CNET 222 Lab 3 Windows Server Users & Groups

Centennial College
Information and Communication Engineering Technology

Course: CNET 222

Lab 3: Managing Users and Groups in

Windows Server

By: Fareha Shafique

[email protected]

Instructions:

• Create a new Microsoft Word document

• Take screen shots where specified in the lab manual and paste
them into your Word document in the correct order.
• Make sure each image shows all the required information
including your virtual machine name.
• Total number of screen shots: 6 + 4

F. Shafique ([email protected]) Page 1 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Active Directory Users and Computers

POWER ON AND LOGIN TO YOUR WINDOWS SERVER VIRTUAL MACHINE.
Open the Active Directory Users and Computers console by either:
1. Start→Administrative Tools→Active Directory Users and Computers
OR
2. From the Server Manager click Tools→Active Directory Users and Computers

F. Shafique ([email protected]) Page 2 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Exercise 1. Creating New Organizational Units (OUs)

Creating new organizational units within the domain OU makes it easier to manage users
and groups that were created after installation based on the structure of the organization.
It allows for separation of built-in accounts from accounts created by the administrator. We
will start by creating a new OU with the name CNET222. Within this we will create two
more OUs for users and security groups.
1. Right-click the top-level OU, in this case shafique.local and click New→Organizational
Unit.

2. Enter CNET222 in all capitals as the name for the OU. Click OK. The new OU should
show in the list on the right.

F. Shafique ([email protected]) Page 3 of 23

CNET 222 Lab 3 Windows Server Users & Groups

3. Now right-click the new CNET222 OU you created, and create the following two OUs
within CNET222 one at a time:
a. Users
b. Security Groups

F. Shafique ([email protected]) Page 4 of 23

CNET 222 Lab 3 Windows Server Users & Groups

The final Organizational structure should be like that in the following figure.
Take screen shot #1 of the new OUs created.

F. Shafique ([email protected]) Page 5 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Exercise 2. Creating New Users

We will create all new users in the shafique.local\CNET222\Users organizational unit.
1. Navigate to the correct OU. Right-click this OU and click New→User.

2. Create the user Rex Dasher with following information, then click Next.
• First name: Rex
• Last name: Dasher
• User logon name: rdasher

F. Shafique ([email protected]) Page 6 of 23

CNET 222 Lab 3 Windows Server Users & Groups

3. Enter the password: Pa$$w0rd, uncheck User must change password at next logon
and check the box for Password never expires. Click Next.

4. Verify the information is correct then click Finish to create the new user. It should
appear in the list of users now.

F. Shafique ([email protected]) Page 7 of 23

CNET 222 Lab 3 Windows Server Users & Groups

5. You can view and set the properties for this user by right-clicking the user and clicking
on Properties.

6. In the properties window, click on the Account tab. Click on Logon Hours…
Select all of Sunday and select the radio button for Logon Denied.
Repeat the same for Saturday to deny logon for Rex on both Saturday and Sunday.
Take screen shot #2 of the Logon Hours for Rex Dasher.
Click OK to close both the Logon Hours for Steve Red and Steve Red Properties windows.

F. Shafique ([email protected]) Page 8 of 23

CNET 222 Lab 3 Windows Server Users & Groups

7. You can also reset the password for Rex from this console. Right-click Rex and click
Reset password…
8. In the new password and confirm new password textboxes type Pa55w0rd and click
OK.
9. Create another user in the CNET222 OU with the following information:
• First name: James
• Last name: Bond
• Username: jbond
• Password: Pa$$w0rd
Take screen shot #3 showing the new users.

10. You can work with the properties of multiple users. Select both the new users and then
right-click and click Properties.

F. Shafique ([email protected]) Page 9 of 23

CNET 222 Lab 3 Windows Server Users & Groups

11. A subset of the properties is visible. We will set the Office and Organization information
in the General tab. Check the box beside Office in the General tab and enter A2-30 in the
textbox.
12. Click the Organization tab. Check the box beside Department and enter ICET in the
textbox. Check the box beside Company and enter Centennial College in the textbox.
Take screen shot #4 of the Organization information. Click OK.

F. Shafique ([email protected]) Page 10 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Exercise 3. Creating New Groups

We will create all new groups in shafique.local\CNET222\Security Groups.
1. Navigate to the CNET222->Security Groups OU.
2. Right-click on Security Groups. Click New→Group.

3. Enter the following:

a. Group name: Management
b. Group scope: Domain Local
c. Group type: Security
Click OK.
4. The group should appear in the Active Directory Users and Computers window.
Take screen shot #5 showing the Management group was created successfully.

F. Shafique ([email protected]) Page 11 of 23

CNET 222 Lab 3 Windows Server Users & Groups

5. To add members to the group, right-click the group name and click Properties.
6. Click on the Members tab. The members list should be empty. Click on Add. In the
object names text box type: rdasher; jbond then click Check Names. Once the names
are verified click OK.

7. Take screen shot #6 showing the group members were added successfully.
Click OK to close the group properties. Close the Active Directory Users and Computers
Console.

F. Shafique ([email protected]) Page 12 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Lab Challenge. Active Directory Administrative Center

The ADAC is a tool that was introduced in Windows Server 2012. It provides a new
interface for managing users and groups. It also offers some additional features that are not
a part of the Active Directory Users and Computers interface, such as fine-grained
password policies. It can be accessed directly from the Server Manager by clicking
Tools→Active Directory Administrative Center.
You start off at the “Overview”.

F. Shafique ([email protected]) Page 13 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Exercise 1. The Interface

1. From the Overview, you can directly reset the password for any user. Under Reset
Password, enter shafique\rdasher as the user name (be sure to use your domain name
in place of shafique). Give the password Pa$$w0rd. Uncheck the User must change
password at next log on. Click Apply.

2. You can customize the display and add new navigation nodes to the left pane. Click
Manage on the top right and click Add Navigation Nodes … (or right-click a blank
space on the left pane and click Add Navigation Nodes…)

F. Shafique ([email protected]) Page 14 of 23

CNET 222 Lab 3 Windows Server Users & Groups

3. Navigate to the CNET222 OU created in the Active Directory Users and Computers
Console and add the Users and Security Groups nodes. Click OK.
Take screen shot #7 of the new nodes in ADAC.

F. Shafique ([email protected]) Page 15 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Exercise 2. Creating a new User

1. In the ADAC navigation pane, open the Users container you just added in the previous
exercise (shafique-CNET222-Users). In the Tasks pane on the right, click New→User.

F. Shafique ([email protected]) Page 16 of 23

CNET 222 Lab 3 Windows Server Users & Groups

2. Create a new user with the following information (refer to image above):
a. First name: your first name (e.g Fareha)
b. Last name: your last name (e.g Shafique)
c. User name: firstname initial + lastname (e.g. fshafique)
d. Password: Pa$$w0rd
e. Other password options: Password never expires
You can view and edit properties from the ADAC as well. Click OK.
Take screen shot #8 of the new user after it is created.

F. Shafique ([email protected]) Page 17 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Exercise 3. Creating a New Group

1. Open the Security Groups container you added to the navigation pane in Lab Challenge
Exercise 1. In the Tasks pane on the right, click New→Group.

2. Enter the following group information:

a. Group name: Helpdesk
b. Group scope: Domain local
c. Group type: Security

F. Shafique ([email protected]) Page 18 of 23

CNET 222 Lab 3 Windows Server Users & Groups

3. To add members, click on Add under the Members section. Enter the username of the
user you created in Exercise 2 above (your personal user), then click OK to add the user.
Click OK again to create the group. It should appear in the list of groups.
4. Click the Helpdesk group, and click Properties from the Tasks pane on the right.
Take screen shot #9 showing the properties of the new group (including members).
Note you may need to collapse the Managed By and Members Of sections, so the Group and
Members sections are both visible (refer to image below).

F. Shafique ([email protected]) Page 19 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Exercise 4. Creating a New Fine-Grained Password Policy

You can use fine-grained password policies to specify multiple password policies within a
single domain and apply different restrictions for password and account lockout policies to
different sets of users in a domain. For example, you can apply stricter settings to
privileged accounts and less strict settings to the accounts of other users. In other cases,
you might want to apply a special password policy for accounts whose passwords are
synchronized with other data sources.
1. In the ADAC navigation pane, open the shafique(local)→System→ Password Settings
Container container.

2. In the Tasks pane, click New→Password Settings.

F. Shafique ([email protected]) Page 20 of 23

CNET 222 Lab 3 Windows Server Users & Groups

3. Fill in or edit fields inside the property page to create a new Password Settings object.
The Name and Precedence fields are required. Enter the information according to the
figure below.

4. Under Directly Applies To, click Add. Type jbond, click Check and then click OK. This
associates the Password Policy object with the jbond user.
Take screen shot #10 showing the new Password Policy Object Settings.
Click OK to submit the creation.

F. Shafique ([email protected]) Page 21 of 23

CNET 222 Lab 3 Windows Server Users & Groups

5. To delete the password policy you just created, click the CNET222Lab2 password
policy, and in the Tasks pane click Properties.
6. Uncheck the Protect from accidental deletion and click OK.

7. Make sure the CNET222Lab2 fine-grained password policy is selected, and in the Tasks
pane click Delete. Click OK in the confirmation dialog.

8. Close all windows.

F. Shafique ([email protected]) Page 22 of 23

CNET 222 Lab 3 Windows Server Users & Groups

Submit your Word Document to the correct Assignment Folder.

Shut down you Virtual Machine

Make sure you have all your work on your external USB hard disk.

You are done!

F. Shafique ([email protected]) Page 23 of 23