Portfolio
  • About me
  • Homelab
    • Overview
    • Backups Strategies
    • Network Segmentation
    • OPNsense Firewall & Router
    • WireGuard VPN
    • Pi-hole DNS sinkhole
    • Unbound as recursive DNS
    • Active Directory Domain Controller
      • AD Users and Computers
      • Group Policy Object
  • Documentation
    • Create Windows 2019 Server on Proxmox
Powered by GitBook
On this page
  • Objectives
  • Managing Users
  • Creating new user account
  • Modify the User Account
  • Managing Groups
  • Creating new group
  • Modify group membership
  1. Homelab
  2. Active Directory Domain Controller

AD Users and Computers

PreviousActive Directory Domain ControllerNextGroup Policy Object

Last updated 8 months ago

Objectives

Managing Users:

  • Create new users including username/password, group membership and profile path.

  • Configure account login hours and expiration as well as disable and delete user account.

Managing Groups:

  • Create group and understand group scopes as well as group types.

  • Configure group membership.

Managing Users

Creating new user account

Firstly, I open Active Directory Users and Computers or Press Win + R, type dsa.msc, and press Enter

I right-clicked the Users OU > select New > User.

Next, I set a password for the user and select "User must change password at the next logon". This practice helps prevent new user using the default password.

Back to Client VM, I selected Other user, and I could login as the new user with format domain\username.

Then, it would asked me to enter new password before letting me log on.

Modify the User Account

Opened User Properties and I navigated to Account.

Permit specific Logon Hours and permit account log on to specific computers can help prevent unauthorized access.

Moreover, right-clicked on the user allowed me to disable or delete user.

Disable the account only prevent the user from signing in and terminate any active sessions. The account can still be modify in AD.

Therefore, the primary of disabling is prevent the user from accessing the system when there are IoCs (Indicators of Compromise) associate with the account or when the employee temporarily leaves the organization.

Managing Groups

Creating new group

Navigated to homelab.com, right-clicked and selected New > Group.

Once I set group name, group scope and group type.

Domain local group is best for managing access to resources within a single domain.

Global group is for grouping users with similar access needs within the same domain.

Universal group is for assigning permissions across multiple domains.

Security group is for managing user and computer access to files, folders, applications and printers.

Distribution group is used for sending emails to a group of users without having to enter each recipient's email address.

Modify group membership

Opened marketing team group properties, and on Member tab, I clicked add and then enter object name.