When you are creating several users with similar account options and group membership creating those users would be a repetitive and time consuming  task. However, in Active Directory you may be able to reduce some of the repetition by creating a USER TEMPLATE.

User template simply an inactive user account (disabled account) that can be copied to create users with common attributes. Copying from the User Template Account will run the same wizard for creating a new user account so you can fill in the missing fields such as username and password, as well as you can make some changes on those in common attributes fields.

Notice that the attributes you cannot copy from this template are the name, logon name, password, contacts details (emails, phone & mobile numbers) , description, office, web page, and some other fields. The reason behind it is those attributes must be unique for each user.

Creating a User Template in AD:

  1. Log on to the server with an Administrator account.. or an account with enough privileges to perform the task. (As a security best practice, it is NOT recommended to log on the server with administrative credentials because it will increase security risks).
  2. Navigate to Active Directory users and computer. (start ==> programs ==> Administrative tools ==> Active directory users and computers, Or Start ==> Run the type in dsa.msc)
  3. Expand the desired organizational unit or sub OU that you want to create a user template in it.
  4. In the  OU create a new user account (right click the desired OU navigate to New ==> user)
  5. Fill in the blanks (eg. full name ITuser template and a password of P@ssword the logon name ITtemplate).
  6. Make sure you tick  “Account is disabled” option, then Click finish.
  7. Right click the new created user account ITuser template , click properties.
  8. In the General tap Do not fill in any field because nothing will be copied from this tap.. fill in some others taps for testing purposes (Notice  all these fields you are filling in must be a common attributes shared between all users in the same OU or department)
  9. Click OK and you are done.


you may specify the department name, group membership, profile path, organization details and company name since these attributes are shard among all users..

you may specify the Network Access Permission via Dial-In tap if the users would be connected to the company remotely (via VPN connection for example)

Creating a new user using “the user template account”:

  1. Right click the newly create user account ITuser template then click copy.
  2. Fill in the fields for the new user. (Make sure to tick off the opting “Account is disabled”)
  3. click OK.

Notice that not all the attributes have been copied. (For example nothing have been coped from the General tap). Anyhow, you can use Active directory Schema snap-in to change weather an attribute is copied when the user is copied. i will diffidently write a post about this point later on.


Related posts:

  1. Active Directory integration with Samba for RHEL/CentOS5.5