Lab Answer Key: Module 4: Automating Active Direct

ory Domain Services Administration

Lab: Automating AD DS Administration by Using Wi
ndows PowerShell
Exercise 1: Creating User Accounts and Groups by Using Windows Powe
rShell
Task 1: Create a user account by using Windows PowerShell
1.

On LON-DC1, on the taskbar, click the Windows PowerShell icon.

2.

At the Windows PowerShell prompt, type the following command, and then press Enter:
New-ADOrganizationalUnit LondonBranch

3.

Type the following command, and then press Enter:

New-ADUser -Name Ty -DisplayName "Ty Carlson" -GivenName Ty -Surname Carlson -Path
"ou=LondonBranch,dc=adatum,dc=com"

4.

Type the following command, and then press Enter:

Set-ADAccountPassword Ty

5.

When prompted for the current password, press Enter.

6.

When prompted for the desired password, type Pa$$w0rd, and then press Enter.

7.

When prompted to repeat the password, type Pa$$w0rd, and then press Enter.

8.

At the Windows PowerShell prompt, type Enable-ADAccount Ty, and then press Enter.

9.

On LON-CL1, sign in as Ty using a password of Pa$$w0rd.

10.

Verify that sign in is successful and then sign out of LON-CL1.

Task 2: Create a group by using Windows PowerShell

1.

On LON-DC1, at the Windows PowerShell prompt, type the following command, and then press Enter:
New-ADGroup LondonBranchUsers -Path "ou=LondonBranch,dc=adatum,dc=com" -GroupScope
Global -GroupCategory Security

2.

Type the following command, and then press Enter:

Add-ADGroupMember LondonBranchUsers -Members Ty

3.

Type the following command, and then press Enter:

Get-ADGroupMember LondonBranchUsers
Results: After completing this exercise, you will have created user accounts and groups by
using Windows PowerShell.

Exercise 2: Using Windows PowerShell to Create User Accounts in Bulk

Task 1: Prepare the .csv file

1.

On LON-DC1, on the taskbar, click the Windows Explorer icon.

2.

In the Windows Explorer window, expand E:, expand Labfiles, and then click Mod04.

3.

Right-click LabUsers.ps1, and then click Edit.

4.

In Windows PowerShell Integrated Scripting Environment (ISE), read the comments at the top of the sc
.csv file.

5.

Close Windows PowerShell ISE.

6.

In Windows Explorer, double-click LabUsers.csv.

7.

In the How do you want to open this type of file (.csv) window, click Notepad.

8.

In Notepad, type the following line at the top of the file: FirstName,LastName,Department,Default

9.

Click File, and then click Save.

10.

Close Notepad.

Task 2: Prepare the script

1.

On LON-DC1, in Windows Explorer, right-click LabUsers.ps1, and then click Edit.

2.

In Windows PowerShell ISE, under Variables, replace C:\path\file.csv with E:\Labfiles\Mod04\LabUs

3.

Under Variables, replace "ou=orgunit,dc=domain,dc=com" with "ou=LondonBranch,dc=adatum

4.

Click File, and then click Save.

5.

Scroll down and review the contents of the script.

6.

Close Windows PowerShell ISE.

Task 3: Run the script

1.

On LON-DC1, on the taskbar, click the Windows PowerShell icon.

2.

At the Windows PowerShell prompt, type cd E:\Labfiles\Mod04, and then press Enter.

3.

Type .\LabUsers.ps1, and then press Enter.

4.

Type the following command, and then press Enter:

Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com"

5.

Close the Windows PowerShell prompt.

6.

On LON-CL1, sign in as Luka using a password of Pa$$w0rd.

Results: After completing this exercise, you will have used Windows PowerShell to create us
er accounts in bulk.

Exercise 3: Using Windows PowerShell to Modify User Accounts in Bulk

Task 1: Force all user accounts in LondonBranch to change their passwords at nex
t logon
1.

On LON-DC1, on the task bar, click the Windows PowerShell icon.

2.

At the Windows PowerShell Prompt, type the following command, and then press Enter:
Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com" | Format-Wide
DistinguishedName

3.

Verify that only users from the LondonBranch organizational unit (OU) are listed.

4.

At the Windows PowerShell prompt, type the following command, and then press Enter:
Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com" |
Set-ADUser -ChangePasswordAtLogon $true

5.

Close Windows PowerShell.

Task 2: Configure the address for user accounts in LondonBranch

1.

On LON-DC1, in Server Manager, click Tools, and then click Active Directory Administrative Cente

2.

In Active Directory Administrative Center, in the Navigation pane, expand Adatum (local) and double

3.

Click the Type column header to sort based on the object type.

4.

Select all user accounts, right-click the user accounts, and then click Properties.

5.

In the Multiple Users window, under Organization, select the Address check box.

6.

In the Street box, type Branch Office.

7.

In the City box, type London.

8.

In the Country/Region box, click United Kingdom, and then click OK.

9.

Close Active Directory Administrative Center.

Results: After completing this exercise, you will have modified user accounts in bulk.
To prepare for the next module
When you finish the lab, revert all virtual machines back to their initial state by performing t
he following steps:
1.

On the host computer, start Hyper-V Manager.

2.

In the Virtual Machines list, right-click 20410B-LON-CL1, and then click Revert.

3.

In the Revert Virtual Machine dialog box, click Revert.

4.

Repeat steps 2 to 3 for 20410B-LON-DC1.