Part II Managing Users and Computer Accounts

Managing user and computer accounts is often your first task when you start out as a
network administrator. At smaller companies, it is routinely a part of the job for any
systems administrator, at larger companies, it may get delegated to PC support or the
helpdesk. Active Directory is a powerful directory service with a lot of flexibility and
options for managing users and computer accounts.

In this section, you will learn how to:

 Create user accounts
 Create computer accounts
 Modify User and Computer account properties
 Create a user account template
 Enable and unlock user accounts
 Locate user accounts in Active Directory
 Save queries

1. Creating User Accounts

All users within Active Directory are required to have a user account to gain access to
network resources. When planning your environment, decide on the format of the
username. Some companies choose to use firstinitialLastname, e.g. Joe Teget would be
JTeget. Larger companies often prefer to use firstname.lastname, e.g. joe.teget would be
the username for Joe Teget. This second option allows for more unique usernames than
the first.

1. Open Active Directory Users and Computers.

2. Right-click on Users, choose New, and click on User.

3. Fill out the form with the First Name, Last Name, and User Logon Name. Click
Next >.

1
 4. Enter the user's password twice. This will need to be a complex password. It
should contain three of the following four items: UPPER case letters, LOWER
case letters, numbers, or special characters (e.g. !@#$%^&*). In addition, it
should be at least 8 characters long. An example complex password: Pa55w0rd.
5. Click any of the other options necessary, click Next>.
6. Click Finish.

You can also create a new user by copying an existing user. This allows you to create
multiple user accounts with the same groups, logon scripts, etc. We will discuss copying
user accounts in the Creating a User Account Template section.

2. Creating Computer Accounts

As with user accounts, each computer connecting to your Active Directory domain
requires a computer account within the domain. This can be added by an administrator
from the workstation or can be created directly in Active Directory.

We recommend you develop a naming standard for the computers in your environment. If
you are a small company, this could be as simple as computer001, computer002. You
could differentiate between desktops and laptops if desired. We like a more descriptive
name allowing you to identify the division or department a computer is in and whether
the machine is a laptop or desktop. An example computer name could be org-mktws041
or org-hrlt008. Each of these naming structures names your organization and the
department the user is in (Marketing and HR respectively). In addition, it differentiates
between desktops (ws) and laptops (lt). The three digit number is just the next number in
a sequence.

We do recommend keeping the computer name to 14 characters or less. Pre-Windows

2000 clients cannot have computer names exceeding 14 characters, so it makes sense to
stay within this limit.

Creating a computer account is similar to creating a user account:

1. Open Active Directory Users and Computers.

2. Right-click on Computers, choose New, and click on Computer.

2
 3. Type in the desired computer name. Keep in mind the Computer name (pre-
Windows 2000) field is limited to 15 characters. Click Next >.

4. Choose whether the machine is a managed computer. If you don't know, leave it
unselected. Click Next>.
5. Click Finish.

3. Modifying User and Computer Account Properties

Active Directory makes it very easy for administrators to setup security groups and use
those groups to control access to printers, shared folders, and other resources. Once you
have setup a new user, you may want to change the login groups or add a login script for
the user. There are a lot of options available for users. To modify a user account
properties:

3
 1. Open Active Directory Users and Computers.
2. Open the Users container (or the container where you have your users).
3. Right-click on the user's name you want to modify.
4. Choose Properties.
5. Explore the different tabs and the information you can enter about a user. Active
Directory is a directory of information, so you could use it to store your company
information and use it as a true directory.

Computer Account Properties

You can also change computer account properties by following these steps.

1. Open Active Directory Users and Computers.

2. Open the Computers container (or the container where you have your
computers).
3. Right-click on the computer name you want to modify.
4. Choose Properties.
5. Explore the different tabs and the information you can enter about a computer.

4. Creating a User Account Template

A user account template is handy to use to setup multiple users. It allows you to put in a
lot of the account information, then copy the user for any new user accounts.

For example, if you marketing team has 5 groups they are members of and all reside in
the same building, it would make sense to create a dummy user account with all of that
information and then copy it whenever adding a marketing user.

4
 1. Create a new user account using the instructions above. Name the user to reflect
the group the account represents (for example, Marketing Template).
2. Change the account properties using the instructions above. Make sure you
disable the account so it cannot be actively used on the domain.
3. Right-click on the template account and choose Copy. You can then create a copy
of this account using the standard new user wizard.
4. Right-click on the new user account and make any changes necessary to its
properties.

5. Locating User and Computer Accounts in Active Directory

With a large directory, quickly finding a user or computer account is a necessity. You can
quickly find people using these steps:

1. Open Active Directory Users and Computers.

2. Right-click on the Users container (or the container where you want to search).
3. Click on Find.
4. Type in the information you want to search for.
5. Click Find Now.

6. Saving Queries

If you query the same information repeatedly, it may make sense for you to create a
Saved Query for those searches.

1. Open Active Directory Users and Computers.

2. Right-click on Saved Queries, click New, click Query.

3. Enter a name for the query and a description.
4. Click on Define Query.
5. Click on the Find: menu and choose what you are searching for. We are looking
for all users with Smith in their name, so we chose Users, Contacts, and Groups
as what we are finding.
6. Type in the information you want to search for.
7. Click OK.
8. Click OK to save your query.

Open the Saved Queries folder and double-click on a query whenever you need to look
up that information.

5
Section Review
In this section, you learned how to:
 Create user accounts
 Create computer accounts
 Modify User and Computer account properties
 Create a user account template
 Enable and unlock user accounts
 Locate user accounts in Active Directory
 Save queries

Practice Exercises

1. Create a new user account for "Jennifer Smith."

2. Create a new computer account for "USDET-WKS001."

3. Modify Jennifer Smith's account and describe her as the Marketing Manager.

4. Create a Finance Template account for members of the finance department. Create a
new account from this template for the user "Alex Temple."

5. Search the Users container for all users with "Smith" in their name.

6. Create a query for all users with "Smith" in their name and save it.