Skip to main content

Creating a Domain User (Active Directory)

This page covers the process of locating a domain controller and using Active Directory Users & Computers to create a new user.  We'll also show how to add a user to a group, set other profile values, and explain RSAT. You can add users via PowerShell but that's not covered in this guide. For now, you can refer to Microsoft's PowerShell docs for creating a user via PowerShell New-ADUser (ActiveDirectory) | Microsoft Docs.

Getting Started

Locating a Domain Controller/Active Directory

Most domain controllers have Active Directory on them, Active Directory is the tool/service that keeps the records for all your networks domain users. There are several ways to locate a domain controller.

Finding a Domain Controller

  1. Use an RMM - Your RRM (Kaseya, Datto RMM, Connectwise, Solarwinds etc...) will generally tell you somewhere which servers are domain controllers.
  2. Running a command on a server or workstation joined to the same domain.
    1. set L - Command Prompt
    2. echo %logonserver% - Command Prompt
    3. $env:logonserver - PowerShell
    4. systeminfo - Command Prompt or PowerShell

Using RSAT (Remote Server Administration Tools)

As long as the device you're on can access the active directory domain you want to create the user on, you can install RSAT and use that to manage your domain/users. RSAT allows you to install server tools like Active Directory Users & Computers onto another Windows device.  However, the tools only work if you're on the same network you're trying to manage. 

Remote Server Administration Tools (RSAT) for Windows Client and Windows Server (dsforum2wiki) - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)

Open Active Directory Users & Computers

image-1642891100812.png

Locate Primary OU (Organizational Unit)

In this step you'll want to find the OU (Organizational Unit) where your users are kept. Best practice (usually) is to have an OU named after the company. You may have to do a little digging to find where all the users are kept. In this example the only OU that really stands out is LAB and Users.  Users is a default Container (not OU) that is automatically created when setting up AD.  LAB is an OU and where all my users are. 

image-1642891358890.png

Inside LAB, there are several OUs that further organize the organization. Here you might see OUs for department, team, building, etc... This varies between domains and is generally organized however the IT administrator setting up the domain/AD decided to structure it. OU structure is important because Windows allows you to apply certain permissions or policies onto an OU. For example, maybe everyone in the IT Admins OU has more freedom to change Windows settings than users in the Accounting OU. Without having separate OUs it would be harder to target the right users/computers when making the policies.

OU's might contain more than just users, they could contain groups, computers, and more!

image-1642891600226.png

Creating the User

Right click on the OU where you want the user to be created, go to New and pick User.

image-1642891876877.png

Fill out the appropriate information. Be sure to take note that the User logon name is the actual username the user will use to login with. 

Be sure to follow the same naming convention used for other accounts in AD. Not required, but important to keep things clean and organized. This example is first initial + last name. 

image-1642892047584.png

Set a password for the user, if this is a service account (an account used for integrating devices or software into your domain) you may want to consider setting the password to never expires.

For security best practices, it's recommended to have the first checkbox selected, forcing the user to change their password when logging in. This ensures only the end user knows their password.

image-1642892216982.png

Review information and click finish.

image-1642892246690.png

image-1642892312289.png

That's it! You've created a user!


Setting User Properties

Double clicking the user in AD will open a window where you can see and change many properties for the user. 

General 

Here you can change their name, set an office, telephone number, email, etc...

image-1642892422519.png

Address

Here you can set their address information.

image-1642892448331.png

Account

Here you can change their username, set Logon Hours, limit what computers they can logon to, set an account expiration date, and set certain password options. Here you can also unlock their account if they've tried to login too many times with the incorrect password.

Changing their username can generally cause issues if they've already been using the account.

image-1642892475901.png

Profile

Here you can set a profile path, logon script or home folder.

image-1642892658693.png

Telephones

Here you can set the users phone numbers.

image-1642895417203.png

Organization

Here you can set their Job Title, Department, Company, Manager, etc...

image-1642895488939.png

Member Of

Here you can add the user to groups.

image-1642895563836.png

These are the most common properties that are edited, there are other, but they won't be covered at this time.


Adding a User to a Group

In the Properties of the user, go to Member Of.

image-1642895633713.png

Click Add

image-1642895681731.png

Click Advanced, enter the name of the group, hit Find Now, and select the group from the results, then press OK.

Instead of clicking advanced, you could add the group in the "Enter object names to select" box and then hit Check Names. I found hitting advanced and being sure you have the right group is the best/easiest way.

image-1642895797287.png

Press OK again.

image-1642895811890.png

Lastly, Press OK/Apply once the Group is shown in the Member Of list.

image-1642895879616.png


Copying an Existing User

If you have a user that already has all the groups you want another user to have, then right click that user and hit copy. It will let you create a user with the same groups.

image-1642896029814.png


Moving a User

If you need to move a user, you can just right click the user and hit move or drag and drop it into the correct OU/location.

image-1642896098941.png