How to Add a User in Active Directory (Windows Server)
Active Directory Domain Services (AD DS) is the centralised identity management system for Windows Server-based networks. Every user who logs into a domain-joined PC, accesses shared files or uses domain-integrated applications must have an Active Directory user account. This guide covers creating a new user account in Active Directory Users and Computers (ADUC).
You need Administrator or Account Operator permissions on the domain. ADUC must be available either on the Domain Controller directly or via RSAT on a domain-joined workstation.
Step 1: Open Active Directory Users and Computers
Launch ADUC
On the Domain Controller, open the Start menu and search for Active Directory Users and Computers. Click to open.
Alternatively, open Server Manager > Tools > Active Directory Users and Computers.
The ADUC console shows a tree view on the left with your domain name at the top, and several default containers including Builtin, Computers, Domain Controllers, ForeignSecurityPrincipals and Users.
Step 2: Navigate to the Correct OU
Select the Correct Organisational Unit
Expand your domain in the left pane. If your organisation uses a structured OU hierarchy, navigate to the OU where the new user should be created. For example:
- yourdomain.local > Staff > KL Office
- yourdomain.local > Users > Sales
- yourdomain.local > Finance
If no custom OUs exist, you can create the user in the default Users container, though it is better practice to use dedicated OUs for Group Policy management.
Step 3: Create the New User Account
Run the New User Wizard
Right-click the target OU or container. Select New > User.
The New Object – User wizard opens. Fill in:
- First name: e.g. Kartik
- Last name: e.g. Periasamy
- Full name: Auto-populated as First + Last. Adjust format if needed.
- User logon name (UPN): e.g. kartik.periasamy (the part before the @). The domain suffix is selected from a dropdown – choose your domain (e.g. @cybergate.my)
- User logon name (pre-Windows 2000): For older applications. Format: DOMAIN\username (e.g. CYBERGATE\kartikp). Keep it short if needed.
Click Next.
Step 4: Set Password and Account Options
Configure Password
Enter the initial password in both the Password and Confirm password fields. The password must meet the domain password policy requirements (minimum length, complexity).
Set these options:
- ☑ User must change password at next logon – recommended. Forces the new user to set their own password immediately.
- ☐ User cannot change password – leave unchecked for normal users
- ☐ Password never expires – leave unchecked unless this is a service account
- ☐ Account is disabled – leave unchecked (or check if creating the account in advance)
Click Next. Review the summary and click Finish. The account is created.
Step 5: Add User to Security Groups
Assign Group Membership
Right-click the newly created user and select Add to a group. In the dialog, type the group name (e.g. Finance, Domain Users, VPN Users) and click Check Names to verify. Click OK.
Repeat for each group. Group membership controls:
- Access to file shares (\\server\Finance requires Finance security group membership)
- Printer access
- Application access
- VPN and remote access permissions
- Microsoft 365 / Azure AD group sync (if using Azure AD Connect)
Step 6: Configure User Properties
Set Profile Details
Double-click the new user account to open Properties. Configure:
- General tab: Display name, description, email address, phone number
- Organisation tab: Job title, department, company, manager
- Address tab: Office location address
- Account tab: Verify UPN, set logon hours if needed, set workstation restrictions if needed
- Profile tab: Set profile path and home folder if using roaming profiles or home drive mapping
Click Apply > OK. The user can now log into any domain-joined PC with their username and initial password.
Need IT Help in Malaysia?
Cybergate provides managed IT support for businesses across Malaysia. Our team is available Monday to Saturday, 9am to 6pm.