Creating and Administering User Accounts in Active Directory on Windows Server 2012

go to transcript

Level: Intermediate
Presenter: Eli the Computer Guy
Date Created: March 26, 2013
Length of Class: 16:10
Windows Server 2012
Building Your Own Network for a Computer Lab
Introduction to Windows Server 2012
Installing Windows Server 2012
Navigation in Windows Server 2012
Introduction to Active Directory Directory Services Structure in Windows Server 2012
Introduction to Active Directory Infrastructure in Windows Server 2012
Basic DHCP Setup on Windows Server 2012
Introduction to Using DNS Server on Windows Server 2012
Adding Windows Computers to a Windows Server 2012 Domain
Purpose of Class
This class teaches students how to create and administer User Accounts in Active Directory on Windows Server 2012.
Class Notes
To Create/ Administer Accounts go to — Server Manager — Tools — Active Directory Users and Computers
“User Must Change Password at Next Login” forces users to change their password when they login. This is used when IT people reset users passwords to a default to force users to create their own passwords.
“User cannot change password” is used generally for systems that are used by multiple people and you don’t want a user locking out the other users.
“Account Disabled” allows you to disable and account without deleting it.
You can set accounts to automatically expire, and allow access only during certain hours.
hello again as you know I am Eli the computer guy and today’s class is creating and administrating domain user accounts in Active Directory on Windows Server 2012 so up to this point we have installed Windows Server 2012 we figured out how to navigate through it we have installed Active Directory and created our domain controller we have created our domain we have set up DHCP and the Scopes we’ve made sure that DNS is running we have added a computer to the domain and so now the final big step for actually building your domain is being able to add users so we will have been able to create a domain controller DNS DHCP add computers add users and now you will have been able to create a domain so the big thing to remember whenever you were dealing with Active Directory in the Microsoft world is the idea behind Active Directory is to make administration easier for the sis admins that have to deal with the network so if you had local accounts for every single computer on your network what that would mean is that you or the sysadmin would have to sit down at every single computer on the network to do any administrative tasks for the users so if a user had locked themselves out and you had to reset a password you would have to go and sit at their specific computer if you wanted to add a user account you would have to sit down at the specific computer if you were using local accounts so that is not going to work in an environment with 50 computers or 100 computers or 10,000 computers so that’s the beauty of Active Directory it gives you one place to go to where you can add users you can change passwords you can disable accounts so on and so forth so in this class today what I’m going to be showing you how to do I’m going to show you how to create a new domain user I’m going to log in with that domain user on a Windows 8 computer that I’ve already created and then I’m going to show you the properties for that domain user so that you can go in and you can change them in the future once we have done this then in the next classes we can go into things like permissions and groups and security and get a little more complicated so the first thing I want to do before we actually get in to looking at the computers I want to go to our little digital whiteboard again just to make sure that everybody understands what’s what’s going on and why we need a domain in order to make this work so basically before what we have done is we have created our domain controller and we have created a domain called eat ECG comm so this domain controller has active directory it has DNS and it has DHCP and stalled on it then what we did is we have a Windows 8 computer out here and what we did is we joined the Windows 8 computer to the eat ECG comm domain now why this is important is now the Windows 8 computer it no longer looks to its internal databases for security it now looks to the domain controller to be told what users are allowed to do what what resources they’re allowed to access so on and so forth so the important thing with joining this computer to the domain is now it is looking to that domain controller to Active Directory to say what can a user do is a user able to log in does a username and password Mac that type of thing so that’s why we joined the computer to the domain before so this is a very important thing if you don’t join your your computer to the domain then it won’t be able to access the domain controller and none of it will work so now what we’re going to do is we’re going to go over to my trusty little Windows 2 12 server and we are going to add a new user so what we’re going to do is we’re going to go down and we’re going to click on server manager like we always have so server manager again this is the primary place where we’re going to be dealing with almost everything now what we’re going to do is we’re going to go over to tools and just like in the adding the computer class we’re going to go down to Active Directory users and computers so when this opens up we can see so it’s showing us eat ECG comm this is my domain so whatever you have named your domain whatever you’ve named it so that will be there and then when we look down we see there’s bill 10 we see there’s computers we see there’s a whole bunch of stuff but what we’re looking for is the users so this users folder here it is going to show us the user accounts and then it’s also going to show us Roop accounts so groups are going to be something we are going to deal with in a different class so whenever you see like the single person here that means is a user account and when you see like these two people side-by-side that means it’s a group account for right now don’t worry about the group accounts now when we installed Windows Server 2012 it created to users for us the administrator user and the guest user you can see I don’t know if you can see there’s a little down arrow right beside this guest user this guest user has been disabled so when you install originally all you’re going to have is this administrator account so if you want to add new users all you have to do is you go over here to the users folder and then you are going to right click so you right click so that you get the options and then you’re going to go to new so from here you’re gonna see you get a lot of stuff computer contact group we’re going to be dealing with a lot of this in the future but what we want is a new user so all we’re going to do is we’re going to create a new user then when we do to create the new user basically we’re just going to get a general form so what is the fur name of this person so we’re going to say test no initial and then we’re going to say user so this is going to be test user full name test user then we’re going to say with a login name is so again I would just say test user all one word so test user at eat ECT calm and then all we’re going to do is you’re going to click Next now it’s going to ask us for the password so I’m going to put in password here now you have a few options here and now these are something kind of the cool things the options that you give you as an administrator so one of the big things in the administrator world is we never want to know our users passwords you might find that shocking you may be surprised with that you would think that we always want to know our users passwords but in fact we never want to know our users passwords if you know a user’s password and then you can get into all kinds of horrible awful office politics where the user says that you logged in as them and then you did something funky with the computer so what you want to do is you usually if you’re logging in for another user you want to check off this box that says user must change password at next login what this means is they will be able to login using the password you gave them here but then they will immediately be asked to change the password so if if a user forgot their password and they need you to reset it what you would do is you would put in some default password here and then say user must change password and next login you would then call the user you say hey user here is your password they go to login and then they’re immediately told to change their password to something new you can also have user cannot change password you don’t see this a lot in the real world but you know it’s always possible password never expires account is disabled so one of the things one of the quote-unquote best practices at microsoft says is that you generally should not delete accounts you should only disable accounts the reason being is a lot of times you give permissions or rights to users that you may want to give to somebody else in the future what you can do is if you let’s say somebody gets terminated they get fired instead of deleting the account what you can do is you can disable it when a new person gets hired then all you do is you rename the account and everybody has all the permissions so there’s any number of reasons an account might be disabled but basically that’s just right there and we can click Next and this is going to tell us the user that we are going to create oops I want to uncheck that actually it and finish so now the user has been created see we’ve got this test user down here and now to show you how simple this is what I’m going to do is I’m going to go over to my Windows 8 computer so this is my Windows 8 computer and as we can see I am currently or I was logged in as eat ECG administrator so what I want to do is I want to login as this test user so I go back I do other user and it’s going to sign into the eat ECG domain so now I just do test user and my password and go and now we can see that this Windows 8 computer is logging me in so that’s all I needed to do to be able to create an account on this domain so I can log into this computer I could log into another computer I could log into to any computer on the network as long as I’ve been given permission to do so so while this is getting this ready let’s go back and know it’s being a pain on me right now let me go back gotta go back to the server now and what I want to do is so we’re at the server so we’re back at the server 2012 and I just want to show you the properties for the user so if we want to look at the properties for test user or any other user what we can do is we can right click and we can go to properties now this gives us a lot more options than we saw before so again first name last name display name description office telephone number email so on and so forth you can plug in the address you can plug in account information so here this is where we can do things like user must change password at next logon user cannot change password password never expires and then it gives you a whole bunch account is disabled a lot of other options you can have this account expire so if you wanted to give an account let’s say to a contractor that will only be around a month and you want to make sure that once that month is over they can no longer log in you can have this expire you can do a log on hours so you can say when the person is able to log on to the network so again whenever we’re dealing with hackers the people that frankly were most concerned with is employees or we are worried about employee credentials so if we have let’s say a secretary that comes in at 8 o’clock every morning that leaves a 5 o’clock at night and that’s what she does that’s what she did for the past five years and that’s what she’s going to do for the next 20 years well then in order to protect our systems we could restrict her so that she can only log in between 8:00 to 5:00 Monday through Friday that way if a cleaning person tries to come in let’s say during Saturday and use their credentials to login to the system they won’t be able to to do it so that’s one of the things you can do those login hours profile will go into in the future so when we get into more complicated stuff telephones organizations remote control of the desktop just a whole bunch of different stuff in here so basically this is where you really flesh out and give your your your user a lot more abilities one of the things we’ll get into in the future too is things like the member up so when we want to add this user to a group we can go to the member of and we can add the member of the the user to a group here dial and permission so on and so forth so now hopefully over yep it is we have logged into our Windows 8 computer and we can see that the test user is currently logged in so this user now has a new profile so both the administrator and the user have a profile on this computer so that’s really all there is to creating the user accounts on a Windows Server 2012 in Active Directory so you just right-click you go to new you go to user and you go through the the whole Megillah so now that you know how to create users in our next classes we can go into groups and we can start dealing with security and we can start dealing with some more complicated stuff but at this point you now know how to build a basic Active Directory structure you understand how to install the server you understand how to create the the domain controller the domain install Active Directory you understand how to do DNS you understand DHCP you added a computer and you can now add user accounts whoo-hoo you now can build at least a small that’s a small not overly functional Active Directory infrastructure but you know it’s pretty cool so that’s all there is to it now the important thing again remember that when we’re dealing with Active Directory that means all those user accounts are on the domain controllers and then unless some other security policy has been set up that means the user can go to any computer in the network and be able to log on so they can go the secretary can log into the Secretary’s computer or they can log in the CEOs computer or they could log into a different computer the main thing to remember though with this is that each user has a different profile so if the secretary logs into the CEOs computer she will be able to log into the CEOs computer but she will only see her profile she will not see the CEOs profile so that’s one of the important things to realize so it’s not like the secretary can go to the CEOs computer log in and all of a sudden she can see everything that’s there when she logs in she gets her own profile with her own My Documents folder her own desktop folder her own settings and all that kind of stuff and again we will into some of that more complicated stuff later but this is the basic idea of users so this was the class creating and administering domain user accounts and Active Directory on Windows Server 2012 as always I enjoy teaching this class and again now now we can start getting to the fun stuff and really showing you guys why Active Directory is really really kind of powerful and cool so so it was fun and I’ll see you at the next class

watch on youtube

Check Also

REMINDER Windows 11 Unenroll from Beta and Release preview to stay on 22H2 | How to

go to transcript if you are the content owner and want to remove your content? …

Windows 11 KB5017321 (22H2) fails with 0x800F0806, here’s how to fix

go to transcript if you are the content owner and want to remove your content? …

Old Timber Windows Are Better Than Aluminum

go to transcript if you are the content owner and want to remove your content? …

Leave a Reply

Your email address will not be published. Required fields are marked *