[00:03] Now, we are…
[00:18] We are creating an OU named: Admin.
[00:31] A computer object represents a workstation or a server in a network.
A computer account helps to authenticate and authorizing its access permissions to network resources.
Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units.
An organizational unit cannot contain objects from other domains.
An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority.
Specify Computer name and which User/Group it’s belongs to.
[00:39] Now, we are creating a user object.
Now, we are creating a computer object.
[01:11] Now, specify the password for the user and security options.
You have to specify the First name, Lastname, Full name (if needed, it’s an auto-fill field) and User logon name (when login to computer and fill in the credential prompts).
User object represents individuals who need access to the resources in a network.
Each user account has a user name and a password.
The purpose behind creating user accounts is to authenticate the identity of the user and authorize access to the network resources.
[01:39] “Windows Server 2003: When an object of the user, group, or computer class is created on a domain controller that is running on WWindows Server 2003 or later, the domain controller automatically sets the sAMAccountName attribute for the object to a unique string, if one is not specified” – microsoft.com
If checked, after user object/account was created, at first login, this user will be prompted to change its password.
By default, the user will be prompted to change the password after 5 days, it is required.
Check this to make the user account lifetime.
[01:46] An administrator can view/change object properties by Right click “gt; Properties.
Common attributes to view/change are: Name, Description, Members, Members Of, and other security settings.
Password is permanent, thus the user cannot change password.
The only administrator can.
[02:31] “There are a few differences between an Active Directory Container and an Active Directory OU. The main difference is that Group Policy Objects (GPO) cannot be applied to a container.
The Active Directory Users and Computers program will not give the option the create Container objects by default (right click, new). But with the following procedure, you can enable this. (You have to be member of the “Schema Admins” security group)” – robinhobo.com
[02:15] “Add Descriptions to Active Directory Objects
It’s frustrating to see objects in Active Directory and have no idea what they are for.
Even if you are using a good naming convention I still like to add descriptions to objects. Obviously not all objects, but servers, groups, service accounts and generic accounts I put descriptions on them.
Not only does this help me quickly identify the use of the object it helps the whole team understand.” -activedirectorypro.com
Make this user account is disabled after creation.
To start using this user account, the administrator must enable this user account via Active Directory Users and Computers Ac (Administration console).
[02:46] As you can see, object property has more administration sections than Normal mode.
Such as: Attribute, Published Certificates,…
By switching to Advanced Features mode, we are approaching to essential objects of AD DS environment.
So be careful, unless the result is reinstalling entire AD DS environment.
Be careful when editing in this section, there Attributes have the same meaning with other Properties in other sections, which have GUI guidelines for entering, selecting a value as well as warning when changing this Property effect to other properties.
[03:16] “It is also possible to use CSV files to create user objects with Windows PowerShell by using the Import-CSV cmdlet to read the data from the file and piping it to the New-ADUser cmdlet. To insert the data from the file into the correct user object attributes, use the New-ADUser cmdlet parameters to reference the field names in the CSV file’s header record” – sourcedaddy.com
[03:26] Organizational Unit Properties in Advanced mode
OU and other special containers will be protected by accidental deletion by default when created (can be disabled).
In Normal mode, you can’t delete these objects unless you switching to Advanced mode then clear this checkbox.
[03:29] Organizational Unit Properties in Advanced mode
OU and other special containers will be protected by accidental deletion by default when create (can be disabled).
In Normal mode, you can’t delete there objects unless you switch to Advanced mode then clear this checkbox.
I have heard a guy about his “Accidental Deletion” story that he has accidentally deleted an OU, just an OU which contains only… 4000 servers and client machines.
However, luckily, since Windows Server 2008 R2, Microsoft invented a new feature called “Active Directory Recycle Bin”, so he can recover everything as expected, he must thank to God :)
[04:05] “AD is a true powerhouse for management when it comes to handling and organizing a network environment and there’s few situations where having it would not provide some benefit at least! Even just for smaller environments using AD can save a lot of time and headache when configuring or adjusting systems, and it makes adding or adjusting users an absolute dream” – pcwdld.com