Bird
Raised Fist0
PowerShellscripting~5 mins

New-ADUser and Set-ADUser in PowerShell

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

These commands help you create and change user accounts in Active Directory easily.

When you want to add a new employee to your company's user system.
When you need to update a user's details like their phone number or department.
When automating user account setup for many people at once.
When fixing mistakes in user information without using a manual tool.
Syntax
PowerShell
New-ADUser -Name <string> -GivenName <string> -Surname <string> -SamAccountName <string> [-OtherParameters]

Set-ADUser -Identity <string> [-OtherParameters]

New-ADUser creates a new user account with required details like name and username.

Set-ADUser changes existing user details using the user's identity (like username).

Examples
This creates a new user named John Doe with a username 'jdoe' and sets a password.
PowerShell
New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" -SamAccountName "jdoe" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true
This updates the phone number of the user with username 'jdoe'.
PowerShell
Set-ADUser -Identity "jdoe" -OfficePhone "123-456-7890"
Sample Program

This script first creates a new user named Alice Smith with username 'asmith' and a password. Then it sets her job title to 'Sales Manager'. Finally, it shows her name, username, and title to confirm the changes.

PowerShell
Import-Module ActiveDirectory

# Create a new user
New-ADUser -Name "Alice Smith" -GivenName "Alice" -Surname "Smith" -SamAccountName "asmith" -AccountPassword (ConvertTo-SecureString "Welcome123" -AsPlainText -Force) -Enabled $true

# Update the user's title
Set-ADUser -Identity "asmith" -Title "Sales Manager"

# Get user info to confirm
Get-ADUser -Identity "asmith" -Properties Title | Select-Object Name, SamAccountName, Title | Format-List
OutputSuccess
Important Notes

You need to run these commands with permissions to manage Active Directory users.

Passwords must be converted to secure strings before use with New-ADUser.

Always check if the user exists before creating or updating to avoid errors.

Summary

New-ADUser is for creating new user accounts.

Set-ADUser is for changing details of existing users.

Both commands help automate user management in Active Directory.

Practice

(1/5)
1. What is the primary purpose of the New-ADUser cmdlet in PowerShell?
easy
A. To list all users in Active Directory
B. To delete an existing user account
C. To reset a user's password
D. To create a new user account in Active Directory

Solution

  1. Step 1: Understand the cmdlet purpose

    New-ADUser is designed to create new user accounts in Active Directory.

  2. Step 2: Compare with other options

    Deleting users, resetting passwords, or listing users are done by other cmdlets like Remove-ADUser, Set-ADAccountPassword, or Get-ADUser.

  3. Final Answer:

    To create a new user account in Active Directory -> Option D

  4. Quick Check:

    New-ADUser creates users = A [OK]
Hint: New-ADUser always creates, not modifies or deletes [OK]
Common Mistakes:
  • Confusing New-ADUser with Set-ADUser
  • Thinking it deletes users
  • Assuming it lists users
2. Which of the following is the correct syntax to create a new AD user with username 'jdoe' and display name 'John Doe' using New-ADUser?
easy
A. New-ADUser -SamAccountName 'jdoe' -DisplayName 'John Doe'
B. New-ADUser -Name 'jdoe' -DisplayName 'John Doe'
C. New-ADUser -UserName 'jdoe' -Display 'John Doe'
D. New-ADUser -User 'jdoe' -Name 'John Doe'

Solution

  1. Step 1: Identify correct parameters for New-ADUser

    The parameter for username is -SamAccountName, and for display name is -DisplayName.

  2. Step 2: Check each option

    New-ADUser -SamAccountName 'jdoe' -DisplayName 'John Doe' uses -SamAccountName 'jdoe' and -DisplayName 'John Doe', which is correct syntax.

  3. Final Answer:

    New-ADUser -SamAccountName 'jdoe' -DisplayName 'John Doe' -> Option A

  4. Quick Check:

    SamAccountName sets username = A [OK]
Hint: Use -SamAccountName for username in New-ADUser [OK]
Common Mistakes:
  • Using -UserName instead of -SamAccountName
  • Using -Name instead of -DisplayName
  • Mixing parameter names incorrectly
3. What will be the output of this PowerShell command sequence?
New-ADUser -SamAccountName 'asmith' -Name 'Alice Smith' -AccountPassword (ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force) -Enabled $true
Set-ADUser -Identity 'asmith' -Title 'Manager'

What is the Title property of user 'asmith' after running these commands?
medium
A. No Title property set
B. Manager
C. Alice Smith
D. P@ssw0rd

Solution

  1. Step 1: Create user with New-ADUser

    The user 'asmith' is created with name 'Alice Smith' and password set, enabled account.

  2. Step 2: Update user with Set-ADUser

    The Set-ADUser command sets the Title property to 'Manager' for user 'asmith'.

  3. Final Answer:

    Manager -> Option B

  4. Quick Check:

    Set-ADUser updates Title = C [OK]
Hint: Set-ADUser changes properties after user creation [OK]
Common Mistakes:
  • Assuming Title is set by New-ADUser without parameter
  • Confusing password with Title property
  • Thinking Title remains empty
4. You run this command to update a user's department:
Set-ADUser -Identity 'bwhite' -Department 'Sales'

But you get an error: "Cannot find an object with identity: 'bwhite'". What is the most likely cause?
medium
A. The Identity parameter requires an email address
B. The Department property cannot be set with Set-ADUser
C. User 'bwhite' does not exist in Active Directory
D. You must use New-ADUser to update users

Solution

  1. Step 1: Analyze the error message

    The error says it cannot find an object with identity 'bwhite', meaning the user does not exist or the name is incorrect.

  2. Step 2: Check other options

    Department can be set with Set-ADUser, New-ADUser is for creating users, and Identity accepts username or distinguished name, not necessarily email.

  3. Final Answer:

    User 'bwhite' does not exist in Active Directory -> Option C

  4. Quick Check:

    Identity error means user missing = D [OK]
Hint: Check user exists before Set-ADUser [OK]
Common Mistakes:
  • Assuming Department can't be set
  • Using New-ADUser to update existing users
  • Using wrong Identity format without verifying user
5. You want to create a new user 'mjohnson' with the display name 'Mary Johnson' and then immediately set her office location to 'HQ-5'. Which sequence of commands correctly achieves this?
hard
A. New-ADUser -SamAccountName 'mjohnson' -DisplayName 'Mary Johnson' Set-ADUser -Identity 'mjohnson' -Office 'HQ-5'
B. Set-ADUser -SamAccountName 'mjohnson' -DisplayName 'Mary Johnson' New-ADUser -Identity 'mjohnson' -Office 'HQ-5'
C. New-ADUser -UserName 'mjohnson' -Name 'Mary Johnson' -Office 'HQ-5' -Enabled $true
D. New-ADUser -SamAccountName 'mjohnson' -DisplayName 'Mary Johnson' -Office 'HQ-5' -Enabled $true

Solution

  1. Step 1: Create user with New-ADUser

    Use -SamAccountName and -DisplayName to create the user. Office location is not set here.

  2. Step 2: Update office location with Set-ADUser

    Use Set-ADUser -Identity 'mjohnson' -Office 'HQ-5' to set the office property after creation.

  3. Step 3: Evaluate other options

    Set-ADUser -SamAccountName 'mjohnson' -DisplayName 'Mary Johnson' New-ADUser -Identity 'mjohnson' -Office 'HQ-5' tries to update before creation, which fails. New-ADUser -UserName 'mjohnson' -Name 'Mary Johnson' -Office 'HQ-5' -Enabled $true uses wrong parameters. New-ADUser -SamAccountName 'mjohnson' -DisplayName 'Mary Johnson' -Office 'HQ-5' -Enabled $true fails because -Enabled $true requires -AccountPassword (e.g., (ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force)), which is missing.

  4. Final Answer:

    New-ADUser -SamAccountName 'mjohnson' -DisplayName 'Mary Johnson' Set-ADUser -Identity 'mjohnson' -Office 'HQ-5' -> Option A

  5. Quick Check:

    Create then update properties = B [OK]
Hint: Create user first, then update extra properties with Set-ADUser [OK]
Common Mistakes:
  • Trying to set unsupported properties in New-ADUser
  • Running Set-ADUser before user exists
  • Using wrong parameter names