Contact
Active Directory Domain Services (AD DS)
Lesson 8

Creating new users, groups and OUs


By Sai Kurada
September 11, 2023
Creating new users, groups, and organizational units (OUs) in Active Directory involves using the Active Directory Users and Computers (ADUC) management console.

Creating a New User:

Open Active Directory Users and Computers.
  • Press Win + R, type dsa.msc, and press Enter.
  • Or, search for "Active Directory Users and Computers" in the Start menu.
Navigate to the Appropriate OU (Optional):
  • Expand the domain tree on the left-hand side and locate the OU where you want to create the new user.
Right-click on the OU or container where you want to add the user.
  • Select New > User.
The "New Object - User" wizard will open. Enter the user's details:
  • First Name, Last Name, User logon name (username), and a password.
Optionally, you can set other attributes such as:
  • User logon name (pre-Windows 2000): This is the legacy username used for authentication with older systems.
  • User must change password at next logon: Useful for forcing the user to change their password upon first login.
  • User cannot change password: Prevents the user from changing their password.
  • Password never expires: Keeps the password from expiring.
  • Account is disabled: Disables the account initially.
Click Next and then Finish to complete the user creation process.

Creating a New Group:

  1. Open Active Directory Users and Computers.
  2. Navigate to the Appropriate OU (Optional).
  3. Right-click on the OU or container where you want to add the group.
  • Select New > Group.
In the "New Object - Group" wizard, enter the group name and choose the group scope (Security or Distribution) and type (Domain local, Global, or Universal).
  • Note: For most security groups, choose "Security" as the group scope.
Click Next and then Finish to create the group.

Creating a New Organizational Unit (OU):

  1. Open Active Directory Users and Computers.
  2. Right-click on the domain or an existing OU where you want to create the new OU.
  • Select New > Organizational Unit.
Enter a name for the new OU and click OK.

Note:
  • Remember to follow your organization's naming conventions and security policies when creating new objects.
  • Delegated administrative rights may be required to create certain objects, especially in higher-level OUs or the root of the domain.
  • Be cautious when setting attributes like passwords and permissions to ensure security and compliance.
Previous
Understanding AD Objects
Next
Understanding Domain Controllers and RODC