hello again as you know I am Eli the
computer guy and today's class is
creating and administrating domain user
accounts in Active Directory on Windows
Server 2012 so up to this point we have
installed Windows Server 2012 we figured
out how to navigate through it we have
installed Active Directory and created
our domain controller we have created
our domain we have set up DHCP and the
Scopes we've made sure that DNS is
running we have added a computer to the
domain and so now the final big step for
actually building your domain is being
able to add users so we will have been
able to create a domain controller DNS
DHCP add computers add users and now you
will have been able to create a domain
so the big thing to remember whenever
you were dealing with Active Directory
in the Microsoft world is the idea
behind Active Directory is to make
administration easier for the sis admins
that have to deal with the network so if
you had local accounts for every single
computer on your network what that would
mean is that you or the sysadmin would
have to sit down at every single
computer on the network to do any
administrative tasks for the users so if
a user had locked themselves out and you
had to reset a password you would have
to go and sit at their specific computer
if you wanted to add a user account you
would have to sit down at the specific
computer if you were using local
accounts so that is not going to work in
an environment with 50 computers or 100
computers or 10,000 computers so that's
the beauty of Active Directory it gives
you one place to go to where you can add
users you can change passwords you can
disable accounts so on and so forth so
in this class today what I'm going to be
showing you how to do I'm going to show
you how to create a new domain
user I'm going to log in with that
domain user on a Windows 8 computer that
I've already created and then I'm going
to show you the properties for that
domain user so that you can go in and
you can change them in the future once
we have done this then in the next
classes we can go into things like
permissions and groups and security and
get a little more complicated so the
first thing I want to do before we
actually get in to looking at the
computers I want to go to our little
digital whiteboard again just to make
sure that everybody understands what's
what's going on and why we need a domain
in order to make this work so basically
before what we have done is we have
created our domain controller and we
have created a domain called eat ECG
comm so this domain controller has
active directory it has DNS and it has
DHCP and stalled on it then what we did
is we have a Windows 8 computer out here
and what we did is we joined the Windows
8 computer to the eat ECG comm domain
now why this is important is now the
Windows 8 computer it no longer looks to
its internal databases for security it
now looks to the domain controller to be
told what users are allowed to do what
what resources they're allowed to access
so on and so forth so the important
thing with joining this computer to the
domain is now it is looking to that
domain controller to Active Directory to
say what can a user do is a user able to
log in does a username and password Mac
that type of thing
so that's why we joined the computer to
the domain before so this is a very
important thing if you don't join your
your computer to the domain then it
won't be able to access the domain
controller and none of it will work so
now what we're going to do is we're
going to go over to my trusty little
Windows 2
12 server and we are going to add a new
user so what we're going to do is we're
going to go down and we're going to
click on server manager like we always
have
so server manager again this is the
primary place where we're going to be
dealing with almost everything now what
we're going to do is we're going to go
over to tools and just like in the
adding the computer class we're going to
go down to Active Directory users and
computers so when this opens up we can
see so it's showing us eat ECG comm this
is my domain so whatever you have named
your domain whatever you've named it so
that will be there and then when we look
down we see there's bill 10 we see
there's computers we see there's a whole
bunch of stuff but what we're looking
for is the users so this users folder
here it is going to show us the user
accounts and then it's also going to
show us Roop accounts so groups are
going to be something we are going to
deal with in a different class so
whenever you see like the single person
here that means is a user account and
when you see like these two people
side-by-side that means it's a group
account for right now don't worry about
the group accounts now when we installed
Windows Server 2012 it created to users
for us the administrator user and the
guest user you can see I don't know if
you can see there's a little down arrow
right beside this guest user this guest
user has been disabled so when you
install originally all you're going to
have is this administrator account so if
you want to add new users all you have
to do is you go over here to the users
folder and then you are going to right
click so you right click so that you get
the options and then you're going to go
to new so from here you're gonna see you
get a lot of stuff computer contact
group we're going to be dealing with a
lot of this in the future
but what we want is a new user so all
we're going to do is we're going to
create a new user then when we do to
create the new user basically we're just
going to get a general form so what is
the fur
name of this person so we're going to
say test no initial and then we're going
to say user so this is going to be test
user full name test user then we're
going to say with a login name is so
again I would just say test user all one
word so test user at eat ECT calm and
then all we're going to do is you're
going to click Next now it's going to
ask us for the password so I'm going to
put in password here now you have a few
options here and now these are something
kind of the cool things the options that
you give you as an administrator so one
of the big things in the administrator
world is we never want to know our users
passwords you might find that shocking
you may be surprised with that you would
think that we always want to know our
users passwords but in fact we never
want to know our users passwords if you
know a user's password and then you can
get into all kinds of horrible awful
office politics where the user says that
you logged in as them and then you did
something funky with the computer so
what you want to do is you usually if
you're logging in for another user you
want to check off this box that says
user must change password at next login
what this means is they will be able to
login using the password you gave them
here but then they will immediately be
asked to change the password so if if a
user forgot their password and they need
you to reset it what you would do is you
would put in some default password here
and then say user must change password
and next login you would then call the
user you say hey user here is your
password they go to login and then
they're immediately told to change their
password to something new you can also
have user cannot change password you
don't see this a lot in the real world
but you know it's always possible
password never expires account is
disabled so one of the things one of the
quote-unquote best practices at
microsoft says is that you generally
should not delete accounts you should
only disable accounts the reason being
is
a lot of times you give permissions or
rights to users that you may want to
give to somebody else in the future what
you can do is if you let's say somebody
gets terminated they get fired instead
of deleting the account what you can do
is you can disable it when a new person
gets hired then all you do is you rename
the account and everybody has all the
permissions so there's any number of
reasons an account might be disabled but
basically that's just right there and we
can click Next and this is going to tell
us the user that we are going to create
oops I want to uncheck that actually it
and finish so now the user has been
created see we've got this test user
down here and now to show you how simple
this is what I'm going to do is I'm
going to go over to my Windows 8
computer so this is my Windows 8
computer and as we can see I am
currently or I was logged in as eat ECG
administrator so what I want to do is I
want to login as this test user so I go
back I do other user and it's going to
sign into the eat ECG domain so now I
just do test user and my password and go
and now we can see that this Windows 8
computer is logging me in so that's all
I needed to do to be able to create an
account on this domain so I can log into
this computer I could log into another
computer I could log into to any
computer on the network as long as I've
been given permission to do so so while
this is getting this ready let's go back
and know it's being a pain on me right
now let me go back gotta go back to the
server now and what I want to do is so
we're at the server so we're back at the
server 2012 and I just want to show you
the properties for the user so if we
want to look at the properties for test
user or any other user what we can do is
we can right click and we can go to
properties now this gives us a lot more
options than we saw before so again
first name last name display name
description office telephone number
email so on and so forth you can plug in
the address you can plug in account
information so here this is where we can
do things like user must change password
at next logon user cannot change
password password never expires and then
it gives you a whole bunch account is
disabled a lot of other options you can
have this account expire so if you
wanted to give an account let's say to a
contractor that will only be around a
month and you want to make sure that
once that month is over they can no
longer log in you can have this expire
you can do a log on hours so you can say
when the person is able to log on to the
network so again whenever we're dealing
with hackers the people that frankly
were most concerned with is employees or
we are worried about employee
credentials so if we have let's say a
secretary that comes in at 8 o'clock
every morning that leaves a 5 o'clock at
night and that's what she does that's
what she did for the past five years and
that's what she's going to do for the
next 20 years well then in order to
protect our systems we could restrict
her so that she can only log in between
8:00 to 5:00 Monday through Friday that
way if a cleaning person tries to come
in let's say during Saturday and use
their credentials to login to the system
they won't be able to to do it so that's
one of the things you can do those login
hours profile will go into in the future
so when we get into more complicated
stuff telephones organizations remote
control of the desktop just a whole
bunch of different stuff in here so
basically this is where you really flesh
out and give your your your user a lot
more abilities one of the things we'll
get into in the future too is things
like the member up so when we want to
add this user to a group we can go to
the member of and we can add the member
of the the user to a group here dial and
permission so on and so forth so now
hopefully over yep it is we have logged
into our Windows 8 computer and we can
see that the test user is currently
logged in so this user now has a
new profile so both the administrator
and the user have a profile on this
computer so that's really all there is
to creating the user accounts on a
Windows Server 2012 in Active Directory
so you just right-click you go to new
you go to user and you go through the
the whole Megillah so now that you know
how to create users in our next classes
we can go into groups and we can start
dealing with security and we can start
dealing with some more complicated stuff
but at this point you now know how to
build a basic Active Directory structure
you understand how to install the server
you understand how to create the the
domain controller the domain install
Active Directory you understand how to
do DNS you understand DHCP you added a
computer and you can now add user
accounts whoo-hoo you now can build at
least a small that's a small not overly
functional Active Directory
infrastructure but you know it's pretty
cool so that's all there is to it now
the important thing again remember that
when we're dealing with Active Directory
that means all those user accounts are
on the domain controllers and then
unless some other security policy has
been set up that means the user can go
to any computer in the network and be
able to log on so they can go the
secretary can log into the Secretary's
computer or they can log in the CEOs
computer or they could log into a
different computer the main thing to
remember though with this is that each
user has a different profile so if the
secretary logs into the CEOs computer
she will be able to log into the CEOs
computer but she will only see her
profile she will not see the CEOs
profile so that's one of the important
things to realize so it's not like the
secretary can go to the CEOs computer
log in and all of a sudden she can see
everything that's there when she logs in
she gets her own profile with her own My
Documents folder her own desktop folder
her own settings and all that kind of
stuff and again we will
into some of that more complicated stuff
later but this is the basic idea of
users so this was the class creating and
administering domain user accounts and
Active Directory on Windows Server 2012
as always I enjoy teaching this class
and again now now we can start getting
to the fun stuff and really showing you
guys why Active Directory is really
really kind of powerful and cool so so
it was fun and I'll see you at the next
class