Active DirectoryMicrosoftPowershellWindows Server
How to Create a New User Account in Active Directory and Assign Specific Group Memberships: Step-by-Step Guide
Table of Contents
Introduction:
Creating new user accounts and managing their group memberships are essential tasks for Active Directory (AD) administrators. In this guide, we’ll cover several methods for adding new users to Active Directory and assigning group memberships to streamline access and permissions within your domain. We’ll explore:
- Using the Active Directory Users and Computers (ADUC) GUI: Great for visual learners and single user creation.
- PowerShell for Active Directory administration: Ideal for automation and bulk user account operations.
- Command-line tools (dsadd and net): Convenient for quick user creation or when a GUI isn’t available.
Methods
1. Using Active Directory Users and Computers (ADUC)
- Prerequisites: Account with permissions to create users and modify groups, access to a domain controller or a machine with RSAT (Remote Server Administration Tools).
- Steps:
- Open ADUC: Press Win + R, type
dsa.msc
, and press Enter. - Locate the OU: Navigate to the Organizational Unit (OU) where you want to create the user.
- Create New User: Right-click the OU, select New > User.
- User Details: Provide first name, last name, full name (auto-generated), user logon name (e.g., jdoe@example.com), and other relevant details. Click “Next”.
- Set Password: Enter a secure password and configure options such as “User must change password at next logon.” Click “Next.
- Confirm and Create: Review the summary and click “Finish.”
- Open ADUC: Press Win + R, type
2. Using PowerShell for Active Directory Administration
- Prerequisites: PowerShell with the Active Directory module (part of RSAT).
- Steps:
- Open PowerShell (Elevated): Run PowerShell as administrator.
- Create User with New-ADUser:
New-ADUser -Name "Jane Smith" -GivenName "Jane" -Surname "Smith" -SamAccountName "jsmith" -UserPrincipalName "jsmith@example.com" -Path "OU=Marketing,DC=example,DC=com" -AccountPassword (ConvertTo-SecureString "Str0ngPa$$word" -AsPlainText -Force) -Enabled $true -ChangePasswordAtLogon $true
Assign Group Memberships:
Add-ADGroupMember -Identity "Sales Team" -Members "jsmith"
Repeat for additional groups.
3. Using Command Line (dsadd and net commands)
- Prerequisites: Run from a domain controller or server with admin tools.
- Steps:
- Open Elevated Command Prompt: Right-click, “Run as administrator”.
- Create User with dsadd:
dsadd user "cn=John Miller,ou=IT,dc=example,dc=com" -fn John -ln Miller -samid jmiller -upn jmiller@example.com -pwd P@ssw0rd! -mustchpwd yes
Add to Groups with net:
net group "Helpdesk Staff" jmiller /add
Repeat for additional groups.
Choosing the Right Method
- ADUC: Easy to use, best for single user creation.
- PowerShell: Automate tasks, bulk operations, import users from CSV.
- Command Line: Fast for simple tasks, convenient when GUI isn’t accessible.