Scribd
Upload
900 views

3.1-3 Active Directory Objects (OU, Users and Groups)

This document provides information on creating and using different types of Active Directory objects, including organizational units (OUs), user accounts, and groups. It defines OUs as containers that hold other AD objects and notes they can be used to organize objects geographically, by function, or department. The document explains how to create an OU using Active Directory Users and Computers and provides step-by-step instructions. It also defines user accounts and computer accounts as AD objects and discusses how groups are used to provide access to resources. Finally, it includes steps for creating a new group within an OU.

Uploaded by

Gurleeyh Vills
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
900 views

3.1-3 Active Directory Objects (OU, Users and Groups)

This document provides information on creating and using different types of Active Directory objects, including organizational units (OUs), user accounts, and groups. It defines OUs as containers that hold other AD objects and notes they can be used to organize objects geographically, by function, or department. The document explains how to create an OU using Active Directory Users and Computers and provides step-by-step instructions. It also defines user accounts and computer accounts as AD objects and discusses how groups are used to provide access to resources. Finally, it includes steps for creating a new group within an OU.

Uploaded by

Gurleeyh Vills
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Information Sheet 3.

1-3

Active Directory Objects (OU, Users and Groups)

LEARNING OBJECTIVES:

After reading this INFORMATION SHEET, STUDENT(S) MUST be able to:

• Understand what are differences between OU, Users and Groups.


• Create organizational unit and groups in active directory users and computers
• Create users accounts
a) In active directory users and groups
b) Using dsadd command line option
c) Using batch script
• Create a bulk of user’s accounts using a batch script.

Introduction

Active directory (AD) is not going to work solely without its objects, Objects are
everything live under AD. As stated in (Information sheet: Active Directory) objects are
the following, Users and groups, services (i.e. Emails), resources such printers, shared
folders.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 1
09464485036
Revision # 01
What is an OU?

An organization Unit is a container that holds AD Object like User Accounts,


Computer Accounts, and Groups.

OUs help to keep your objects organized, but also are used to control what your Users
can and can’t do (among the other things)

We’ll start off building a few OUs so our Users and Computer Accounts will have a
place to live.
You can organize OUs:

• Geographically
• By function (Departments. etc.)
• But remember to KISS as much as you’re able to! Keep it Simple, Sysadmin.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 2
09464485036
Revision # 01
Creating an Organizational Unit (OU)
Creating an Organizational Unit
1. Start by opening up your Server Manager, then expand the Roles section.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 3
09464485036
Revision # 01
Computer accounts

• Allow AD to keep track and control the computers in your network. A computer
without an Account in AD can’t access the network –it’s security measure.
• It resides in OU’s which allow you to install software to all machines in OU at
once.
• When you are going to join a computer in your domain (you’ll need Admin level
credentials)
• A computer account is automatically created in AD.
OU vs Groups

OU’s keep your object organized and are used to control what users and computers
can and can’t do.

Groups are active directory objects that allow you to provide and deny access to
resources like printer folder en masse. Groups are residing in organizational unit.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 4
09464485036
Revision # 01
CREATING ORGANIZATIONAL UNIT

1. Open server manager

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 5
09464485036
Revision # 01
2. Expand the Active Directory Domain Services (click the + sign ) section >
click on Active Directory Users and Computers.

3. At this point you should be able to see your domain. In our example we are
using the itsmeismael domain. Go ahead and expand your domain (click the +
sign).

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 6
09464485036
Revision # 01
4. Now we need to create an Organizational Unit for a group to live in. In this
example we are going to create an OU for our CSS Students. To create a new
Organization Unit, right-click on your domain name, point to the New option
and then select Organizational Unit.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 7
09464485036
Revision # 01
Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 8
09464485036
Revision # 01
5. Type the name of your OU and make sure that the box is checked next
to Protect container from accidental deletion. When done, click OK.

6. We now have a new Organizational Unit in our Active Directory called CSS
Students.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 9
09464485036
Revision # 01
Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 10
09464485036
Revision # 01
CREATING A NEW GROUP

1. After creating an Organizational Unit in your Active Directory, you are ready
to create your first group. Go ahead and select your OU and then right-click in
the blank area. Next, point to New and then select Group.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 11
09464485036
Revision # 01
3. The next step is to name your Group, select the group scope and then select
the group type.

In this example we are going to name our group CSS User. We are also going to
leave the default selections for group scope is Global, and group type is
Security > click OK.

4. Our new group has been created!

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 12
09464485036
Revision # 01
USER ACCOUNTS

• it allow users to access network resources.

Creating account using server manager

1. Open Server Manager open Roles click Open Active Directory Users and
expand the domain name (itsmeismael.com). Select the Organization Unit
(CS Students) where you want to create the new user account.

2. In the empty area, right-click select New and click User. You can also right-
click the OU and click New and select User to create new user account.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 13
09464485036
Revision # 01
3. New Object dialog box will open as shown below. You can fill in the user
information like first name, lastname etc. As you can see below, there are two
user logon names. The first User logon name also called User Principal Name
(UPN) [email protected] which is email like name that can be used
to login to domain joined computers. Second user logon name (pre-Windows
2000) also called SamAccountName can also be used by user to login to
domain-joined computers in the form itsmeismael\superUser. After entering
the user details, click Next.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 14
09464485036
Revision # 01
4. Enter password for the user. You can choose various options as shown below.
Once you are done, click Next.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 15
09464485036
Revision # 01
5. View the summary then click Finish.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 16
09464485036
Revision # 01
CREATE ACCOUNTS USING COMMAND LINE

You can also add users by using DSADD command line option. IT allows you create
users using command prompt.

DSADD is a command-line option that will allow you to create users with commands.
Syntax:
dsadd user ”cn=Username,ou=OUName, dc=YOurndomain, dc=yoursuffix”

Example
dsadd user “itsmeuser, ou=CSSStudents, dc=css, dc=com”

If you are going to add users’ complete name use the following syntax.
dsadd user “itsmeuser, ou=CSSStudents, dc=css, dc=com “ –fn Ismael –ln
Balana –pwd css_2016 –mustpwd no

If you want fast and easy creation of users just use the following codes, but this time
you need type the codes using Notepad or any equivalent text editor.
1. Open notepad or notepad++ > then type an example shown below
Syntax:
dsadd user “cn=%1, ou=OUName, dc=YourDomain, dc=YourSuffix” –fn%2 –
ln%3 –pwd Password –mustchpwd yes
Example:
dsadd user “cn=%1, ou=CSSUsers, dc=itsmeismael, dc=com” –fn%2 –ln%3 –
pwd css_2016 –mustchpwd yes

2. Save it as “addUsername.bat” in accessible directory.


3. Open command line, navigate to the directory where the script resides and type:

Syntax
addOUName username firstname lastname

Example:
addCSSUsers itsmeismael Ismael Balana

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 17
09464485036
Revision # 01
4. Open server manager OU and check the result

Moving users into a Group

1. In order to move existing accounts into a group, you need to hold down the Control
key and click the user or computer accounts that you want to move into that group.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 18
09464485036
Revision # 01
2. Then you need to right-click on any one of those accounts and select Add to a
group.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 19
09464485036
Revision # 01
3. Next, Type the group name and let the machine find it.
In our example, I will type CSS Users and then click on the Check names button.
Once the name is verified and group name is found, the text will be underlined and
you can click the OK button to continue.

4. Now all of these accounts are part of our CSS Users group.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 20
09464485036
Revision # 01
Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 21
09464485036
Revision # 01
TASK SHEET 3.1-3

Title: Install active directory

Performance Objective: Given are the following materials, you should be


able to install active directory. Allotted time 30 minutes.

Supplies/Materials :

Equipment : Computer with Windows Server 2008 R2

Prerequisites: Installed and configured active directory


Steps/Procedure:
1. Read information sheet 3.1-3 Installing active directory
2. Create an Organizational Unit
Where:
Name of Organizational Unit(s) = CSS Students
3. Create two domain users
Where:
Name of first user =Your full name, Logon username = WirelessClient
Name of second user = Your full name, Logon username = Wired Client
Set the password as _admin@123 for both users
4. Create a group
Where:
Group name = CSS Group
Add your newly created domain users inside the group

Assessment Method:
Demonstration, Observation

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 22
09464485036
Revision # 01
Performance Criteria Checklist 3.1-3

Trainee’s Name: ___________________________________ Date: _________________________


During the performance of the task, did you consider the following criteria?
Grade Point
Equivalent
NO
CRITERIA YES Highest Possible
Score = 5
Lowest Possible
score = 0

Did the trainee…


1. Created an organizational unit
according to the specific given
task?
2. Created two domain users
according to job requirements?
3. Set up the group for domain
users according to specific
instruction?
4. Performed and followed
completely the given tasks?
5. Observed and performed 5S and
occupational health and safety?

Feedback

Total Points

Total Items

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 23
09464485036
Revision # 01
Signature of the Trainee/Learner

Signature of the Trainer Ismael Manic Balana

Grade Point Equivalent

The table shows the equivalent points that are used and show how they are calculated to
determine the grade point average (GPA), or index.

The highest equivalent points that trainer can give is 5 points per criterion and the lowest is 0. If
the trainee/learner accumulate scores with below two (2) grade point equivalent, she/he needs to
retake the whole given task.

Grade Point Explanation


Equivalent

5 Excellent

4 Very Good

3 Good

2 Average

1 Poor

0 Failure

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 24
09464485036
Revision # 01
TERMS AND DEFINITIONS

OU or organization unit is a container that holds AD object like user accounts,


computer accounts, and groups.

Groups are active directory objects that allow you to provide and deny access to
resources like printer folder en masse. groups are residing in organizational
unit.

DSADD is a command-line option that will allow you to create users with
commands.

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 25
09464485036
Revision # 01
REFERENCES

https://www.howtogeek.com/99323/installing-active-directory-on-server-2008-r2/

https://blogs.technet.microsoft.com/activedirectoryua/2011/07/07/a-delegation-for-

this-dns-server-cannot-be-created-because-the-authoritative-parent-zone-cannot-be-

found-or-it-does-not-run-windows-dns-server/

cssnctwo.weebly.com

www.petri.com/creating-active-directory-quizlet.com/21167195/active-directory-

flporeshmcse.blogspot.com/2009/11

www.pluralsight.com/blog/tutorials/windo

www.reddit.com/r/sysadmin/comments/3k8mm

www.mustbegeek.com/create-user-account-i

www.suse.com/.../book_security/book_secu

www.sciencedirect.com/topics/computer-scdocs.microsoft.com/en-us/office365/enter

www.grouppolicy.biz/.../best-practices-gsupport.office.com/en-us/article/Video-

Oforums.spacebattles.com

ccsethiopia.com/product_training.html

www.termpaperwarehouse.com/essay-on/1-Re

www.slideshare.net/banzonburner1/for-pri

www.baruch.cuny.edu/confluence/display/.

blog.netwrix.com/2018/06/19/how-to-add-adocs.microsoft.com/en-us/ -versions

Developed by
Document No.
Setup computer server Version 1.1.2019
Learning Outcome 3.1 ISMAEL MANIC BALANA Page
Active directory objects www.facebook.com/itsmeismael 26
09464485036
Revision # 01

You might also like