Previously I provided you with a guide about “How To Create Windows Server 2008 Domain & Things To Consider”. In this post I will explain the procedure involved in creating Domain users from Active Directory in Windows Server 2008. It is worth mentioning here that the same method more or less applies in many pre-Windows Servers 2008 operating systems, for creating Domain users, (e.g. Windows Server 2003).
To get started, access Active Directory Users And Computers from the Start menu (Start –> Administrative Tools –> Active Directory Users And Computers).
Now, expand the FQDN (Domain Name) by double clicking on it. Right click on Users and Select New –> User.
In the next step, enter the first and last name of the user, a user logon name and click Next. In case you have more than one Domain to choose from, you can select and alternative FQDN to connect the user to, from the drop down menu next to the User Logon Name text box.
After that, you will be prompted to enter a password. Make sure that the password meets the minimum complexity criteria i.e. it uses capital letters and digits in the password. In case you do not wish to use a complicated password, it can be disabled from Group Policy Management. To proceed further, enter a password and hit Next. You can check Password Never Expires and User Cannot Change Password or check only the checkbox that says: User Must Change Password At Next logon, so that the end user is forced to select a password when he/she logs into their account for the first time. Accounts can also be started as “Disabled Accounts”, this can be useful until a new employee joins the office (for whom the account may have been requested in advance (by a Human Resources Management official).
In the last step, you can review the user account details and click Finish to create the user account.
Alternatively, you can also create users within a set OU (organizational Unit) or User Group. This can be quite helpful in allowing the user to inherit the attributes of a Group or OU. For example, when creating a Domain Administrator’s account, simply right click on the Domain Administrators group and select, New –> User. This will automatically make the user a Domain Administrator after creation. When making OUs for managing users there can be several policies applied on multiple users and having to drag users from one place to another might not be convenient. Let’s say you are given the task of creating 10 users with the same set of Domain restrictions, in such a case creating all 10 users in the OU with the required set of restrictions, will allow them to inherit the OU settings automatically.
You can also restrict the login duration of users and computers, to ensure that certain users cannot login to a system beyond their designated time. To do this, see my post “How To Restrict Active Directory User Login Duration & Computers In Windows Server 2008 Domain”. For more tips, tricks and tutorials regarding Windows Server 2008, click here.
