Creating New User Accounts in Active Directory with ADUC and PowerShell Ranjan.info

12 months ago
by Ranjan Chatterjee

In this article, we will see how to create new users in Active Directory domains. You can create new user accounts in your domain using the graphical MMC snap-in (Active Directory Users and Computers) dsa.msc and AD Administrative Center dsac.msc) or with a powershell script.

How to create a new Active Directory user with ADUC?

The easiest way to create a new domain user in Active Directory is to use the graphical ADUC MMC console.

  1. open Active Directory Users and Computers by running console dsa.msc command;
  2. Select the Active Directory container (organizational unit) in which you want to create a new user account. Right-click on it and select new , the user, Create new user with educ console
    To create new users in the domain, your account must be a member of the Domain Administrators or Account Operators groups. Or you can manually assign user creation permissions to other domain users and groups.
  3. Specify the user’s first name, last name, and full name, set userPrincipalName (user login name) and sAMAccountName. Click Next;Create New Ad User Object Wizard
  4. Then set the user password. Set Active Directory User Account Password PropertiesOn this form, you can also set the following options for the UserAccountControl attribute:
    User must change his password before next login,
    user can not change Password – Only the administrator / account operator can change / reset the user password;
    password never expires – User password will never expire (if this option is not enabled, user password expiration is determined by the Active Directory domain password policy);
    account is disabled – The user account in the domain is disabled and cannot be used to log in.
  5. Find the user in the ADUC console and open its properties. Here you can set additional user attributes: phone number, address, description, position, company (etc.), add them to AD groups, and set other attributes on the Attribute Editor tab.Ad User Properties

You can copy and create new AD users with the same settings. This method of creating new users is suitable for creating another user from the same department with the same set of permissions, address and details.

copy active directory user

Click and select User copy, When copying an AD user, group membership, address (except street), User Account Control attribute settings, organization settings, and many other attributes will be copied to the new user account.

New-ADUser: Creating an Active Directory User with PowerShell

Above, we showed you how to manually create a user in an Active Directory domain using the ADUC graphical snap-in. If you are constantly adding new users to your domain, it is more convenient to automate this process using PowerShell.

you can use new-ADUser cmdlet from Active Directory for Windows PowerShell Module to create user accounts in AD.

You can get the full syntax of the New-ADUser cmdlet using the command:

Get-Command New-ADUser –Syntax

New-ADUser PowerShell cmdlet

In the simplest case, to create a new user account in AD, it is enough just to specify its name:
New-ADUser testuser1

Create new ad user object using powershell

As you can see, a new user account is created in the default users Container. This user is disabled by default. To use this account, you must enable it (Enable-ADAccount cmdlet), set its password (Set-ADAccountPassword cmdlet), configure other attributes (if necessary).

To create a new account with a password in a domain (OU) specific Active Directory container and enable it immediately, use the following command:

New-ADUser -Name "Albert Schmidt" -GivenName "Albert" -Surname "Schmidt" -SamAccountName "a.schmidt" -UserPrincipalName "[email protected]" -Path "OU=Users,OU=Accounts,OU=Berlin,OU=DE,DC=woshub,DC=com" -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true

How to Create New Active Directory Users with New-ADUser PowerShell

The command prompts you to specify a password for the new user (the password is transmitted securely).

Comment, The user’s password must comply with the domain password security policy by length, complexity, etc., otherwise, the cmdlet will return an error: New-ADUser: Password does not meet the domain length, complexity, or history requirement, You can use a ready-made powershell script to generate a complex password for each user.

You can get information about the created domain user using the Get-ADUser cmdlet:

Get-ADUser a.schmidt

Create Bulk Active Directory Users from CSV with PowerShell

You can use a PowerShell script to create multiple users in an Active Directory domain. Consider a simple script to create user accounts from a list of CSV file.

Fill in the required user attributes in the CSV (Excel) file format. For example, my excel file with users has 8 columns and has the following header format:

FirstName;LastName;SamAccountName;Phone;Department;JobTitle;Password;OU

Save the excel file as csv format with comma as delimiter. Encoding must be set to UTF-8 (this is important!)

Create New Active Directory Users with Excel and PowerShell

Now you can import this CSV file (create_ad_users.csv) and create new users in the AD domain. See the following example of a PowerShell script that can be used to create a user in Active Directory.

Bulk Create AD Users Using a CSV File and New-ADUser

Comment,

  • Specify the name of the OU in which you want to create a new user account in the unique name format ("OU=Users,OU=Munich,OU=DE,DC=woshub,DC=com" ) values ​​must be enclosed in double-quotes (since the string contains commas);
  • If “;” Used as a delimiter character for a CSV file, add -delimiter ";" as an argument to your import-csv command;
  • The script checks whether the user exists in the domain. If such an account already exists in the domain, a warning appears and prompts you to enter a unique sAMAccountName.


Import-Module activedirectory
$domain=“@woshub.com”
Import-Csv "C:\ps\create_ad_users.csv" | ForEach-Object {
$userSAM=$_.SamAccountName
if (@(Get-ADUser -Filter "SamAccountName -eq '$($_.SamAccountName)'").Count -ne 0) {
Add-Type -AssemblyName Microsoft.VisualBasic
$userSAM = [Microsoft.VisualBasic.Interaction]::InputBox("User $_.SamAccountName exists", 'Specify a new user SamAccountName', $_.SamAccountName)
}
$upn = $userSAM + $domain
$uname = $_.LastName + " " + $_.FirstName
New-ADUser -Name $uname `
-DisplayName $uname `
-GivenName $_.FirstName `
-Surname $_.LastName `
-OfficePhone $_.Phone `
-Department $_.Department `
-Title $_.JobTitle `
-UserPrincipalName $upn `
-SamAccountName $userSAM `
-Path $_.OU `
-AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -Enabled $true
}

Create New Active-Directory User with Powershell Script from Bulk CSV File

After running the script, open the ADUC console, expand the specified Active Directory OU, and make sure that the new user accounts have appeared in AD. You can track new user account creation events as follows: Get a list of Active Director usage accounts created in the last X hours/days.

New User in Active Directory

You can quickly add new user accounts to specific AD groups using the Add-AdGroupMember cmdlet. To do this, you’ll need to modify the script a bit by adding this line to the for-each loop:

Add-AdGroupMember -Identity AllowInternetAccess-Members $userSAM

Or you can set the user’s photo to be displayed in Outlook and Lync by using the Set-ADUser cmdlet in AD:

Set-ADUser $userSAM -Replace @{thumbnailPhoto=([byte[]](Get-Content "C:\ps\l.wolf.jpg" -Encoding byte))}

You may also like

Leave a Comment