So you’ve installed Windows Server, the Directory Service (AD DS) bits, and promoted the server to a domain controller (DC), but now what? The first step is adding users to Active Directory by creating some Active Directory (AD) user accounts.
In this Ask the Admin, I’m going to show you how to create new Active Directory users with three different tools: Active Directory Administrative Center (ADAC), Active Directory Users and Computer (ADUC), and a command-line tool called dsadd. For more information on creating AD users with PowerShell, see Create New Active Directory Users with Excel and PowerShell on the Petri IT Knowledgebase.
If you haven’t already installed Windows Server and the AD Directory Service server role, make sure you check out How to Install Windows Server 2012 R2 and Install Active Directory on Windows Server 2012 with Server Manager.
If you’ve never used Windows Server or Active Directory before, then the Active Directory Administrative Center is the easiest management tool to get to grips with. You’ll need to log in to Windows Server 2012 R2 with a domain administrator account, or a domain-connected PC where the Remote Server Administration Tools (RSAT) are installed. For more information on RSAT, see Remote Server Administration Tools (RSAT) for Windows 8: Download and Install.
Click the refresh icon at the top of ADAC, and the new user object will appear in the central pane, from where you can edit it at a later stage if required. The user will be required to change the password the first time they log on, and don’t forget that the password you set must meet the password complexity requirements set in domain policy. Note that domain users don’t have the necessary rights to log in locally on domain controllers, so test new user logins from a domain-joined PC.
Creating new users with the Active Directory Users and Computers tool is almost as easy. Adding users to Active Directory in this way is simple and efficient.
The new user account will appear in the Users container in ADUC.
Adding users to Active Directory with the dsadd command is a little easier than with PowerShell, as we don’t need to convert the password to a secure string. Open a PowerShell prompt or command prompt, type the command below and press ENTER. To open a PowerShell prompt, click the blue PowerShell icon on the desktop taskbar, or click the Windows PowerShell tile on the Start screen. It doesn’t matter that dsadd is not a PowerShell cmdlet, it can still be run from a PowerShell window.
dsadd user “cn=Russell Smith,cn=Users,dc=ad,dc=contoso,dc=com” -samid russellsmith -upn [email protected] -fn Russell -ln Smith -display “Russell Smith” -disabled no -pwd “PassW0rd!” -mustchpwd yes
The first parameter is the distinguished name (DN) for the new AD object, and is required. For more information about the available parameters for the
dsadd user
command, type
dsadd user -?
and press
ENTER
in the command prompt.
When adding users to Active Directory in bulk, you can use PowerShell’s Import-CSV cmdlet combined with the New-ADUser command. Create a CSV file with user details like name, department, and title, then run a script that reads this file and creates accounts automatically.
When adding users to Active Directory, implement strong password policies, use organizational units (OUs) for better organization, enable account lockout policies, and document all new user creations. Regular security audits of user accounts are also essential.
Yes, several third-party identity management solutions can streamline the process of adding users to Active Directory. These tools often provide features like automated provisioning, self-service portals, and integration with HR systems.
Common troubleshooting steps when adding users to Active Directory include checking domain controller connectivity, verifying proper permissions, ensuring unique SAMAccountNames, validating DNS settings, and reviewing event logs for specific error messages.
When adding users to Active Directory, you can create PowerShell scripts that send automated email notifications to IT staff or managers. These notifications can include details about the new account creation, temporary passwords, and any specific setup instructions.