Managing Users and Groups in AD
Managing Users and Groups in Active Directory
Active Directory Users and Computers (dsa.msc) is the primary tool for managing user accounts, groups, and organizational units.
Creating a User Account
- Open Active Directory Users and Computers (
dsa.msc). - Navigate to the target OU (e.g.,
Sales). - Right-click the OU → New → User.
- Enter the first name, last name, and user logon name (e.g.,
jsmith). - Set the initial password and configure password options:
- User must change password at next logon (recommended for new accounts)
- User cannot change password
- Password never expires (use sparingly — service accounts only)
- Click Finish.
Bulk User Creation with VBScript
Set objOU = GetObject("LDAP://OU=Sales,DC=corp,DC=flamenet,DC=io")
Set objUser = objOU.Create("user", "CN=Jane Doe")
objUser.Put "sAMAccountName", "jdoe"
objUser.Put "userPrincipalName", "jdoe@corp.flamenet.io"
objUser.Put "givenName", "Jane"
objUser.Put "sn", "Doe"
objUser.Put "displayName", "Jane Doe"
objUser.SetInfo
objUser.SetPassword "P@ssw0rd!"
objUser.AccountDisabled = False
objUser.SetInfo
Group Types
| Scope | Members | Can Be Used In |
|---|---|---|
| Domain Local | Any domain in forest | Same domain only |
| Global | Same domain only | Any domain in forest |
| Universal | Any domain in forest | Any domain in forest |
The AGDLP strategy is recommended: Accounts go into Global groups, Global groups into Domain Local groups, Domain Local groups receive Permissions.