25.05.2023

How to Manage User Accounts in Active Directory. Part 1: Creating and Deleting User Accounts.

Users are one of the most popular objects in AD. They are used for authentication and authorization on workstations. Also in many services which are integrated with AD. User management is the main routine for sysadmins and helpdesk specialists. This guide helps to manage such objects in multiple ways. For managing users there is a need to install RSAT tools or manage them from your DC. You have to be signed under domain admin or an Account Operators user or with delegation rights to create objects in the current OU.

Creating a User Account

There are many ways to create a user account in AD, lets consider several of them.

Creating User Account Using Active Directory Users and Computers(ADUC)

Run ADUC (dsa.msc).

Go to OU where new users should be located. In the taskbar, click the "New User" icon, or right-click on a white space in the main window and then click on "New -> User". Another way is rightclicking the needed Org Unit and select "New -> User".

"New Object — User" appears, specify parameters for your user:

Click Next and specify strong password and then retype it in the next field and check the needed parameters, usually for regular user you should check “User must change password at next logon”.

Click Next and Finish. Congratulations new user was successfully created!

Creating User Account Using Command Prompt

To make the same thing in cmd we need to use dsadd.exe utility. The following parameters will help to create a user in “Users” container in AD and set default password for it:

dsadd.exe user "CN=GSoul,CN=Users,DC=office,DC=local" -upn GSoul@office.local -fn "Gordon" -ln "Soul" -display "Gordon Soul" -pwd "P@&&W0rd"

Creating User Account Using Windows PowerShell

Run the following PowerShell code under Administrator privileges:

Import-Module ActiveDirectory
New-ADUser -Name FRobinson -Path "CN=Users,DC=office,DC=local" -GivenName "Frank" -Surname "Robinson" -sAMAccountName FRobinson

How to Delete a User Account

Lets delete a user from AD environment, follow these easy methods. Note that this action will not completely delete a user account with enabled AD Recycle Bin, it will change its token attributes and move it to deleted objects.

Deleting User Account in Active Directory Users and Computers(ADUC)

Lets delete one user, to achieve that open Active Directory Users and Computers (dsa.msc).

Go to the OU or container where the user that you need to delete resides. Click on the Action menu or rightclick the OU and select Find.

Type in the name or last name of the user you want to delete into the name field and click “Find Now”. The results will be displayed to you, select the object you need to delete, rightclick it and then click on Delete and confirm your decision.

Deleting User Account Using Command Prompt

The following cmd string will delete a user “GSoul” from office.local domain:

dsrm.exe user "CN=GSoul,CN=Users,DC=office,DC=local"

Deleting User Account Using PowerShell

Execute the following PowerShell code to delete a user GSoul from AD:

Import-Module ActiveDirectory
Remove-ADUser -Identity "CN=GSoul,CN=Users,DC=office,DC=local