News
Happy System Administrator Appreciation Day - to the true heroes of IT!
Serverspace Black Friday
OL
July 1 2021
Updated July 24 2025

Managing User Accounts in Active Directory: Part 1 - Creating and Deleting Users

AD Windows

Users are one of the most popular objects in AD. They are used for authentication and authorization on workstations. Also in many services which are integrated with AD. User management is the main routine for sysadmins and helpdesk specialists. This guide helps to manage such objects in multiple ways. For managing users there is a need to install RSAT tools or manage them from your DC. You have to be signed under domain admin or an Account Operators user or with delegation rights to create objects in the current OU.

Creating a User Account

There are many ways to create a user account in AD, lets consider several of them.

Creating User Account Using Active Directory Users and Computers(ADUC)

Run ADUC (dsa.msc).

Go to OU where new users should be located. In the taskbar, click the "New User" icon, or right-click on a white space in the main window and then click on "New -> User". Another way is rightclicking the needed Org Unit and select "New -> User".

Creating User Account Using Active Directory Users and Computers(ADUC)

"New Object — User" appears, specify parameters for your user:

  • Full name, by either typing the full name into Full Name field or typing it in the First and Last name fields.
  • User logon name, this field creates the userPrincipalName and the sAMAccountName attributes.

New Object — User | Serverspace

Click Next and specify strong password and then retype it in the next field and check the needed parameters, usually for regular user you should check “User must change password at next logon”.

User must change password at next logon | Serverspace

Click Next and Finish. Congratulations new user was successfully created!

Creating User Account Using Command Prompt

To make the same thing in cmd we need to use dsadd.exe utility. The following parameters will help to create a user in “Users” container in AD and set default password for it:

dsadd.exe user "CN=GSoul,CN=Users,DC=office,DC=local" -upn GSoul@office.local -fn "Gordon" -ln "Soul" -display "Gordon Soul" -pwd "P@&&W0rd"

Creating User Account Using Windows PowerShell

Run the following PowerShell code under Administrator privileges:

Import-Module ActiveDirectory
New-ADUser -Name FRobinson -Path "CN=Users,DC=office,DC=local" -GivenName "Frank" -Surname "Robinson" -sAMAccountName FRobinson

How to Delete a User Account

Lets delete a user from AD environment, follow these easy methods. Note that this action will not completely delete a user account with enabled AD Recycle Bin, it will change its token attributes and move it to deleted objects.

Deleting User Account in Active Directory Users and Computers(ADUC)

Lets delete one user, to achieve that open Active Directory Users and Computers (dsa.msc).

Go to the OU or container where the user that you need to delete resides. Click on the Action menu or rightclick the OU and select Find.

Deleting User Account in Active Directory Users and Computers (ADUC)

Type in the name or last name of the user you want to delete into the name field and click “Find Now”. The results will be displayed to you, select the object you need to delete, rightclick it and then click on Delete and confirm your decision.

Delete and confirm your decision User Account | Serverspace

Deleting User Account Using Command Prompt

The following cmd string will delete a user “GSoul” from office.local domain:

dsrm.exe user "CN=GSoul,CN=Users,DC=office,DC=local"

Deleting User Account Using PowerShell

Execute the following PowerShell code to delete a user GSoul from AD:

Import-Module ActiveDirectory
Remove-ADUser -Identity "CN=GSoul,CN=Users,DC=office,DC=local

Conclusion

User account management is a fundamental task for system administrators and helpdesk professionals working with Active Directory. This guide has covered multiple methods to create and delete user accounts using graphical tools like Active Directory Users and Computers (ADUC), as well as command-line utilities such as dsadd and PowerShell cmdlets. Proper permissions and appropriate tools, like RSAT, are essential to efficiently manage user objects in your domain. Mastering these techniques helps maintain a secure and well-organized directory environment.

FAQ

  • Q: What permissions do I need to create or delete user accounts in AD?
    A: You must be signed in as a Domain Admin, Account Operators user, or have delegated permissions for the specific Organizational Unit (OU) where the user object resides.
  • Q: What tools can I use to manage user accounts in Active Directory?
    A: User accounts can be managed via the Active Directory Users and Computers (ADUC) console, command-line tools like dsadd and dsrm, or PowerShell cmdlets such as New-ADUser and Remove-ADUser.
  • Q: Does deleting a user in AD permanently remove their account?
    A: If the AD Recycle Bin feature is enabled, deleting a user moves the account to the Deleted Objects container instead of permanently removing it immediately, allowing for recovery if needed.
  • Q: Can I create and delete user accounts remotely?
    A: Yes, by installing Remote Server Administration Tools (RSAT) on your workstation, you can manage AD user accounts remotely.
  • Q: How do I ensure password security when creating user accounts?
    A: Use strong, complex passwords and enable options like “User must change password at next logon” to enforce password updates.
Vote:
5 out of 5
Аverage rating : 5
Rated by: 2
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.