Create a new user account

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create a new user account

  • Using the Windows interface

  • Using a command line

Using the Windows interface

  1. Open Active Directory Users and Computers.

  2. In the console tree, right-click the folder in which you want to add a user account.

    Where?

    • Active Directory Users and Computers/domain node/folder
  3. Point to New, and then click User.

  4. In First name, type the user's first name.

  5. In Initials, type the user's initials.

  6. In Last name, type the user's last name.

  7. Modify Full name to add initials or reverse order of first and last names.

  8. In User logon name, type the user logon name, click the UPN suffix in the drop-down list, and then click Next.

    If the user will use a different name to log on to computers running Windows 95, Windows 98, or Windows NT, then you can change the user logon name as it appears in User logon name (pre-Windows 2000) to the different name.

  9. In Password and Confirm password, type the user's password, and then select the appropriate password options.

Notes

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  • To add a user, you can also click

    Create a new user in the current container on the toolbar.

  • To add a user, you can also copy any previously created user account. For more information, see Related Topics.

  • A new user account with the same name as a previously deleted user account does not automatically assume the permissions and group memberships of the previously deleted account because the security ID (SID) for each account is unique. To duplicate a deleted user account, all permissions and memberships must be manually recreated.

  • For interoperability with other directory services, you can create an InetOrgPerson user object. To create a new inetOrgPerson, in step three, click InetOrgPerson instead of User. For more information about InetOrgPerson, see User and computer accounts in Related Topics.

  • When creating a new user, the full name attribute is created in the FirstNameLastName format by default. The full name attribute also governs the display name format that is shown in the global address list. You can change the display name format by using ADSI Edit. If you do so, this will also change the full name format. For more information, see article Q250455, "How to Change Display Names of Active Directory Users" in the Microsoft Knowledge Base.

  • Windows NT 4.0 and earlier domains allow the use of a period (.) at the end of a user logon name as long as the user logon name does not consist solely of period characters. Windows Server 2003 domains do not allow the use of a period or multiple periods at the end of a user logon name.

Using a command line

  1. Open Command Prompt.

  2. Type:

    dsadd userUserDN [-samidSAMName] -pwd {Password|*}

Value Description

UserDN

Specifies the distinguished name of the user object to be added.

SAMName

Specifies the Security Accounts Manager (SAM) name as the unique SAM account name for this user (for example, Linda). If not specified, dsadd will attempt to create the SAM account name using up to the first 20 characters from the common name (CN) value of UserDN.

Pwd

Specifies the password to be used for the user account. If set to *, you are prompted for a user password.

Notes

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To add a user, you can also copy any previously created user account. For more information, see Related Topics.

  • A new user account with the same name as a previously deleted user account does not automatically assume the permissions and group memberships of the previously deleted account because the security ID (SID) for each account is unique. To duplicate a deleted user account, all permissions and memberships must be manually recreated.

  • To view the complete syntax for this command, and for information on entering more user account information, at a command prompt, type:

    dsadd user /?

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Dsadd
Find a user account
User and computer accounts
Copy a user account
Object names
Install Windows Support Tools
Using online resources