How to add a new user to an Active Directory domain using PowerShell
The limitations of native Active Directory (AD) tools force administrators and technicians to perform day-to-day user management tasks using PowerShell. They struggle with complex PowerShell scripts to add a user to a domain, add a list of users to a specific AD domain, add multiple users to a distribution group, or perform other routine user modification operations such as adding users' email information, hiding AD users from global address lists, and so on.
In PowerShell, based on the operation to be performed, a variety of cmdlets such as New-ADUser, ADD-ADGroupMember, etc. have to be used, either alone or in combination, making PowerShell a very complex option.
This page compares a user management operation, adding a user to a domain, using PowerShell and ADManager Plus, a completely GUI-based Active Directory, Office 365 and Exchange management and reporting solution.
Steps to add an AD user account using PowerShell.
- Ensure you have the necessary permissions to perform this action, and also to execute PowerShell scripts in the relevant domain.
- Get the value for necessary attributes like the sAMAccountName, distinguished name (DN), password, etc. of the account to be added.
- Create the script using the New-ADUser cmdlet, and execute it in the PowerShell window.
A sample PowerShell script to add an AD user account to a specific OU in a domain
Click to copy entire script
New-ADUser -Name “Jack Sparrow” -SamAccountName “jacks” -GivenName “Jack” -Surname “Sparrow”-Path “OU=MaverickPirate,DC=BlackPearl,DC=com” -AccountPassword(“password” -AsSecureString) -Enabled $true
This script will add the user Jack Sparrow to the domain BlackPearl in the OU MaverickPirate.
To add a new AD user account
- Click the Create Single User option located in User Management, in Management tab.
- Select the desired Domain and template, enter all the necessary attributes, and click Create.
» Start 30-day Free Trial
Limitations of using PowerShell to add new user accounts in AD.
- You will not be able to add AD user accounts in specific domains using PowerShell if you do not have sufficient permissions in AD. With ADManager Plus, as technicians do not have to log in directly to the DC, their privileges in native AD doesn't have to be elevated or modified.
- Using PowerShell to add user accounts with all the necessary attributes is difficult as the LDAP names of all the attributes must be entered in the script correctly; any typo will lead to errors. ADManager Plus, on the other hand, offers user creation templates which makes it possible to configure all attributes at once. These templates also offer rules, which allow the configuration of specific attributes automatically.
- With PowerShell, automating new user creation requires a complex and long script. However, ADManager Plus allows you to automate user creation with simple point and click actions.
- If you wish to add multiple users to a domain or use a CSV file to add multiple users to distribution groups using PowerShell, the script has to be modified. With ADManager Plus though, as the import CSV option is built-in, you can perform the necessary user management actions effortlessly, using the same features, be it single or bulk user addition.
- You must know how to run the scripts from the PowerShell window. ADManager Plus is purely GUI-based, making it possible to perform all management and reporting actions with just mouse clicks from its web-based console.
- Even a misplaced hyphen, or lack of sufficient permission to configure any of the attributes used in the script will lead to errors. As all actions in ADManager Plus are GUI-driven, there is no need to write scripts, eliminating the chances of errors.