AD Users and Computers

Objectives

Managing Users:

• Create new users including username/password, group membership and profile path.

• Configure account login hours and expiration as well as disable and delete user account.

Managing Groups:

• Create group and understand group scopes as well as group types.

• Configure group membership.

Managing Users

Creating new user account

Firstly, I open Active Directory Users and Computers or Press Win + R, type dsa.msc, and press Enter

I right-clicked the Users OU > select New > User.

Next, I set a password for the user and select "User must change password at the next logon". This practice helps prevent new user using the default password.

Back to Client VM, I selected Other user, and I could login as the new user with format domain\username.

Then, it would asked me to enter new password before letting me log on.

Modify the User Account

Opened User Properties and I navigated to Account.

Permit specific Logon Hours and permit account log on to specific computers can help prevent unauthorized access.

Moreover, right-clicked on the user allowed me to disable or delete user.

Disable the account only prevent the user from signing in and terminate any active sessions. The account can still be modify in AD.

Managing Groups

Creating new group

Navigated to homelab.com, right-clicked and selected New > Group.

Once I set group name, group scope and group type.

Modify group membership

Opened marketing team group properties, and on Member tab, I clicked add and then enter object name.