Now that the server has restarted and you’ve logged in as VBO\Administrator (or your domain name), you don’t just have Windows in front of you anymore — you have a Domain Controller.
Two methods: “classic” (with mouse) and “professional” (with script).
Method 1: GUI (Active Directory Users and Computers)
This is the classic console (“snap-in”) that admins have been using since 2000.
- In Server Manager, click the Tools menu in the top right.
- Find and open Active Directory Users and Computers (ADUC).
- Expand your domain (click the arrow to the left of
corp.vitaliy.local).
Good practice rule #1: Never create real people in the default “Users” folder. That’s for system purposes. We’ll create our own structure — OU (Organizational Unit).
- Right-click on your domain name (
corp...). - Select New → Organizational Unit.
- Name it:
Eberstalzell-Office(or justIT-Dept).- Why this is needed: In the future you’ll be able to apply Group Policies (GPO) only to this department (e.g., automatically install Chrome for all of them).
- Click OK.
Now let’s create an employee:
- Right-click on the new folder
IT-Dept→ New → User. - First name:
Hans - Last name:
Muster(German equivalent of John Doe). - User logon name:
h.muster(this is the login they’ll enter when signing in). - Click Next.
- Set a password.
- Important: Uncheck “User must change password at next logon” (so you don’t struggle with tests now).
- Check “Password never expires” (convenient for test environments).
- Click Next → Finish. Congratulations, Hans is hired!
Method 2: PowerShell (The Programmer’s Way) 🚀
As a programmer, you understand: if you need to create 100 users, the mouse will give out. Let’s create the second user with code.
- Click Start, start typing
PowerShell. - Right-click on Windows PowerShell → Run as Administrator.
- Enter (or paste) the following code. Note how similar this is to creating an object in OOP:
# 1. Create password (ask)
$Password = Read-Host -AsSecureString "Enter password for new user"
# 2. Create new user
New-ADUser `
-Name "Anna Tech" `
-GivenName "Anna" `
-Surname "Tech" `
-SamAccountName "a.tech" `
-UserPrincipalName "a.tech@vbo.local" `
-Path "OU=IT-Dept,DC=vbo,DC=local" `
-AccountPassword $Password `
-Enabled $true
# DC=vbo,DC=local — your domain
# vbo.local, so it will be: DC=vbo,DC=localMethod 3: PowerShell Bulk CSV Import 🚀
Step 1: Prepare a data file (CSV)
Create a file users.csv in Notepad and save it, e.g., to C:\Temp\users.csv. Format (headers required):
FirstName,LastName,LogonName,Department
Ivan,Petrov,i.petrov,Sales
Elena,Sidorova,e.sidorova,HR
Hans,Muller,h.muller,IT-Dept
Oleg,Popov,o.popov,Sales
Maria,Ivanova,m.ivanova,MarketingStep 2: Mass creation script
Run this script in PowerShell ISE or just in the console (as administrator).
# 1. Create temp password for all
$DefaultPassword = ConvertTo-SecureString "Start2025!" -AsPlainText -Force
# 2. Read CSV and read line (Loop)
Import-Csv "C:\users.csv" | ForEach-Object {
# Create full info
$FullName = "$($_.FirstName) $($_.LastName)"
$UPN = "$($_.LogonName)@vbo.local" # <- change to own domain!
# 3. Create user
New-ADUser `
-Name $FullName `
-GivenName $_.FirstName `
-Surname $_.LastName `
-SamAccountName $_.LogonName `
-UserPrincipalName $UPN `
-Path "OU=IT-Dept,DC=vbo,DC=local" ` # <- Change path to your OU
-AccountPassword $DefaultPassword `
-Enabled $true `
-ChangePasswordAtLogon $true ` # <- Change Password At Logon
-Department $_.Department
Write-Host "User $FullName was created." -ForegroundColor Green
}Explanation of important parameters:
-ChangePasswordAtLogon $true: This is the key parameter. When Hans Müller first sits down at a computer and entersStart2025!, Windows will immediately say: “The user’s password must be changed before the first sign-in”.-AccountPassword $DefaultPassword: We pass a pre-encrypted password object, not plain text.