New episode!

Latest Episode: 5 GPO MDM Mistakes

In this week’s episode, Stephen talks to Jeremy Moskowitz about the top 5 mistakes IT Pros make when transferring Group Policy to MDM.
Happening now!

Unlock Secure Remote Working!

Dive into the latest Microsoft management technologies at our free 1-day GET-IT virtual conference. Sign up now!
On-demand!

Inside Access: Why Privileged Accounts Could Be Your Biggest Security Gap

What if your biggest vulnerability wasn't a misconfigured firewall? Don't miss our webinar on the hidden risks of standing privileges.

3 Ways to Create New Active Directory Users

So you’ve installed Windows Server, the Directory Service (AD DS) bits, and promoted the server to a domain controller (DC), but now what? The first step is to create some Active Directory (AD) user accounts.

In this Ask the Admin, I’m going to show you how to create new Active Directory users with three different tools: Active Directory Administrative Center (ADAC), Active Directory Users and Computer (ADUC), and a command-line tool called dsadd. For more information on creating AD users with PowerShell, see Create New Active Directory Users with Excel and PowerShell on the Petri IT Knowledgebase.

If you haven’t already installed Windows Server and the AD Directory Service server role, make sure you check out How to Install Windows Server 2012 R2 and Install Active Directory on Windows Server 2012 with Server Manager.

Option #1: Creating new users with Active Directory Administrative Center

If you’ve never used Windows Server or Active Directory before, then the Active Directory Administrative Center is the easiest management tool to get to grips with. You’ll need to log in to Windows Server 2012 R2 with a domain administrator account, or a domain-connected PC where the Remote Server Administration Tools (RSAT) are installed. For more information on RSAT, see Remote Server Administration Tools (RSAT) for Windows 8: Download and Install.

To run ADAC, start Server Manager by clicking the blue icon next to the Start button on the desktop taskbar, or the Server Manager tile on the Start screen.
In Server Manager, select Active Directory Administrative Center from the Tools menu.
In the Active Directory Administrative Center, click Users below ad (local) in the left pane.

The Users container in Active Directory Administrative Center. (Image Credit: Russell Smith)

In the Tasks pane on the right, click New under Users, and select User from the menu.
In the Create User dialog box, all required fields are marked by an asterisk. Start by filling out the First name and Last name fields, and the Full name field will be automatically populated.
All new users must have a SamAccountName, which is the user’s AD logon name, but I recommend filling out the User UPN logon field, and SamAccountName will be filled in automatically.
Enter and confirm a password, and then click OK.

Creating a new user in Active Directory Administrative Center. (Image Credit: Russell Smith)

Click the refresh icon at the top of ADAC, and the new user object will appear in the central pane, from where you can edit it at a later stage if required. The user will be required to change the password the first time they log on, and don’t forget that the password you set must meet the password complexity requirements set in domain policy. Note that domain users don’t have the necessary rights to log in locally on domain controllers, so test new user logins from a domain-joined PC.

Option #2: Creating new users with Active Directory Users and Computer

Creating new users with the Active Directory Users and Computers tool is almost as easy.

Open Server Manager and select Active Directory Users and Computers from the Tools menu.
In the left pane of ADUC, expand your domain and click the Users container.
In the right pane, right click some empty space and select New > User from the menu.
In the New Object – User dialog, enter a First name, Last name, User logon name and then click Next.
Type and confirm a password, then click Next.
Check the information for the new user on the confirmation screen and click Finish.

Creating a new user in Active Directory Users and Computers tool. (Image Credit: Russell Smith)

The new user account will appear in the Users container in ADUC.

Option #3: Creating new users with the dsadd command

Adding a new user with the dsadd command is a little easier than with PowerShell, as we don’t need to convert the password to a secure string. Open a PowerShell prompt or command prompt, type the command below and press ENTER. To open a PowerShell prompt, click the blue PowerShell icon on the desktop taskbar, or click the Windows PowerShell tile on the Start screen. It doesn’t matter that dsadd is not a PowerShell cmdlet, it can still be run from a PowerShell window.

dsadd user “cn=Russell Smith,cn=Users,dc=ad,dc=contoso,dc=com” -samid russellsmith -upn [email protected] -fn Russell -ln Smith -display “Russell Smith” -disabled no -pwd “PassW0rd!” -mustchpwd yes

The first parameter is the distinguished name (DN) for the new AD object, and is required. For more information about the available parameters for the

dsadd user