Windows Server 2016 – Using PowerShell to create a new Active Directory user

Installing MySQL On CentOS 8

Creating new user accounts in Active Directory is pretty standard stuff, but doing it the traditional way requires a lot of mouse clicks. Since we know that PowerShell can be used to accomplish anything within Windows Server 2016, but not many people actually employ it regularly, let’s use this common task as a recipe to be accomplished with PowerShell rather than the GUI.

Getting ready

We will use PowerShell on our Windows Server 2016 DC in order to create this new user account.

How to do it…

Follow along to create a new user account in Active Directory by using the PowerShell command prompt:

  1. Launch a PowerShell command prompt as an Administrator.
  2. Enter the following command in order to create a new user account with very simple parameters:
     New-ADUser -Name "John Smith" -UserPrincipalName
      "jsmith@mydomain.local" -SamAccountName "jsmith"
  1. If you open up the GUI for Active Directory Users and Computers, you will see that John Smith has now been created as a User account. There aren’t many properties that exist within this account, as it is pretty simple, but it will work in order to get a new user up and running:
  1. Now let’s create another new user, this time adding some additional parameters to our code in order to populate more of the typical user information. You may have also noticed that our new John Smith user account is currently disabled—this happens automatically when you create a new user account but do not populate a password. So, we will add in some more information, up to the first name and surname. We will also specify a couple of additional parameters in order to make sure the account is enabled and to require that the user changes their password during their initial login:
      New-ADUser - Name "Jase Robertson" -UserPrincipalName
      "jrobertson@mydomain.local" - SamAccountName "jrobertson"  -
      GivenName "Jase" -Surname "Robertson" -DisplayName  "Jase
      Robertson" -AccountPassword (Read-Host -AsSecureString
      "AccountPassword") -ChangePasswordAtLogon $true -Enabled $true
  1. Open up Active Directory Users and Computers again and take a look at our new Jase Robertson user account. You can see that the account is enabled and ready for use, and it has much more information populated inside the account:
  1. Move over to the Account tab and you will also see the box is now checked for User must change password at next logon, just like we specified in our PowerShell command:

How it works…

By using PowerShell, we are able to create new Active Directory user accounts right from a command interface, rather than logging into a server and launching the graphical interface in order to accomplish this common task. Can your New-ADUser commands become extremely lengthy in order to populate all of the attributes you want to include? Yes. However, can saving and running a PowerShell script that utilizes New-ADUser cmdlet save you time in the long run? Absolutely! It might take a few minutes of thought and testing in order to get your script to the point where it populates the information that you would like, but once you have created and saved that script, it can be modified and run quickly in the future in order to create new accounts. There is even a way to utilize the New-ADUser cmdlet to copy properties from an existing user account while it sets up the new one, which may also help to save you some time and energy on new user account creations.

See also

Make sure to check out the following TechNet link. This page lists all of the possible parameters and syntax that you might want to run alongside your New-ADUser cmdlet script. There are a ton of options:


Comments are closed.