Creating a User Object

Creating a User Object

To create a new user in Active Directory, perform the following steps. Be certain to follow the

naming conventions and processes specified by your organization.

1. Open the Active Directory Users And Computers snap-in.

2. In the console tree, expand the node that represents your domain (for instance, contoso.

com) and navigate to the OU or container (for example, Users) in which you want to

create the user account.

3. Right-click the OU or container, choose New, and then select User.

The New Object – User dialog box appears, as shown in Figure 2-5.

4. In First Name, type the user’s first name.

5. In Initials, type the user’s middle initial(s).

Note that this property is, in fact, meant for the initials of a user’s middle name, not the

initials of the user’s first and last name.

6. In Last Name, type the user’s last name.

7. The Full Name field is populated automatically. Make modifications to it if necessary.

The Full Name field is used to create several attributes of a user object, most notably the common

name (CN), and to display name properties. The CN of a user is the name displayed in

the details pane of the snap-in. It must be unique within the container or OU. Therefore, if

you are creating a user object for a person with the same name as an existing user in the

same OU or container, you will need to enter a unique name in the Full Name field.

8. In User Logon Name, type the name that the user will log on with and, from the dropdown

list, select the user principle name (UPN) suffix that will be appended to the user

logon name following the @ symbol.

User names in Active Directory can contain some special characters (including periods,

hyphens, and apostrophes), which enable you to generate accurate user names such as

O’Hara and Smith-Bates. However, certain applications can have other restrictions, so it is

recommended to use only standard letters and numerals until you have fully tested the

applications in your enterprise for compatibility with special characters in logon names.

The list of available UPN suffixes can be managed using the Active Directory Domains

And Trusts snap-in. Right-click the root of the snap-in, Active Directory Domains And

Trusts, choose Properties, and then use the UPN Suffixes tab to add or remove suffixes.

The DNS name of your Active Directory domain will always be available as a suffix and

cannot be removed.

9. In the User logon name (Pre-Windows 2000) box of the Active Directory Users And

Computers snap-in, enter the pre-Windows 2000 logon name, often called the downlevel

logon name.

In Chapter 3, “Users,” you will learn about the two different logon names.

10. Click Next.

11. Enter an initial password for the user in the Password and Confirm Password boxes.

12. Select User Must Change Password At Next Logon.

It is recommended that you always select this option so that the user can create a new

password unknown to the IT staff. Appropriate support staff members can always reset

the user’s password at a future date if they need to log on as the user or access the user’s

resources. However, only users should know their passwords on a day-to-day basis.

13. Click Next.

14. Review the summary and click Finish.

The New Object – User interface enables you to configure a limited number of accountrelated

properties such as name and password settings. However, a user object in Active

Directory supports dozens of additional properties. These can be configured after the

object has been created.

15. Right-click the user object you created and choose Properties.

16. Configure user properties.

Be certain to follow the naming conventions and other standards of your organization.

You will learn more about many of the user properties in Chapter 3 and Chapter 8,

“Authentication.”

17. Click OK.

Reference: Configuring Windows Server 2008 Active Directory

Dan Holme, Danielle Ruest, Nelson Ruest, Tony Northrup