Scribd
Upload
112 views9 pages

Lab 2 - Creating and Managing AD Users and Computers

The document provides instructions for exercises to manage Active Directory objects using various tools. It describes how to create organizational units (OUs) and computer/user objects using Active Directory Users and Computers. It also covers creating these objects using PowerShell and Active Directory Administrative Center. The final exercises describe creating multiple OUs and users from a table of student data by extracting faculty, school year, and class information to build the appropriate OU paths.

Uploaded by

NM Thân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
112 views9 pages

Lab 2 - Creating and Managing AD Users and Computers

The document provides instructions for exercises to manage Active Directory objects using various tools. It describes how to create organizational units (OUs) and computer/user objects using Active Directory Users and Computers. It also covers creating these objects using PowerShell and Active Directory Administrative Center. The final exercises describe creating multiple OUs and users from a table of student data by extracting faculty, school year, and class information to build the appropriate OU paths.

Uploaded by

NM Thân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Lab 2

Creating and Managing Active Directory Users, Computers, groups and organizational
unit

EXERCISE 1: CREATING COMPUTER OBJECTS


In this exercise, you use the Active Directory Users and Computers console to create an OU
and a computer object.
Create OU
1. On the DC1 computer, in the Active Directory Users and Computers console, Right-
click on your domain, then select New -> Organizational Unit. The New Object -
Organizational Unit appears
2. In the Name text box, type Workstation
Create computer object
1. On the DC1 computer, which has the Server Manager console open. Select Tools ->
Active Directory Users and Computers.
2. In the left pane, expand your domain node, if needed, and select the Workstation
container.
3. Right-click the Workstation container and, from the context menu, click New ->
Computer. The New Object – Computer Wizard appears.
4. In the Computer name text box, type pc0.
5. Under User or group, click Change. The Select User or Group dialog box appears.
6. In the Enter the object name to select text box, type Domain Computers and click OK.
7. Click OK. The wizard creates the computer object

EXERCISE 2: CREATING ORGANIZATIONAL UNIT AND A SINGLE USER

In this exercise, you use the Active Directory Users and Computers console to create an OU
and a domain user account.
Create OU
3. On the DC1 computer, in the Active Directory Users and Computers console, Right-
click on your domain, then select New -> Organizational Unit. The New Object -
Organizational Unit appears
4. In the Name text box, type People Organizational Unit
Create a User
1. On the DC1 computer, in the Active Directory Users and Computers console, select the
People Organizational Unit.
2. From the Action menu, select New > User. The New Object – User Wizard appears
3. In the First name text box, type <Your first name> and in the Last name text box, type
<Your last name>.
4. In the User logon name text box, type <your login name> and click Next. The second
page of the New Object – User Wizard appears
5. In the Password and Confirm password fields, type password.
6. Clear the User must change password at next logon check box and click Next. A
confirmation page listing the settings you configured appears.
7. Click Finish.

EXERCISE 3: USING ACTIVE DIRECTORY ADMINISTRATIVE CENTER

1. On the DC1 computer, in the Server Manager console, select Tools > Active
Directory Administrative Center. The Active Directory Administrative Center
console appears.
2. In the left pane, select Your domain (local) node and, in the center pane, double-click
the Computers container. The contents of the Computers container appears in the center
pane.
3. In the right pane, select New -> Computer. The Create Computer dialog box appears
4. In the Computer name text box, type Wkstn8.
5. Under Member of, click Add. The Select Groups dialog box appears.
6. In the Enter the object name to select box, type Domain Computers and click OK. The
group appears in the Member Of text box.
7. Click OK. The new object appears in the Computers container.
8. In the left pane, select Your domain (local) node and, in the center pane, double-click
the People OU. The contents of the People container appears in the center pane
9. In the right pane, select New -> User. The Create User dialog box appears
10. In the First name text box, type <User’s first name>, and in the Last name text box,
type <User’s last name>.
11. In the User SamAccountName Logon text box, type <user login>. In the Password
and Confirm password fields, type Pa$$w0rd.
12. Scroll down and, in the Member of section, click Add. The Select Groups dialog box
appears.
13. In the Enter the object name to select text box, type Domain Users and click OK.
The group appears in the Member Of text box.
Click OK. The new user object appears in the People OU.

EXERCISE 4: CREATING USERS WITH POWERSHELL


Using Powershell to create the OU: CIT and create the following user object in OU CIT:
- Nguyen Van A: nva
- Nguyen Van B: nvb
- Nguyen Van C: nvc

Hint:
- To create OU use cmdlets:
New-ADOrganizationalUnit [-Name] <string> [-path <string>]
New-ADOrganizationalUnit –Name CIT –path “OU=CIT,dc=clc,dc=com”

- To create User use cmdlets:


New-ADUser [-Name] <String> [-UserPrincipalName <String>] [-SamAccountName
<String>] [-GivenName <String>] [-Surname <String>] [-DisplayName <String>]
[-Organization <String>] [-AccountPassword <SecureString>] [-
ChangePasswordAtLogon <Boolean>] [-Enabled <Boolean>] [-Path <String>]

Example: New-ADUser - Name "Tran Thanh Dien" –UserPrincipalName


"[email protected]" – SamAccountName "ttdien" -GivenName "Dien" -Surname "Tran
Thanh" -DisplayName " Tran Thanh Dien" -AccountPassword (ConvertTo-SecureString
"CLC98765432$" –AsPlainText -Force) -ChangePasswordAtLogon $true –Enabled $true
–path “OU=CIT,dc=clc,dc=com”
New-ADUser - Name "Dinh Thuy Hoa" -UserPrincipalName [email protected] -
SAMAccountName B1910225 -givenName Hoa -SurName "Dinh Thuy" -displayName
"Dinh Thuy Hoa" -AccountPassword (ConvertTo-SecureString CLC98765432$ -
AsPlainText -Force) -Enabled $true -path
"OU=DI19V7A3,OU=K45,OU=K45,Ou=CTU,dc=dien,dc=clc,dc=com"

EXERCISE 5: Joining a computer to a domain

1. Control Pannel -> System Security -> System


2. Click on Change settings on the section “Computer name, domain, and workgroup
settings”
3. Click to choose the radio button next to Domain, input the <domain name> and then
click OK
4. When prompt for username and password, please input the domain account that has the
right to join the computer to the domain.

EXERCISE 6: CREATING GROUPS

Creating Domain Local Groups

1. On the DC1 computer, in the Active Directory Users and Computers console, select
the OU CIT
2. Right-click the CIT OU and, from the context menu, click New > Group. The New
Object - Group dialog box appears

3. In the Group name text box, type CIT.


4. Under Group scope, select the Domain local option and click OK.
Creating Global Groups
1. On the DC1 computer, in the Active Directory Administrative Center console, expand
the your domain (local) node in the left pane and select the KCNTT OU
2. In the right pane, select New > Group. The Create Group dialog box appears
3. In the Group name text box, type Backup Managers.
4. Under Group scope, select Global and click OK. The new group appears in the KCNTT
OU.

EXERCISE 7: CREATING MULTIPLE OUS AND USERS

In this exercise, the students are requested to create the user account for students of Can Tho
University. The students are given a list of users, which consist of the following information:
student’s number, Full Name and class name. Based on this information, the students are
requested to:
1. Create a list of OUs with the following structure: CTU -> faculty -> school year -> Class

CTU K41
DI1895A1
K42
KCN DI18V7F1
K43
KCNTT DI1895A2
K44
DI18V7A1
K45
DI18V7A2
K46
KKT DI18Z6A1

KNN

KSP

2. Create a list of user accounts and organized into corresponding OUs.

Hint
There are multiple methods to create multiple OUs and user accounts at the same time,
including:
a) Powershell cmdlets: New-ADOrganizationalUnit and New-ADUser
b) LDIFDE command
c) CSVDE command
Each method requires input file with different structure
The students are given the list of users with the structure as shown in the following table. The
students have to extract the necessary information from this table and create the input file for
the respective command.

TT Mã Ho va ten Ten lop


1 B1607052 Vo Hong Canh DI16V7F1
2 B1609833 Nguyen Bao Ngoc DI16V7F1
3 B1710138 Tran Anh Khoa DI17V7F1

With the provided table, the student can extract the following information:
1) Faculty: The first two character of the field “Ten lop”
DI = KCNTT; TN = KCN; DA= VCNSH; FL=KNNg; KH = KKH; KT=KKT; LK=KL;
MT=KMT-TNTN; NN=KNN; TD=TDTT; TS=KTS; XH=KXH-NV
2) School year: The next two character:
15 = K41; 16 = K42; 17 = K43; 18=K44; 19=K45; 20=K46; 21=K47

Using Powershell cmdlets:


1. To create a list of OUs: Create a Powershell script file (e.g., Create_ou.ps1) with each
cmdlet in a line. The following example creates:
a) OU CTU in the domain clc.com
b) OU KCNTT insides OU CTU
c) OU K44 insides OU KCNTT

New-ADOrganizationalUnit –Name CTU -path “dc=clc,dc=com”


New-ADOrganizationalUnit –Name KCNTT -path “OU=CTU,dc=clc,dc=com”
New-ADOrganizationalUnit –Name K44 -path “OU=
KCNTT,OU=CTU,dc=clc,dc=com”

2. To create a list of users: create a Powershell script file (e.g., create_uers.ps1) each
cmdlet in a line:
The following cmdlet create a user account with username (SAMAccountName)
B1607052 and pasword rw0pEZP@n

New-ADUser -Name "Vo Hong Canh" -UserPrincipalName "[email protected]" -


SAMAccountName B1607052 -givenName "Canh" -SurName "Vo Hong" -displayName "Vo
Hong Canh" -AccountPassword (ConvertTo-SecureString "rw0pEZP@n" -AsPlainText -
Force) -Enabled $true -path "OU=DI16V7F1,OU=K42,OU=CNTT,Ou=CTU,dc=clc,dc=com"

The students are requested to use Excel and VBA script to create these cmdlet automatically
(including random pasword)
Using CSVDE command:

1. To create a list of OUs: create a csv file (e.g., create_ou.csv) with the following structure:

objectClass, dn
Organizational Unit, ou=KCNTT,OU=CTU,dc=clc,dc=com
Organizational Unit, ou=KCN,OU=CTU,dc=clc,dc=com
Organizational Unit, ou=K43,ou=KCNTT,OU=CTU,dc=clc,dc=com
Organizational Unit, ou=K41,ou=KCN,OU=CTU,dc=clc,dc=com
Organizational Unit, ou=K42,ou=KCNTT,OU=CTU,dc=clc,dc=com
Organizational Unit, ou=K42,ou=KCN,OU=CTU,dc=clc,dc=com
Organizational Unit, ou=K43,ou=KCN,OU=CTU,dc=clc,dc=com

From the command prompt, run the following command: csvde –i –f create_ou.csv -k

2. To create a list of users: create a csv file (e.g., create_uers.txt) with the following
structure:

ObjectClass, DN, SamAccountName, GivenName, sn, userAccountControl

user,"cn=Tran Quoc Thinh-B1702182, ou=DI17V7F1,ou=K43,ou=KCNTT, OU=CTU,


dc=clc, dc=com", B1702182, Tran Quoc Thinh,512

user,"cn=Pham Quoc Toan-


B1704699,ou=DI17V7F1,ou=K43,ou=KCNTT,OU=CTU,dc=clc,dc=com", B1704699, Pham
Quoc Toan,512

user,"cn=Tran Chau Hai-


B1704727,ou=DI17V7F2,ou=K43,ou=KCNTT,OU=CTU,dc=clc,dc=com",B1704727, Tran
Chau Hai,512

user,"cn=Bui Phan Anh Duy-


B1704797,ou=DI17V7F1,ou=K43,ou=KCNTT,OU=CTU,dc=clc,dc=com", B1704797,Bui
Phan Anh,Duy,512

then run the following command: csvde –i –f create_user.txt -k

Note: by default, Active Directory don’t allow to ad user without pasword. Therefore, to run
the above command we have to modify group policy to not enforce security policy

3. Change user password


Create a batch file (e.g., changepaswd.bat) with the following commands:

Net user B1702182 Qt%2HijG /domain


Net user B1704699 Mi$6EC^c /domain

Then run the batch file

You might also like