An AD user object usually represents a human/employee so that it has real-life characteristics like First Name, Last Name, Office, Phone Number, etc.
In a programmatic manner, these attributes will be stored with LDAP format that you should become familiar in the first time because working with AD via ds-commands' parameters in CMD or PowerShell is the best way to administrate your Windows corp network!"
[00:05] "User naming attributes identify user objects, such as logon names and IDs used for security purposes. The cn, name, and distinguishedName attributes are examples of user naming attributes. A user object is a security principle, so it also includes the following user naming attributes:
userPrincipalName — the logon name for the user
objectGUID — the unique identifier of a user
sAMAccountName — a logon name that supports previous version of Windows
objectSid — security identifier (SID) of the user
sIDHistory — the previous SIDs for the user object" -- docs.microsoft.com
Explore the properties of an Active Directory user object.
[00:16] Let's pick a user account to perform surgery :)
These properties are self-explanation, you should consider having all of them filled so that manage/identify 1000 user objects is not a problem.
[00:32] These properties are associated with LDAP attributes and other security options which you used to build with "dsadd user", "dsquery", "dsget",… commands in previous demos.
Manage user object attributes.
[01:08] Create another user account with mandatory attributes.
Go back to the previous sections in this video to know how to create a user account.
[01:25] "3 Ways to Create New Active Directory Users -- Petri -- IT Knowledgebase" -- petri.com
There is a situation when multiple users share the same attributes as Organizational Unit, Description, Office,…
and you want to modify them at once for time-saving, avoid accidental typos,…
To accomplish this, select multiple users > Right Click > Properties.
The Properties for Multiple Items dialog will appear.
Now, let's change the Description of "DMT SnoOpy" and "DuongMinhThang" users to "IT Administrator" at the same time.
[02:12] "DS built-in tools for Windows Server 2003/8/12
The DS (Directory Service) group of commands are split into two families. In one branch are DSadd, DSmod, DSrm and DSMove and in the other branch are DSQuery and DSGet.
When it comes to choosing a scripting tool for Active Directory objects, you really are spoilt for choice. The the DS family of built-in command line executables offer alternative strategies to CSVDE, LDIFDE and VBScript." -- computerperformance.co.uk
Managing User Attributes from the Command Prompt.
[02:20] We are using GUI PowerShell with dsquery user command to find users whose Description are "IT Administrator
[02:45] Now we are using the combine function of "dsquery user" and "dsget user" to figure out users whose Descriptions are "IT Administrator" with more granular details than the previous example.
dsquery user" finds out these users then, based on the result, "dsget user" will return granular details of these users via the pipeline "|" operator.
More details about users.
A user template in Active Directory will make your life a little easier, especially if you are creating users for a specific department, with exactly the same from properties, and membership to the same user groups.
A user template is nothing more than a disabled user account that has all these settings already in place.
The only thing you have to do is copy this account, add a new name and a password.
[03:28] To learn more about:
[03:33] "Users in a domain often share many similar properties. For example, all Managers can belong to the same security groups, log on to the network during similar hours, and have home folders and roaming profiles stored on the same server. When you create a new user, you can simply copy an existing user account rather than create a blank account and populate each property" -- free-online-training-courses.com
[03:56] The method to create a user template is as same as a normal user.
You can go to the beginning of this series to learn more.
Create users from a template.
Adding an underscore "_" or asterisk "*" (whatever you like for easy finding later) before Firstname/Fullname to indicate, this is a user template.
[04:37] Attributes like security options, Member Of, Description,… of the user template will be inherited by user accounts were created from this template.
Let's add this user template to the Administrators group by changing the Member Of attribute and watch things will happen.
[05:37] You can bear as much as you like if you have enough health, money, and you must follow "birth law"
Use the Copy function to create users from this template.
Hmm, but this face was inherited from his papa :)
If you're not using user template, and let's assume you must create 50 user accounts which are members of the Administrator group and they have Description is "Administrators of Quang Tri department, Viet Nam branch".
It is a nightmare because you must create each user then, assign it to the group and add Description 50 times; that is time-consuming and boring jobs :(
These security options were inherited from the template.
This attribute was inherited from the template, too.