0
0
PowershellHow-ToBeginner · 3 min read

How to Create an AD User with PowerShell Quickly

Use the New-ADUser cmdlet in PowerShell to create a new Active Directory user. You specify user details like -Name, -SamAccountName, and -AccountPassword to create the user account.
📐

Syntax

The New-ADUser cmdlet creates a new user in Active Directory. Key parameters include:

  • -Name: The full name of the user.
  • -SamAccountName: The user's logon name.
  • -AccountPassword: The user's password as a secure string.
  • -Enabled: Whether the account is active (true or false).
  • -Path: The organizational unit (OU) where the user will be created.
powershell
New-ADUser -Name <string> -SamAccountName <string> -AccountPassword <securestring> -Enabled <bool> [-Path <string>]
💻

Example

This example creates a new AD user named "John Doe" with a username "jdoe" in the "Users" container. It sets a password and enables the account.

powershell
$password = ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force
New-ADUser -Name "John Doe" -SamAccountName "jdoe" -AccountPassword $password -Enabled $true -Path "CN=Users,DC=example,DC=com"
⚠️

Common Pitfalls

Common mistakes when creating AD users include:

  • Not converting the password to a secure string, which causes errors.
  • Forgetting to enable the account, leaving it disabled by default.
  • Using an incorrect -Path, which places the user in the wrong OU or causes failure.
  • Missing required parameters like -SamAccountName or -Name.
powershell
## Wrong way (password as plain text, account disabled by default)
New-ADUser -Name "Jane Smith" -SamAccountName "jsmith" -AccountPassword "P@ssw0rd123"

## Right way
$password = ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force
New-ADUser -Name "Jane Smith" -SamAccountName "jsmith" -AccountPassword $password -Enabled $true
📊

Quick Reference

ParameterDescription
-NameFull name of the user
-SamAccountNameUser logon name
-AccountPasswordUser password as secure string
-EnabledEnable or disable the account (true/false)
-PathActive Directory container or OU for the user

Key Takeaways

Always convert passwords to secure strings using ConvertTo-SecureString before using -AccountPassword.
Use -Enabled $true to activate the user account immediately after creation.
Specify the correct -Path to place the user in the desired Active Directory container.
Provide both -Name and -SamAccountName parameters as they are required.
Test your script in a safe environment before running in production.

Related by keyword

PowerShell 5 vs PowerShell 7: Key Differences and When to Use EachGetting StartedHow to Manage User Accounts with PowerShell CommandsSystem AdministrationPowerShell Script to Create User Account EasilyPowerShell System ProgramsPowerShell Script to Disable User Account EasilyPowerShell System ProgramsPowerShell Script to Add User to Group EasilyPowerShell Active Directory Programs

Up next

How to Use Invoke-Command in PowerShell: Syntax and ExamplesHow to Use Remote PowerShell: Syntax and ExamplesHow to Fix Access Denied Error in PowerShell QuicklyHow to Fix 'Command Not Found' Error in PowerShell

More in Active Directory

How to Add User to AD Group with PowerShellHow to Disable an Active Directory Account Using PowerShellHow to Get AD Computer Information Using PowerShellHow to Get Active Directory Group with PowerShell