Creating an AD User on Windows Server Core

Windows Server Core has been around for a while but I have not used it as much as I should. I love headless Linux because it doesn’t have the unnecessary GUI overhead and Windows Server Core is supposed to be the headless Windows Server.

I have installed Windows Server 2019 in server core mode and I have promoted it to a domain controller. There are many articles out there regarding promoting Windows Server to a domain controller if you look it up.

What I want to do in this article is to summarize the steps to create a AD user and have it belong to the correct AD group.

Listing AD Groups

I want to make sure that I know in which AD group to create a new AD user. Let’s see how we can list them.

Let’s login to server core and type powershell to start PowerShell console.

Get-ADGroup -Filter * | Select name | more

You will see a result that shows all the AD groups on the domain controller.

Get-ADGroup result

Let’s take a look at Domain Admins group by entering the following command.

Get-AdGroup -Filter {name -eq "Domain Admins"}

Then you will get details of the group.

Adding a New AD User

I am intending to create a user that belongs to Domain Admins group. Here is the script for it.

$pass = "YourPassword" | ConvertTo-SecureString -AsPlainText -Force
$givenName = "FirstName"
$surName = "LastName"
$fullName = "$givenName $surName"

$username = "Your SamAccountName e.g. hiriumi"

New-ADUser -Name $fullName -GivenName $givenName -Surname $surName -SamAccountName "$username" -UserPrincipalName "$username@[Your Domain e.g.]" -AccountPassword $pass -Enabled $true

Add-ADGroupMember -Identity "Domain Admins" -Members "$username"

The script above basically creates a user with a password and then adds the user to Domain Admins group. This will allow the user to do pretty much all the administrative work such as getting computers belong to the domain, managing accounts and so forth.

Let’s finally check if the user I just created actually is a part of Domain Admins group by executing the following command.

Get-ADGroupMember -Identity "Domain Admins"

It’s definitely created my user within the group I wanted to belong to.


Creating users in appropriate AD group is the first thing to do before you can start to manage domain controller. It’s important to be able to manage them with PowerShell.

I will write about how Linux machines can belong to Windows domain later in my blog.

Leave a Reply

Your email address will not be published.