To manage domain users, create user accounts in Active Directory Domain Services (AD DS). In contrast, to manage users that are specific to one computer, create local user accounts. For more information, see Create a local user account (http://go.microsoft.com/fwlink/?LinkId=138393).

Membership in Account Operators, Domain Admins, or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

Creating a new user account

To create a new user account using the Windows interface

  1. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  2. In the console tree, right-click the folder in which you want to add a user account.

    Where?

    • Active Directory Users and Computers\domain node\folder

  3. Point to New, and then click User.

    For interoperability with other directory services, you can click InetOrgPerson instead. For more information about InetOrgPerson, see Understanding User Accounts.

  4. In First name, type the user's first name.

  5. In Initials, type the user's initials.

  6. In Last name, type the user's last name.

  7. Modify Full name to add initials or reverse the order of first and last names.

  8. In User logon name, type the user logon name, click the user principal name (UPN) suffix in the drop-down list, and then click Next.

    If the user will use a different name to log on to computers running Microsoft® Windows® 95, Windows 98, or Windows NT® operating systems, you can change the user logon name as it appears in User logon name (pre-Windows 2000) to the different name.

  9. In Password and Confirm password, type the user's password, and then select the appropriate password options.

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • Another way to open Active Directory Users and Computers is to click Start, click Run, and then type dsa.msc.

  • A new user account with the same name as a previously deleted user account does not automatically assume the permissions and group memberships of the previously deleted account because the security identifier (SID) for each account is unique. If you want to duplicate a deleted user account, you must recreate all permissions and memberships manually.

  • When you create a new user account, the full name attribute is created in the FirstNameLastName format by default. The full name attribute also governs the display name format that is shown in the global address list. You can change the display name format by using ADSI Edit. If you change the display name format, the full name format will also change. For more information, see article 250455 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=131264).

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell™. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell. For more information, see Create a New User Account (http://go.microsoft.com/fwlink/?LinkId=138369). For more information about Windows PowerShell, see Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).

Additional references

To create a new user account using a command line

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type the following command, and then press ENTER:

    dsadd user <UserDN> [-samid<SAMName>] -pwd {<Password>|*}

Parameter Description

<UserDN>

Specifies the distinguished name of the user object to be added.

-samid

Sets <SAMName> value.

<SAMName>

Specifies the Security Accounts Manager (SAM) name as the unique SAM account name for this user (for example, Linda). If the SAM name is not specified, dsadd attempts to create the SAM account name using up to the first 20 characters from the common name (CN) value of UserDN.

-pwd

Sets <Password> value.

<Password>

Specifies the password to be used for the user account. If this parameter is set to *, you are prompted for a user password.

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

dsadd user /?

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • A new user account with the same name as a previously deleted user account does not automatically assume the permissions and group memberships of the previously deleted account because the security SID for each account is unique. If you want to duplicate a deleted user account, you must recreate all permissions and memberships manually.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell. For more information, see Create a New User Account (http://go.microsoft.com/fwlink/?LinkId=138369). For more information about Windows PowerShell, see Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).

Additional references

  • Understanding User Accounts
  • Reset a User Password