diff --git a/app/services/application_service.rb b/app/services/application_service.rb
new file mode 100644
index 0000000..6185f03
--- /dev/null
+++ b/app/services/application_service.rb
@@ -0,0 +1,5 @@
+class ApplicationService
+  def self.call(*args, &block)
+    new(*args, &block).call
+  end
+end
diff --git a/app/services/create_account.rb b/app/services/create_account.rb
new file mode 100644
index 0000000..6f9c3d3
--- /dev/null
+++ b/app/services/create_account.rb
@@ -0,0 +1,43 @@
+class CreateAccount < ApplicationService
+  def initialize(args)
+    @username = args[:username]
+    @email = args[:email]
+    @password = args[:password]
+    @invited_by_id = args[:invited_by_id]
+  end
+
+  def call
+    add_ldap_document
+  end
+
+  private
+
+  def add_ldap_document
+    dn = "cn=#{@username},ou=kosmos.org,cn=users,dc=kosmos,dc=org"
+    attr = {
+      objectclass: ["top", "account", "person", "extensibleObject"],
+      cn: @username,
+      sn: @username,
+      uid: @username,
+      mail: @email,
+      userPassword: Devise.ldap_auth_password_builder.call(@password)
+    }
+
+    ldap_client.add(dn: dn, attributes: attr)
+  end
+
+  def ldap_client
+    ldap_client ||= Net::LDAP.new host: ldap_config['host'],
+      port: ldap_config['port'],
+      encryption: ldap_config['ssl'],
+      auth: {
+        method: :simple,
+        username: ldap_config['admin_user'],
+        password: ldap_config['admin_password']
+      }
+  end
+
+  def ldap_config
+    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
+  end
+end
diff --git a/spec/services/create_account_spec.rb b/spec/services/create_account_spec.rb
new file mode 100644
index 0000000..dad16fb
--- /dev/null
+++ b/spec/services/create_account_spec.rb
@@ -0,0 +1,33 @@
+require 'rails_helper'
+
+RSpec.describe CreateAccount, type: :model do
+  let(:ldap_client_mock) { instance_double(Net::LDAP) }
+
+  before do
+    allow(service).to receive(:ldap_client).and_return(ldap_client_mock)
+  end
+
+  describe "#add_ldap_document" do
+    let(:service) { CreateAccount.new(
+      username: 'halfinney',
+      email: 'halfinney@example.com',
+      password: 'remember-remember-the-5th-of-november'
+    )}
+
+    it "creates a new document with the correct attributes" do
+      expect(ldap_client_mock).to receive(:add).with(
+        dn: "cn=halfinney,ou=kosmos.org,cn=users,dc=kosmos,dc=org",
+        attributes: {
+          objectclass: ["top", "account", "person", "extensibleObject"],
+          cn: "halfinney",
+          sn: "halfinney",
+          uid: "halfinney",
+          mail: "halfinney@example.com",
+          userPassword: /^{SSHA512}.{171}=/
+        }
+      )
+
+      service.send(:add_ldap_document)
+    end
+  end
+end