The short answer is: you cannot do it with the standard "useradd" command . useradd creates a local account on the Linux box; it does not create a Windows‑domain account. To create a domain user you must use a Windows‑specific tool (e.g. dsadd , net user , PowerShell) or a cross‑platform LDAP/AD client that talks to the domain controller. Below is a practical, step‑by‑step guide that shows how to do it from a Linux machine by using the Windows DSAdd utility that is shipped with the Windows Server (or a Windows‑client) and accessed through SMB/CIFS. The same idea works with PowerShell or other AD tools – the key is that the command must run on a Windows host that has the AD tools installed. 1. Why useradd does not work Command What it does Where it works useradd <name> Creates a local account on the Linux system Linux / Unix dsadd user <distinguishedName> … Creates an account in Active Directory Windows (requires AD tools) net user <name> … /add Creates an account in Windows Windows New-ADUser … Creates an account in Active Directory PowerShell on Windows useradd has no knowledge of the domain controller, its LDAP schema, or the Kerberos realm, so it cannot create a domain account. 2. Prerequisites Item Why it is needed How to get it A Windows machine (server or workstation) that is a member of the domain and has the Active Directory Administrative Center or Remote Server Administration Tools (RSAT) installed. The AD tools ( dsadd , net , PowerShell) live only on Windows. Install RSAT on a Windows 10/11 client or use a Windows Server. SMB/CIFS client on Linux (e.g. smbclient , cifs-utils ). To call the Windows executable over the network. sudo apt install smbclient cifs-utils (Debian/Ubuntu). Domain credentials (username/password) that have permission to create users. Authentication to the domain controller. Use an account that is a member of the Domain Admins group or has delegated rights. Knowledge of the target OU (Organizational Unit) where the user will be created. Determines the distinguished name (DN). dsquery ou -limit 0 or look it up in ADUC. 3. Method 1 – Using dsadd via SMB 3.1 Prepare the Windows host Enable SMB/CIFS on the Windows machine (usually enabled by default). Create a shared folder (e.g. C:\DSAddShare ) and give the domain account Read permission. Copy the dsadd.exe binary to that share (it is located in C:\Windows\System32 ). Copy-Item 'C:\Windows\System32\dsadd.exe' -Destination '\\WIN10-PC\DSAddShare\dsadd.exe' 3.2 Call dsadd from Linux # Variables WIN_HOST="WIN10-PC" SHARE="DSAddShare" USER="newuser" PASS="P@ssw0rd!" OU="OU=Users,DC=example,DC=com" # Build the distinguished name DN="CN=${USER},${OU}" # Build the command string CMD="dsadd user \"${DN}\" -samid ${USER} -pwd ${PASS} -memberof \"CN=Domain Users,${OU}\"" # Execute via smbclient smbclient //${WIN_HOST}/${SHARE} -U "example\\Administrator%AdminPass" -c "call ${CMD}" Explanation smbclient connects to the Windows share as the domain admin. The call command runs the dsadd binary on the Windows host with the supplied arguments. dsadd creates the user in the specified OU with the given SAM account name and password. 3.3 Verify # On Windows dsquery user -samid newuser You should see the newly created user. 4. Method 2 – Using PowerShell Remoting (WinRM) If you prefer PowerShell, you can use WinRM to run a script remotely. 4.1 Enable WinRM on the Windows host Enable-PSRemoting -Force Set-Item WSMan:\localhost\Client\TrustedHosts -Value '*' 4.2 From Linux, use winrm (Python library) or ansible to run the script # Install winrm Python package pip install pywinrm # Python script (create_user.py) import winrm session = winrm.Session('http://WIN10-PC:5985/wsman', auth=('Administrator', 'AdminPass')) script = """ $User = 'newuser' $Password = ConvertTo-SecureString 'P@ssw0rd!' -AsPlainText -Force $Params = @{ Name = $User SamAccountName = $User AccountPassword = $Password Enabled = $true Path = 'OU=Users,DC=example,DC=com' } New-ADUser @Params """ r = session.run_ps(script) print(r.std_out.decode()) Run the script: python create_user.py The user will be created in AD. 5. Method 3 – Using LDAP directly from Linux If you prefer not to involve a Windows host, you can use an LDAP client such as ldapadd or ldapmodify . You need the domain controller's LDAP port (389 or 636) and a user with the right privileges. # Create an LDIF file (newuser.ldif) dn: CN=newuser,OU=Users,DC=example,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: newuser sn: User givenName: New displayName: New User userPrincipalName: newuser@example.com sAMAccountName: newuser userPassword:: <base64‑encoded password> ldapadd -x -D "CN=Administrator,CN=Users,DC=example,DC=com" -W -f newuser.ldif Note: LDAP on Windows uses a proprietary password format; you must encode the password as UTF‑16LE and base64‑encode it. The ldapadd approach is more complex and error‑prone, so the Windows‑based methods are