-
7/29/2019 2274b_02
1/55
Module 2: Managing User
and Computer Accounts
-
7/29/2019 2274b_02
2/55
Overview
Creating User AccountsCreating Computer Accounts
Modifying User and Computer Account Properties
Creating a User Account Template
Enabling and Unlocking User and Computer Accounts
Resetting User and Computer Accounts
Locating User and Computer Accounts in Active
DirectorySaving Queries
-
7/29/2019 2274b_02
3/55
Lesson: Creating User Accounts
What Is a User Account?Names Associated with Domain User
Accounts
Guidelines for Creating a User Account NamingConvention
User Account Placement in a Hierarchy
User Account Password Options
When to Require Password Changes
How to Create User AccountsBest Practices for Creating User
Accounts
-
7/29/2019 2274b_02
4/55
What Is a User Account?
Multimedia: Types of User Accounts
Domain user accounts(stored in Active Directory)
Local user accounts(stored on local computer)
Windows Server 2003 Domain
http://localhost/var/www/apps/conversion/tmp/scratch_5/multimedia/2274_1_Accts.html
-
7/29/2019 2274b_02
5/55
Names Associated with Domain User Accounts
Name Example
User logon name Jayadams
Pre-Windows 2000
logon name
Nwtraders\jayadams
User principallogon name
[email protected]
LDAP relativedistinguishedname
CN=jayadams,CN=users,dc=nwtraders,dc=msft
-
7/29/2019 2274b_02
6/55
Guidelines for Creating a User Account NamingConvention
A convention for naming user accounts shouldaccommodate:
Employees with duplicate names
Different types of employees, such as temporary orcontract
employees
-
7/29/2019 2274b_02
7/55
User Account Placement in a Hierarchy
Geopolitical Design
Users
North America
Users
South America
Business Design
Users
Accounting
Users
Sales
-
7/29/2019 2274b_02
8/55
User Account Password Options
Account options DescriptionUser must changepassword at
nextlogon
Users must change their passwords the nexttime they log on to
the network
User cannotchange password A user does not have the permissions
tochange their own password
Password neverexpires
A user password is prevented from expiring
Account isdisabled
A user cannot log on by using the selectedaccount
-
7/29/2019 2274b_02
9/55
When to Require or Restrict Password Changes
Option Use this option when you:
Require
password
changes
Create new domain accounts
Reset passwords
Restrictpasswordchanges
Create local and domain service accounts
Create new local accounts that will not log onlocally
-
7/29/2019 2274b_02
10/55
How to Create User Accounts
Your instructor will demonstrate how to:
Create a domain user account
Create a local user account
-
7/29/2019 2274b_02
11/55
Practice: Creating User Accounts
In this practice, you will:
Create a local user account by using
Computer Management
Create a domain account by using
Active Directory Users and Computers
Create a domain user account by using
Run as
Create a domain user account by usingdsadd
-
7/29/2019 2274b_02
12/55
Best Practices for Creating User Accounts
Best practices for creating local user accounts
Do not enable the Guest account
Limit the number of people who can log on locally
Best practices for creating domain user accounts
Disable an account that will not be used immediately
Require users to change their passwords the first timethat they
log on
-
7/29/2019 2274b_02
13/55
Lesson: Creating Computer Accounts
What Is a Computer Account?Why Create a Computer Account?
Where Computer Accounts Are Created in a Domain
Computer Account Options
How to Create a Computer Account
-
7/29/2019 2274b_02
14/55
What Is a Computer Account?
Identifies a computer in a domainProvides a means for
authenticating and auditingcomputer access to the network and to
domainresources
Is required for every computer running:
Windows Server 2003
Windows XP Professional
Windows 2000Windows NT
-
7/29/2019 2274b_02
15/55
Why Create a Computer Account?
Security
Authentication
IPSec
AuditingManagement
Active Directory features:
Software deployment
Desktop management
Hardware and software inventory through SMS
-
7/29/2019 2274b_02
16/55
Where Computer Accounts Are Created in a Domain
Computers that join a domain arecreated in the Computers
container
Computer accounts can be moved to
or created in other organizational units
-
7/29/2019 2274b_02
17/55
Computer Account Options
-
7/29/2019 2274b_02
18/55
How to Create a Computer Account
Your instructor will demonstrate how to:
Create a computer account by using Active DirectoryUsers and
Computers
Create a computer account by using dsadd
-
7/29/2019 2274b_02
19/55
Practice: Creating a Computer Account
In this practice, you will
Create a computer account by using
Active Directory Users and Computers
Create a computer account by using
dsadd
-
7/29/2019 2274b_02
20/55
Lesson: Modifying User and Computer Account Properties
When to Modify User and Computer Account PropertiesProperties
Associated with User Accounts
Properties Associated with Computer Accounts
How to Modify User and Computer Account Properties
-
7/29/2019 2274b_02
21/55
When to Modify User and Computer Account Properties
Modify user account properties to:
Make it easier to use search capabilities tofind users
Match a companys organizational hierarchy
Determine the group membership of a user account
Modify computer account properties to:
Assist in asset tracking (Location property)
Document who manages a computer (Managed Byproperty)
-
7/29/2019 2274b_02
22/55
Properties Associated with User Accounts
The Properties dialog box for a user account contains:
-
7/29/2019 2274b_02
23/55
Properties Associated with Computer Accounts
The Properties dialog box for a computer account contains:
-
7/29/2019 2274b_02
24/55
How to Modify User and Computer Account Properties
Your instructor will demonstrate how to modify userand computer
accounts
Practice: Modifying User and Computer Account
-
7/29/2019 2274b_02
25/55
Practice: Modifying User and Computer AccountProperties
In this practice, you will modify user andcomputer account
properties
-
7/29/2019 2274b_02
26/55
Lesson: Creating a User Account Template
What Is a User Account Template?What Properties Are in a
Template?
Guidelines for Creating User Account Templates
How to Create a User Account Template
-
7/29/2019 2274b_02
27/55
What Is a User Account Template?
A user account template is a user account that containsthe
properties that apply to users with commonrequirements
User account templates make creating user accountswith
standardized configurations more efficient
User Account
Template
-
7/29/2019 2274b_02
28/55
What Properties Are in a Template?
Tab Properties copiedAddress All properties except Street
Address
Account All properties except Logon Name
Profile All properties, except Profile path and Home
folder,reflect new users logon name
Organization All properties except Title
Member Of All properties
-
7/29/2019 2274b_02
29/55
Guidelines for Creating User Account Templates
Create a separate classification for each department
Create a separate group for short-term and
temporaryemployees
Set user account expiration dates for short-term andtemporary
employees
Disable the account template
Identify the account template
-
7/29/2019 2274b_02
30/55
How to Create a User Account Template
Your instructor will demonstrate how to create a useraccount
template
C
-
7/29/2019 2274b_02
31/55
Practice: Creating a User Account Template
In this practice, you will create a useraccount template
Lesson: Enabling and Unlocking User and Computer
-
7/29/2019 2274b_02
32/55
Lesson: Enabling and Unlocking User and ComputerAccounts
Why Enable and Disable User and Computer Accounts?How to Enable
and Disable User and ComputerAccounts
What Are Locked-out User Accounts?
How to Unlock User Accounts
-
7/29/2019 2274b_02
33/55
Why Enable or Disable User and Computer Accounts?
H E bl d Di bl U d C A
-
7/29/2019 2274b_02
34/55
How to Enable and Disable User and Computer Accounts
Your instructor will demonstrate how to enable anddisable user
and computer accounts
Wh t A L k d t U A t ?
-
7/29/2019 2274b_02
35/55
What Are Locked-out User Accounts?
The account lockoutthreshold:
Defines the number of failedlogon attempts
Prevents hackers fromguessing user passwords
An account can exceed theaccount lockout threshold bytoo many
failed logonattempts:
At the logon screen
At a screen saver protectedby a password
When accessing networkresources
H t U l k U A t
-
7/29/2019 2274b_02
36/55
How to Unlock User Accounts
Your instructor will demonstrate how to unlock useraccounts
Practice: Enabling and Disabling User and Computer
-
7/29/2019 2274b_02
37/55
Practice: Enabling and Disabling User and ComputerAccounts
In this practice, you will enable and disablea user account and
computer account
L R tti U d C t A t
-
7/29/2019 2274b_02
38/55
Lesson: Resetting User and Computer Accounts
When to Reset PasswordsHow to Reset Passwords
When to Reset Computer Accounts
How to Reset Computer Accounts
Wh t R t U P d
-
7/29/2019 2274b_02
39/55
When to Reset User Passwords
Reset a password when a user forgets his or herpassword
After resetting a password, a user can no longer accesssome
types of information, including:
E-mail that is encrypted with the users public key
Internet passwords that are saved on the computer
Files that the user has encrypted
How to Reset User Passwords
-
7/29/2019 2274b_02
40/55
How to Reset User Passwords
Your instructor will demonstrate how to reset userpasswords
When to Reset Computer Accounts
-
7/29/2019 2274b_02
41/55
When to Reset Computer Accounts
Reset computer accounts when:Computers fail to authenticate to
the domain
Passwords need to be synchronized
How to Reset Computer Accounts
-
7/29/2019 2274b_02
42/55
How to Reset Computer Accounts
Your instructor will demonstrate how to reset
computeraccounts
Practice: Resetting a User Account Password
-
7/29/2019 2274b_02
43/55
Practice: Resetting a User Account Password
In this practice, you will reset the passwordfor a user
account
Lesson: Locating User and Computer Accounts in
-
7/29/2019 2274b_02
44/55
g pActive Directory
Multimedia: Introduction to Locating User and ComputerAccounts
in Active Directory
Search Types
How to Search for Active Directory Objects
How to Search Using Common Queries
Using a Custom Query
Multimedia: Introduction to Locating User and Computer
-
7/29/2019 2274b_02
45/55
g pAccounts in Active Directory
This presentation will explain how to locateobjects in Active
Directory
Search Types
http://localhost/var/www/apps/conversion/tmp/scratch_5/multimedia/2274_2_A_Search.htm
-
7/29/2019 2274b_02
46/55
Search Types
Basic query criteria include:
Object type
Location
General values associated with the object, such as name
and description
How to Search for Active Directory Objects
-
7/29/2019 2274b_02
47/55
How to Search for Active Directory Objects
Your instructor will demonstrate how to search forActive
Directory objects
How to Search Using Common Queries
-
7/29/2019 2274b_02
48/55
How to Search Using Common Queries
Your instructor will demonstrate how to search forActive
Directory objects by using common queries
Using a Custom Query
-
7/29/2019 2274b_02
49/55
Using a Custom Query
(&(&(objectCategory=user)(l=Denver)(&(objectCategory=person)
(objectClass=user)(userAccountControl=1.2.840.113556.1.4.803:=2))))
Practice: Locating User and Computer Accounts
-
7/29/2019 2274b_02
50/55
Practice: Locating User and Computer Accounts
In this practice, you will locate user andcomputer accounts that
meet specificcriteria
Lesson: Saving Queries
-
7/29/2019 2274b_02
51/55
Lesson: Saving Queries
What Is a Saved Query?How to Create a Saved Query
What Is a Saved Query?
-
7/29/2019 2274b_02
52/55
What Is a Saved Query?
How to Create a Saved Query
-
7/29/2019 2274b_02
53/55
How to Create a Saved Query
Your instructor will demonstrate how to create a savedquery
Practice: Creating Saved Queries
-
7/29/2019 2274b_02
54/55
Practice: Creating Saved Queries
In this practice, you will create a savedquery for a user
account
Lab A: Managing User and Computer Accounts
-
7/29/2019 2274b_02
55/55
Lab A: Managing User and Computer Accounts
In this lab, you will:Create user and computer accounts
Move user and computer accounts
Enable user accounts
