Using a graphical user interface

  1. Open the Active Directory Users and Computers (ADUC) snap-in.

  2. If you need to change domains, right-click on "Active Directory Users and Computers" in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, browse to and select the container where the new user should be located and select Newrightwards double arrowUser.

  4. Enter the values for the first name, last name, full name, and user logon name fields as appropriate and click Next.

  5. Enter and confirm password, set any of the password flags, and click Next.

  6. Click Finish.

Using a command-line interface

You can create a user with the built-in DSAdd utility, by using AdMod or Net User commands. Using DSAdd requires the following syntax:

> dsadd user "" -upn  -fn ""
-ln "" -display "" -pwd

To create a user account with AdMod, use the following syntax:

> admod -b "" -add objectClass::user
sAMAccountName:: unicodepwd:: userAccountControl::512
-kerbenc

To create a user account with Net User, use the following syntax:

> Net user username /add /domain
Using VBScript

' Taken from ADS_USER_FLAG_ENUM
Const ADS_UF_NORMAL_ACCOUNT = 512set objParent = GetObject("LDAP://")
set objUser = objParent.Create("user", "cn=") ' e.g. joes
objUser.Put "sAMAccountName", ""   ' e.g. joes
objUser.Put "userPrincipalName", "" ' e.g. joes@adatum.com
objUser.Put "givenName", ""   ' e.g. Joe
objUser.Put "sn", ""           ' e.g. Smith
objUser.Put "displayName", "<UserFirstName> <UserLastName>" ' e.g. Joe Smith
objUser.SetInfo
objUser.SetPassword("")
objUser.Put "userAccountControl", ADFS_UF_NORMAL_ACCOUNT
objUser.SetInfo

Using PowerShell

To create a new Active Directory user with the Quest AD cmdlets, use the following syntax:

new-QADUser -name '<User CN>' -parentContainer '<Parent DN>' -UserPassword
'<Password>' -FirstName '<User First Name>' -LastName '<User Last Name>'
-UserPrincipalName '<User UPN>'

To create a new Active Directory user with System.DirectoryServices, use the following:

Set-Variable -name ADS_UF_NORMAL_ACCOUNT -value 512 -option Constant
$objParent = [ADSI] "LDAP://<ParentDN>"
$objUser = $objParent.Create("user", "cn=<User CN>")
$objUser.put("samaccountname", "<UserName>")
$objUser.Put("userPrincipalName", "")
$objUser.Put("givenName", "")
$objUser.Put("sn", "")
$objUser.Put("displayName", "<UserFirstName> <UserLastName>")
$objUser.SetInfo()
$objUser.SetPassword("")
$objUser.SetInfo()
$objUser.Put("userAccountControl", $ADS_UF_NORMAL_ACCOUNT)
$objUser.SetInfo()

A tip on creation user account

1- For making a list of user in AD that is very time consuming we can first make a template user for any groups like Accounting, Sales, Marketing, and … with a _ before their full name to pull them up in the list and make them more in access for using later besides we should not forget to disable these accounts. We can fulfill all information that they are general between these groups of users in the template like their department, their profile location ( \\fileserver\profiles\%username%) and etc, then whenever we need to make a user account what we need is just right-click on the proper user template and select copy and fulfill the new user information and uncheck the disable box then use this way over and over for other users.

2- keep in mind if you have other LDAP OSs such as UNIX based on Kerberos system in your network make sure you use InetOrgPerson account instead of User account which is compatible with all Operationg Systems that use LDAP