0
0
PowershellHow-ToBeginner · 3 min read

How to Use New-ADUser in PowerShell: Create Active Directory Users

Use the New-ADUser cmdlet in PowerShell to create a new Active Directory user by specifying properties like -Name, -SamAccountName, and -AccountPassword. You must run PowerShell with appropriate permissions and import the Active Directory module before using this cmdlet.
📐

Syntax

The basic syntax of New-ADUser includes specifying the user's name, account name, and password. You can add other properties like -GivenName, -Surname, and -Enabled to customize the user account.

Here is the general form:

powershell
New-ADUser -Name <string> -SamAccountName <string> -AccountPassword <SecureString> -Enabled <bool> [-GivenName <string>] [-Surname <string>] [-Path <string>] [-OtherAttributes <hashtable>] ...
💻

Example

This example creates a new Active Directory user named "John Doe" with a username "jdoe" and sets a password. The account is enabled immediately.

powershell
$Password = ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force
New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" -SamAccountName "jdoe" -AccountPassword $Password -Enabled $true -Path "OU=Users,DC=example,DC=com"
⚠️

Common Pitfalls

  • Not running PowerShell as an administrator or without the Active Directory module loaded will cause errors.
  • Forgetting to convert the password to a SecureString will cause the cmdlet to fail.
  • Not specifying -Enabled $true will create the user but keep the account disabled by default.
  • Incorrect -Path can place the user in the wrong OU or cause errors.

Example of a common mistake and the fix:

powershell
# Wrong: Plain text password (will fail)
New-ADUser -Name "Jane Doe" -SamAccountName "jdoe2" -AccountPassword "P@ssw0rd123" -Enabled $true

# Right: Convert password to SecureString
$Pwd = ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force
New-ADUser -Name "Jane Doe" -SamAccountName "jdoe2" -AccountPassword $Pwd -Enabled $true
📊

Quick Reference

ParameterDescription
-NameFull name of the new user
-SamAccountNameUser logon name (username)
-AccountPasswordUser password as a SecureString
-EnabledBoolean to enable or disable the account
-GivenNameUser's first name
-SurnameUser's last name
-PathActive Directory container (OU) where user is created

Key Takeaways

Always convert passwords to SecureString before using -AccountPassword.
Run PowerShell with Active Directory module and proper permissions.
Specify -Enabled $true to activate the user account immediately.
Use -Path to place the user in the correct Active Directory OU.
Check for typos in usernames and paths to avoid errors.

Related by keyword

PowerShell 5 vs PowerShell 7: Key Differences and When to Use EachGetting StartedHow to Create Directory in PowerShell: Simple GuideFile OperationsPowerShell Script to Create Bulk Users from CSV FilePowerShell Active Directory ProgramsPowerShell Script to Export AD Users to CSV FilePowerShell Active Directory ProgramsPowerShell Script to Get All AD Users EasilyPowerShell Active Directory Programs

Up next

How to Use Invoke-Command in PowerShell: Syntax and ExamplesHow to Use Remote PowerShell: Syntax and ExamplesHow to Fix Access Denied Error in PowerShell QuicklyHow to Fix 'Command Not Found' Error in PowerShell

More in Active Directory

How to Add User to AD Group with PowerShellHow to Create an AD User with PowerShell QuicklyHow to Disable an Active Directory Account Using PowerShellHow to Get AD Computer Information Using PowerShell