How to create users

"A user account in Active Directory is a digital identity that allows a person to access network resources like files, printers, and applications. It includes a username, password, and personal settings. Each account can be assigned permissions and group memberships to control what the user can do. User accounts are essential for security, as they help track who is accessing what and when. They also enable centralized login and management across all computers in the domain."

Creating these objects is really simple. Go to Server Manager > Tools > Active Directory Users and Computers (ADUC). In the "View" tab, enable "Advanced Features" so we can look at all objects.

On the "Users" container, right clikc it and select "New User".

Then we can configure its name and last name. I use the following scheme for AD accounts:

• Name: John

• Last name: Smith

• User logon name: j.smith@boxcreator.htb

After that we fill in the password field and uncheck the first box, in order to check the one that says "Password never expires".

We have successfully created our first user account!

If we want to automate this using PowerShell, I made a script that creates 20 random users and assigns to them random passwords.

Import-Module ActiveDirectory

# config
$CN = "CN=Users,DC=boxcreator,DC=htb"  # put your actual domain here
$Domain = "boxcreator.htb"             # also here
$PasswordLength = 12
$UserCount = 20

# sample last names to choose from
$LastNames = @(
    "wilson","martin","smith","johnson","clark","allen","moore","lewis","walker","young",
    "hall","king","wright","hill","green","baker","adams","scott","morris","cooper"
)

# function to generate a random complex password
function New-RandomPassword {
    param([int]$Length = 12)
    Add-Type -AssemblyName 'System.Web'
    [System.Web.Security.Membership]::GeneratePassword($Length, 4)
}

# function to generate a random lowercase letter (John Smith -> j.smith, it generates the j)
function Get-RandomLetter {
    return [char](Get-Random -Minimum 97 -Maximum 123)
}

# keep track of used usernames to avoid duplicates
$UsedUsernames = @{}

# output array for saving credentials
$CredentialsOutput = @()

# Create users
for ($i = 1; $i -le $UserCount; $i++) {
    do {
        $Initial = Get-RandomLetter
        $LastName = Get-Random -InputObject $LastNames
        $SamAccountName = "$Initial.$LastName"
    } while ($UsedUsernames.ContainsKey($SamAccountName))

    $UsedUsernames[$SamAccountName] = $true

    $Password = New-RandomPassword -Length $PasswordLength
    $SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force

    New-ADUser -Name "$Initial $LastName" `
               -SamAccountName $SamAccountName `
               -UserPrincipalName "$SamAccountName@$Domain" `
               -Path $CN `
               -AccountPassword $SecurePassword `
               -Enabled $true `
               -PasswordNeverExpires $true `
               -ChangePasswordAtLogon $false `
               -GivenName $Initial `
               -Surname $LastName

    $CredentialsOutput += "$SamAccountName : $Password"
}

# output credentials
$CredentialsOutput | Out-File .\CreatedUsers.txt
Write-Host "Created $UserCount users. Credentials saved to CreatedUsers.txt."

We can see their credentials in the text file it has created.

Written by ruycr4ft