administrative Center, click Users below ad (local) in the left pane.

• In the Tasks pane on the right, click New under Users, and select User from the menu.
• In the Create User dialog box, all required fields are marked by an asterisk. Start by filling out the First name and Last name fields, and the Full name field will be automatically populated.
• All new users must have a SamAccountName, which is the user’s AD logon name, but I recommend filling out the User UPN logon field, and SamAccountName will be filled in automatically.
• Enter and confirm a password, and then click OK.

Click the refresh icon at the top of ADAC, and the new user object will appear in the central pane, from where you can edit it at a later stage if required. The user will be required to change the password the first time they log on, and don’t forget that the password you set must meet the password complexity requirements set in domain policy. Note that domain users don’t have the necessary rights to log in locally on domain controllers, so test new user logins from a domain-joined PC.

Option #2: Creating new users with Active Directory Users and Computer

Creating new users with the Active Directory Users and Computers tool is almost as easy. Adding users to Active Directory in this way is simple and efficient.

• Open Server Manager and select Active Directory Users and Computers from the Tools menu.
• In the left pane of ADUC, expand your domain and click the Users container.
• In the right pane, right click some empty space and select New > User from the menu.
• In the New Object – User dialog, enter a First name, Last name, User logon name and then click Next.
• Type and confirm a password, then click Next.
• Check the information for the new user on the confirmation screen and click Finish.

The new user account will appear in the Users container in ADUC.

Option #3: Creating new users with the dsadd command

Adding users to Active Directory with the dsadd command is a little easier than with PowerShell, as we don’t need to convert the password to a secure string. Open a PowerShell prompt or command prompt, type the command below and press ENTER. To open a PowerShell prompt, click the blue PowerShell icon on the desktop taskbar, or click the Windows PowerShell tile on the Start screen. It doesn’t matter that dsadd is not a PowerShell cmdlet, it can still be run from a PowerShell window.

​dsadd user “cn=Russell Smith,cn=Users,dc=ad,dc=contoso,dc=com” -samid russellsmith -upn [email protected] -fn Russell -ln Smith -display “Russell Smith” -disabled no -pwd “PassW0rd!” -mustchpwd yes

The first parameter is the distinguished name (DN) for the new AD object, and is required. For more information about the available parameters for the

dsadd user

 command, type

dsadd user -?

 and press

ENTER

 in the command prompt.

FAQs

How can I bulk import users when adding users to Active Directory from a CSV file?

When adding users to Active Directory in bulk, you can use PowerShell’s Import-CSV cmdlet combined with the New-ADUser command. Create a CSV file with user details like name, department, and title, then run a script that reads this file and creates accounts automatically.

What security best practices should I follow when adding users to Active Directory?

When adding users to Active Directory, implement strong password policies, use organizational units (OUs) for better organization, enable account lockout policies, and document all new user creations. Regular security audits of user accounts are also essential.

Can I automate the process of adding users to Active Directory through third-party tools?

Yes, several third-party identity management solutions can streamline the process of adding users to Active Directory. These tools often provide features like automated provisioning, self-service portals, and integration with HR systems.

What are the common troubleshooting steps when problems occur while adding users to Active Directory?

Common troubleshooting steps when adding users to Active Directory include checking domain controller connectivity, verifying proper permissions, ensuring unique SAMAccountNames, validating DNS settings, and reviewing event logs for specific error messages.

How can I set up email notifications when adding users to Active Directory?

When adding users to Active Directory, you can create PowerShell scripts that send automated email notifications to IT staff or managers. These notifications can include details about the new account creation, temporary passwords, and any specific setup instructions.