Active DirectoryMicrosoftPowershellWindows Server

How to Create a New User Account in Active Directory and Assign Specific Group Memberships: Step-by-Step Guide

Introduction:

Creating new user accounts and managing their group memberships are essential tasks for Active Directory (AD) administrators. In this guide, we’ll cover several methods for adding new users to Active Directory and assigning group memberships to streamline access and permissions within your domain. We’ll explore:

Methods

1. Using Active Directory Users and Computers (ADUC)

  • Prerequisites: Account with permissions to create users and modify groups, access to a domain controller or a machine with RSAT (Remote Server Administration Tools).
  • Steps:
    1. Open ADUC: Press Win + R, type dsa.msc, and press Enter.
    2. Locate the OU: Navigate to the Organizational Unit (OU) where you want to create the user.
    3. Create New User: Right-click the OU, select New > User.
    4. User Details: Provide first name, last name, full name (auto-generated), user logon name (e.g., jdoe@example.com), and other relevant details. Click “Next”.
    5. Set Password: Enter a secure password and configure options such as “User must change password at next logon.” Click “Next.
    6. Confirm and Create: Review the summary and click “Finish.”
Recommended For You:  Automating Virtual Machine Resource Scaling in Hyper-V with PowerShell

2. Using PowerShell for Active Directory Administration

  • Prerequisites: PowerShell with the Active Directory module (part of RSAT).
  • Steps:
    1. Open PowerShell (Elevated): Run PowerShell as administrator.
    2. Create User with New-ADUser:
New-ADUser -Name "Jane Smith" -GivenName "Jane" -Surname "Smith" -SamAccountName "jsmith" -UserPrincipalName "jsmith@example.com" -Path "OU=Marketing,DC=example,DC=com" -AccountPassword (ConvertTo-SecureString "Str0ngPa$$word" -AsPlainText -Force) -Enabled $true -ChangePasswordAtLogon $true

Assign Group Memberships:

Add-ADGroupMember -Identity "Sales Team" -Members "jsmith"

Repeat for additional groups.

3. Using Command Line (dsadd and net commands)

  • Prerequisites: Run from a domain controller or server with admin tools.
  • Steps:
    1. Open Elevated Command Prompt: Right-click, “Run as administrator”.
    2. Create User with dsadd:
dsadd user "cn=John Miller,ou=IT,dc=example,dc=com" -fn John -ln Miller -samid jmiller -upn jmiller@example.com -pwd P@ssw0rd! -mustchpwd yes

Add to Groups with net:

net group "Helpdesk Staff" jmiller /add

Repeat for additional groups.

Choosing the Right Method

Muhammad Faizan

Hi, My name is Muhammad Faizan and i have spent last 15 years working as System Administrator mainly with Microsoft Technologies. I am MCSE, MCTP, MCITP, certified professional. I love scripting and Powershell is the scripting language i am in love with.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also
Close
Back to top button