Active Directory Microsoft Powershell Windows Server

How to Create a New User Account in Active Directory and Assign Specific Group Memberships: Step-by-Step Guide

Muhammad FaizanMarch 15, 2024 - Last Updated: March 19, 2024

0 1,018 1 minute read

Table of Contents

Introduction:

Creating new user accounts and managing their group memberships are essential tasks for Active Directory (AD) administrators. In this guide, we’ll cover several methods for adding new users to Active Directory and assigning group memberships to streamline access and permissions within your domain. We’ll explore:

Using the Active Directory Users and Computers (ADUC) GUI: Great for visual learners and single user creation.
PowerShell for Active Directory administration: Ideal for automation and bulk user account operations.
Command-line tools (dsadd and net): Convenient for quick user creation or when a GUI isn’t available.

Methods

1. Using Active Directory Users and Computers (ADUC)

Prerequisites: Account with permissions to create users and modify groups, access to a domain controller or a machine with RSAT (Remote Server Administration Tools).
Steps:
1. Open ADUC: Press Win + R, type dsa.msc, and press Enter.
2. Locate the OU: Navigate to the Organizational Unit (OU) where you want to create the user.
3. Create New User: Right-click the OU, select New > User.
4. User Details: Provide first name, last name, full name (auto-generated), user logon name (e.g., jdoe@example.com), and other relevant details. Click “Next”.
5. Set Password: Enter a secure password and configure options such as “User must change password at next logon.” Click “Next.
6. Confirm and Create: Review the summary and click “Finish.”

2. Using PowerShell for Active Directory Administration

Prerequisites: PowerShell with the Active Directory module (part of RSAT).
Steps:
1. Open PowerShell (Elevated): Run PowerShell as administrator.
2. Create User with New-ADUser:

New-ADUser -Name "Jane Smith" -GivenName "Jane" -Surname "Smith" -SamAccountName "jsmith" -UserPrincipalName "jsmith@example.com" -Path "OU=Marketing,DC=example,DC=com" -AccountPassword (ConvertTo-SecureString "Str0ngPa$$word" -AsPlainText -Force) -Enabled $true -ChangePasswordAtLogon $true

Assign Group Memberships:

Add-ADGroupMember -Identity "Sales Team" -Members "jsmith"

Repeat for additional groups.

3. Using Command Line (dsadd and net commands)

Prerequisites: Run from a domain controller or server with admin tools.
Steps:
1. Open Elevated Command Prompt: Right-click, “Run as administrator”.
2. Create User with dsadd:

dsadd user "cn=John Miller,ou=IT,dc=example,dc=com" -fn John -ln Miller -samid jmiller -upn jmiller@example.com -pwd P@ssw0rd! -mustchpwd yes

Add to Groups with net:

net group "Helpdesk Staff" jmiller /add

Repeat for additional groups.

Choosing the Right Method

ADUC: Easy to use, best for single user creation.
PowerShell: Automate tasks, bulk operations, import users from CSV.
Command Line: Fast for simple tasks, convenient when GUI isn’t accessible.

Introduction:

Methods

1. Using Active Directory Users and Computers (ADUC)

2. Using PowerShell for Active Directory Administration

3. Using Command Line (dsadd and net commands)

Choosing the Right Method

Muhammad Faizan

Related Articles

Add PowerShell & Command Prompt to Context Menu In Windows 10

How to Restore a Microsoft Office 365 deleted Team using Powershell

Control Microsoft Teams External File Sharing with PowerShell: A Guide

Automate Image Conversion with PowerShell and ImageMagick: PNG, GIF, TIFF, WEBP to JPG

Leave a Reply Cancel reply