Scribd
Upload
24 views

02 - Lab 01

The document discusses how to manage user accounts in Active Directory, including creating a new user account using both the Active Directory Administrative Center GUI and PowerShell commands, moving a user account between OUs using the GUI, PowerShell, and dsmov command, and deleting a user account using the GUI, PowerShell Remove-ADUser command, and dsrm command.

Uploaded by

amine.maaq5
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
24 views

02 - Lab 01

The document discusses how to manage user accounts in Active Directory, including creating a new user account using both the Active Directory Administrative Center GUI and PowerShell commands, moving a user account between OUs using the GUI, PowerShell, and dsmov command, and deleting a user account using the GUI, PowerShell Remove-ADUser command, and dsrm command.

Uploaded by

amine.maaq5
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

02 - Lab 01

Managing user accounts


Create a new user account
Using Active Directory Administrative Center
First, open a session on domain controller VM DC01 using login Administrator and
password Pass1word;

Click on "Start Menu" button then Server Manager.

Wait few seconds until all roles are displayed then click on "AD DS" in the left pane.
on the right pane, Right click on server DC01 and select "Active Directory Administrative
Center" element.

This will open the desired console.


Click on "PROIT (local)", this will pop-up a menu with different elements to manage, down
the list click on "Users" container. On the right side of the windows, a new Tasks menu is
shown with a "New" task to create a new account.

Click on "New" then "User"


A new window is opened, we can create our user. Fields with a red star are mandatory.

In the picture bellow :

1. fields in the blue rectangle are the minimum fields to fill


2. if you want the account to be in another OU then default users container click on
change. For the time being, we change nothing.
3. If you want to protect this account from accidental deletion, you can check this box

Click on "OK".

The account is created and you can check it


Using Powershell
Below is a PowerShell command that creates a new user in the default "Users" container in
Active Directory with the username PowerShellUser and sets the password to Pass1word;

Open a PowerShell command prompt either via start menu (right click)

or by entering the command " powershell " in "run" menu (right click) :
First we convert the plaintext password to a password object we can use :

$Password = ConvertTo-SecureString "Pass1word;" -AsPlainText -Force

(no out put for this command)

This script utilizes the New-ADUser cmdlet from Active Directory module to create a new
user. This module is loaded by default in a Domain Controller.

The -Name parameter specifies the username,


-AccountPassword sets the password for the user,
-PasswordNeverExpires ensures the password doesn't expire,
and -Enabled sets the account to be enabled.

New-ADUser -Name "PowerShellUser" -AccountPassword $Password -


PasswordNeverExpires $true -Enabled $true

(no out put for this command)

You can have some output if you add -Verbose option


we finally verify using cmdlet Get-ADUser :

Get-ADUser "PowerShellUser"

Using dsadd command


To add user "DsAddUser" with the same scenario, we can use the following command from
a command prompt :

dsadd user "CN=DsAddUser,CN=Users,DC=proit,DC=local" -pwd "Pass1word;" -


pwdneverexpires yes -samid DsAddUser -disabled no

We can verify using "dsquery" command :

dsquery user "CN=DsAddUser,CN=Users,DC=proit,DC=local"


Moving a user account
We will be using a destination OU named "DestinationOU" present in the root of the domain.

Using Active Directory Administrative Center


To move a user account from a container (in our case, the default users container) to
another container (OU named DestinationOU),

right click on the user account


click on move...
select DestinationOU in the list
validate.

a window will pop-up to select destination. click on DestinationOU then validate by clicking
on OK
The user account is moved and we can check it by selecting the DestinationOU

Using PowerShell
To move the "PowerShellUser" from the default "Users" container to the DestinationOU we
can use the Move-ADObject cmdlet in PowerShell:

Get-ADUser -Identity "PowerShellUser" | Move-ADObject -TargetPath


"OU=DestinationOU,DC=proit,DC=local"

This PowerShell command does the following:

1. Retrieves the user object "PowerShellUser" using Get-ADUser .


2. Pipes the output to Move-ADObject , which moves the user object to the specified
destination OU using the -TargetPath parameter.

(The command provides no output in case of success)

We can check the account has moved using :


Get-ADUser -Identity "PowerShellUser"

Using dsmov command


Tomove user "DsAddUser" with the same scenario, we can use the following command from
a command prompt :

dsmove "CN=DsAddUser,CN=Users,DC=proit,DC=local" -newparent


"OU=DestinationOU,DC=proit,DC=local"

we can verify using dsquery command :

Deleting a user account


Using Active Directory Administrative Center
locate the user you want to delete, right click on the user and then click delete.
Confirm your action :

Done.

Using Powershell
To delete the user named "PowerShellUser" using PowerShell, you can use the Remove-
ADUser cmdlet from the Active Directory module. Here's the command:

Remove-ADUser -Identity "PowerShellUser" -Confirm:$false

This command will remove the user " PowerShellUser " from Active Directory.
The -Identity parameter specifies the identity of the user to be deleted, and -
Confirm:$false is added to bypass the confirmation prompt and directly delete the user.
Using dsrm command
You can use the dsrm command to delete a user in Active Directory from the command line.
Here's the command to delete the "DsAddUser":

dsrm "CN=DsAddUser,OU=DestinationOU,DC=proit,DC=local" -noprompt

You might also like