David Langham

Unit 6 Exercise - AD User and Group Account Creation

TO: Junior Admin

FROM: IT Admin

Create a user account in Active Directory

1 Open Active Directory Users and Computers.

2 In the console tree, right-click the folder in which you want to add a user account.
(Active Directory Users and Computers/domain node/folder)

3 Point to New, and then click User.

4 In First name, type the user's first name.

5 In Initials, type the user's initials.

6 In Last name, type the user's last name.

7 Modify Full name to add initials or reverse order of first and last names.

8 In User logon name, type the user logon name, click the UPN suffix in the dropdown list, and then click Next.

9 If the user will use a different name to log on to computers running Windows 95,
Windows 98, or Windows NT, then you can change the user logon name as it
appears in User logon name (pre-Windows 2000) to the different name.

10 In Password and Confirm password, type the user's password, and then select
the appropriate password options.

To perform this procedure, you must be a member of the Account Operators group,
Domain Admins group, or the Enterprise Admins group in Active Directory, or you
must have been delegated the appropriate authority. As a security best practice,
consider using Run as to perform this procedure. For more information, see Default
local groups, Default groups, and Using Run as.

To open Active Directory Users and Computers, click Start, click Control Panel,
double-click Administrative Tools, and then double-click Active Directory Users and
Computers.

To add a user, you can also click on the toolbar. To add a user, you can also copy
any previously created user account.

A new user account with the same name as a previously deleted user account does
not automatically assume the permissions and group memberships of the previously
deleted account because the security ID (SID) for each account is unique. To
duplicate a deleted user account, all permissions and memberships must be
manually recreated.

When a user account is created with the new user wizard from within the details
pane, you can quickly edit the user properties by closing the wizard, clicking the
new account, and then pressing ENTER. To open the new user wizard from within the
details pane, right-click in the details pane, click New, and then click User.

For interoperability with other directory services, you can create an InetOrgPerson
user object. To create a new inetOrgPerson, in step three, click InetOrgPerson
instead of User.

When creating a new user, the full name attribute is created in the
FirstNameLastName format by default. The full name attribute also governs the
display name format is shown in the global address list. You can change the display
name format by using ADSI Edit. If you do so, this will also change the full name
format. For more information, see article Q250455, "How to Change Display Names
of Active Directory Users" in the Microsoft Knowledge Base.

Create a group account in Active Directory

1 Open Active Directory Users and Computers.

2 In the console tree, right-click the folder in which you want to add a new group.

3 Point to New, and then click Group.

4 Type the name of the new group.

5 By default, the name you type is also entered as the preWindows 2000 name of
the new group.

6 In Group scope, click one of the options.

7 In Group type, click one of the options.