To manage users in a domain, create user accounts in Active Directory Domain Services (AD DS). In contrast, to manage users that are specific to one computer, create local user accounts. For more information about creating local user accounts, see Create a local user account (

Membership in Account Operators, Domain Admins, or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at

To create a new user account using Active Directory Administrative Center
  1. To open Active Directory Administrative Center, click Start, click Administrative Tools, and then click Active Directory Administrative Center.


    Another way to open Active Directory Administrative Center is to click Start, click Run, and then type dsac.exe.

  2. In the navigation pane, right-click the node in which you want to add a user account, click New, and then click User.


    For interoperability with other directory services, you can click InetOrgPerson instead. For more information about the InetOrgPerson class, see Understanding User Accounts.

  3. In Create User, in the Account section:

    • In First name, type the user's first name.

    • In Middle initials, type the user's initials.

    • In Last name, type the user's last name.

    • Modify Full name to add initials or reverse the order of the first and last names.

    • In User UPN logon, type the user’s logon name, and then click the user principal name (UPN) suffix in the drop-down list.

      If the user will use a different name to log on to computers running Microsoft® Windows® 95, Windows 98, or Windows NT® operating systems, you can change the user’s logon name as it appears in User SamAccountName logon to the different name.

    • In Password and Confirm password, type the user's password, and then select the appropriate password options.

    • To protect the user account from accidental deletion, select the Protect from accidental deletion check box.

    • Click Log on hours, and then set the permitted or denied logon hours for the user.

    • Click Log on to, and then set the permitted logon workstations for the user.

    • In Account expires, select Never or enter the account expiration date.

    • Expand Password options, Encryption options, and Other options, and then make the appropriate selections.

  4. In Create User, modify the appropriate fields in the Organization, Member Of, and Profile sections, and then click OK.

Additional considerations

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell. For more information, see Create a New User (

    For more information about Windows PowerShell, see Windows PowerShell (

Additional references