Practice Domain Users and Groups using Active Directory Back to Page 1

Creating a Domain User.

In this case, we are creating a user called “helpdesk tech” In our class scenario, this account will be used by the Help Desk tech.

Logon to Practice-Labs.

Open the Server PLABDC01 (Domain Controller)
(“Server Manager” displays).

In Server Manager, click Tools/Active Directory Users and Computers.
(“Active Directory Users and Computers” displays)

Click the New User icon.
(“New Object – User” dialog box displays).

Fill in required fields.

Click Next.
(Password screen displays).

Enter a password in Password and Confirm password fields.

NOTE: “User must change password at next login “can be left as checked. . In real life, user might be given an initial password of something generic like “White123”, but the user will be forced to change it upon first login.

Click Next.
(Final screen displays).

Review information and click Finish.
(“Helpdesk tech” user is created. This user’s logon name is “HDTech”).

Adding a User to a Group (from the User account)

Adding the user to their appropriate group(s) will give the user the rights they need to perform their job function.

With Active Directory open, expand the domain.
(subfolders display).

Click Users.
(“Users” display)

Right-click the user account (e.g., “Help Desk tech”).
(menu displays).

Click Properties.
(“Properties” dialog box displays)

Click Member of tab
(“Member of” tab displays).

This user is already a member of the “Domain Users” group. As such, he/she can log into any machine on the domain.

Now, since this user is a help desk tech, let’s add him/her to “Domain Admins” group. This will give the tech added rights to perform their job.

Click Add.
(“Select Groups” dialog box displays)

In the “Enter the object names to select” field, enter Domain Admins.

Click Check Names.
(The group name is validated).

Click OK.
(The “Domain Admins” group has been added to the user’s profile)

Note: You can also add a user to a group by selecting the group first. See steps below:

Adding a User to a Group (from the Group account)

Right-click the group (e.g., “Domain Admins”).
(menu displays).

Click Properties.
(“Domain Admins Properties” dialog box displays)

Click Members tab
(“Members” tab displays).

Click Add.
(“Select Users, Contacts, Computers, Service Accounts, or Groups” dialog box displays).

In the “Enter the object names to select” field, enter the user’s name (e.g., “Help Desk”) to be added to the group.

Click Check Names.
(User name is validated).

Click OK.
(The user name displays in the group’s “Members” tab.)

User displays in the group

Click OK

Creating a Group

On the PLABDC01 Domain Controller, launch Server Manager.
(Server Manager displays).

Click Tools/ Active Directory Users and Computers.
(“Active Directory Users and Computers” screen displays)

Highlight the container that you want to create the group in (e.g., “Users).

Click the “Create a new group in the Current container” icon.
(“New Object – Group” dialog box displays).

Enter the Group name (e.g., “IT Admins”) and select a Group scope (e.g., “Global”)
and a Group type (e.g., “Security”).

Click OK.
(Group is created).

Resetting a Password

A common request that the Help desk Tech will have to deal with is users needing to have their passwords reset.  The following steps go over this.

Access the Domain Controller.
(“Server Manager” displays).

Click Tools/ Active Directory User and Computers.

Click Reset Password.
(“Reset Password” dialog box displays)

Enter the new password.

Keep “User must change password at next logon” checked.

If user’s account is locked, check “Unlock the user’s account”.

NOTE: The user’s account can be unlocked here only if the password is also being reset.

Click OK.
(Password is reset

If the account has been locked out due to invalid password attempts, well you can reset the password from here and also unlock the account as well

Unlocking the User’s Account

If the user does not need to have their password reset, but does need to have their account unlocked, the following steps apply.

In Active Directory, right-click the user’s account.
(menu displays).

Click Properties.
(“[User account] Properties” dialog box displays)

Click Account tab.
(“Account” tab displays).

Check Unlock account.

Click OK.
(User’s account is unlocked).

Q&A – Changing User’s Job Title

Question: How do I change a user’s job title in Active Directory?

Answer: See steps below.

Access Active Directory, right-click on the user’s account. Click Properties/Organization tab.
(“Organization” tab displays).

Fill out the Job Title field as needed.

Click OK.
(Job Title is changed)

Q&A – Changing User’s Telephone Number

Question: How can we change the user’s telephone number in Active Directory?

Answer: See steps below.

In [User Account] Properties dialog box, click General tab.
([User Account] Properties/ “General” tab displays)

In Telephone number field, enter information as needed.

Click OK.
(Telephone number information is updated.)

Q&A – NetBIOS name

Question: How to find a domain’s NetBIOS name?

Answer: see following steps

From Domain Controller’s Start menu, click on Windows Administrative Tools.
(“Administrative tools” screen displays.)

Click Active Directory User and Computers.
(“Active Directory Users and Computers” screen displays.)

Right-click the domain.
(menu displays).

Click Properties.
(NetBIOS name (“DCDH0”in this case) displays.)

Searching in Active Directory

AD stores different types of objects – users, computers, et al. How to look for them?

As an example, let’s search for a user.

Open Active Directory Users and Computers.

Select Users.

Click Find icon.
(“Find Users, Contacts, and Groups” dialog box displays.)

Right now, the search is constrained to find only “Users”, “Contacts” and “Groups” and is only looking in the “Users” folder.

Click the Find drop-down to change search criteria.

Clicking the down arrow for [searching] In would either broaden or change the search target.

This would be especially useful if searching for a user that was misfiled in a non- “User” folder.