A. The simple answer is to use the net user /add (/domain) , however it is possible to automate not only the addition of the user, but also his/her addition to groups and the creation of a template user account directory structure. Many organizations have a basic structure with word, excel directories and some template files. This can be automated with a basic script. For example

  1. addnew.bat
  2. net user %1 password /add /homedir:\\\users\%1 /scriptpath:login.bat /domain
  3. net localgroup "" %1 /add
  4. repeat for local groups
  5. net group "" %1 /add /domain
  6. repeat for global groups
  7. xcopy \\\users\template \\\users\%1 /e
  8. nltest /sync /server:BDCname
  9. repeat for all BDCs you might be authenticating to
  10. sleep 20
  11. cacls \\\users\%1 /e /r Everyone
  12. remove the everyone permission to the directory
  13. cacls \\\users\%1 /g %1:F /e
  14. cacls \\\users\%1 /g Administrators:F /e

The nltest commands are needed as otherwise it fails to do the cacls command, since the user account does not exist on the BDC to which you are authenticating as only the PDC has been updated.