Creating Active Directory Users

Instructions

Q&A (0)

Notes (0)

Resources (0)

Saving Progress...

Resources

There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

In this lesson, I'll be showing you how you can create Active Directory user accounts.

Now, I am picking it up right where I left off in the last lesson and I have the Active Directory console open. If you know how that opens, you are following along in the IT lab, go ahead and open it now.

aduc console
ADUC Console

What I am going to do is expand my domain ad.serveracademy.com and I want to mention right away that it's extremely important that you create the Active Directory user account in the right location. If you created the AD user in the wrong spot that means they could get the wrong set of Group Policy security settings. So, just to explain this a little bit more, we have a full course at  ServerAcademy.com for Group Policy. We are not going to get deep into it in this course, but, if I have an Organizational Unit, Server Academy, which you'll notice almost every organization has this, they'll have a Domain and then they'll have an OU that kind of mimics the same name, so I have ad.serveracademy.com. Up here is my domain and I have an OU for that where I am going to put ALL of my domain infrastructure.

aduc serveracademy ou structure
ADUC Server Academy OU Structure

So, I have Domain Admins and Domain Users. Now, it's possible that they'll be different Group Policy objects applied to this OU versus this OU. So, Domain Users and Domain Admins will get different security settings than Users in Domain Users.

That's important because you don't want to create a user in the Domain Admins if they are not supposed to be a Domain Admin because you don't want them to have more access than they should, okay? This all again would have to go back to how Group Policy and how is configured for your Domain, and you really don't know that until you open the Group Policy management console, but I just want to stress that it is important we create the AD users in the correct location.

If you guys are starting an IT job, I don't want you taking this training and then creating all your users under the root of the domain or in the Users container worst of all. We want to create everything in the Server Academy Organizational Unit where they belong.

Now, again, this is going to differ from every enterprise, so not all are going to have the same layout here, this OU I created manually and I created these OUs specifically for this IT Lab because this is generally how I see it setup. But, just note that it may be different in your workplace, and if you are not sure just ask. It never hurts to ask and that's going to be something that everyone is going to expect you to act before you just go out and figure it out on your own.

Now, with that being said there are a couple of different ways we can create a user. I am going to choose the Organizational Unit where I want to create the user account. In this case, we’ll create it under Domain Users, and we can select the New User button up here. We can right-click on the OU and choose New User. Or we can right-click once we've opened the Organizational Unit and select New User.

aduc new user
ADUC New > User

I am just going to choose this one, and a new pop-up will appear, and what we are going to do here is just type in the information of the user. I am going to use myself so that will be Paul Hill, and well call it paul.hill as my username. Generally, I like to use first name dot last name but every company is going to have a different naming convention for their user accounts. If you are not sure just take a look at the other user accounts and see how they are naming their users and hopefully there's some kind of standard or convention and you can follow that.

Server Academy Members Only

Want to access this lesson? Just sign up for a free Server Academy account and you'll be on your way. Already have an account? Click the Sign Up Free button to get started..

5 1 vote
Lesson Rating
Subscribe
Notify of
profile avatar
23 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

profile avatar
nangamsog(@nangamsog)
2 years ago

I like the tip about disabling users until the user accounts are actually required.

profile avatar
Ritva(@ritva-niemela)
Member
2 years ago

Very good material and the level is just right for beginner. Thanks for this.

profile avatar
hectora(@hectora)
2 years ago

Great explanation, for free, is more then I expected. great job

profile avatar
Liz M(@lizm)
Member
2 years ago

Excellent advice for disabling the account before the end user begins working.

profile avatar
binpotter(@benjaminp2)
2 years ago

Very informative. I like the practical application training method.  👍 

profile avatar
nkemchopa(@nkemchopa)
1 year ago

You deserve the acknowledgement for the good service provided

profile avatar
victora2(@victora2)
1 year ago

I am from Afghanistan. I work as an IT Speciallist for a NGO I was watching your youtube channel then I find here, wish found it earlier.
I like the explanation and the great videos for free! Good material for beginners.
keep it up and I will recommend this site to my colleagues for sure. 👍 

Last edited 1 year ago by Victor Alba
profile avatar
HUMBLEITMAN(@ricker)
Member
1 year ago

You did not say weather or not to remove ‘change password at next login’. So I removed it. And now the next lesson ‘Remove Change Password At Next Login for Sofia Pallab’ does not work even if I remove her recreate her and or enable it, then disable it.
Your Check Sofia Pallab button continues to popup an error even though its disabled. Politely speaking now may I resolve this. Can you assist to reset my lab? Please advise.
You did not say weather or not to remove ‘change password at next login’. So I removed it. And now the next lesson ‘Remove Change Password At Next Login for Sofia Pallab’ does not work even if I remove her recreate her and or enable it, then disable it.
Your Check Sofia Pallab button continues to popup an error even though ChangePasswordAtNextLogin is unchecked. Politely speaking now may I resolve this. Can you assist to reset my lab? Please advise.

Last edited 1 year ago by HUMBLEITMAN
profile avatar
Ricardo P(@ricardop)
Admin
Reply to  HUMBLEITMAN
1 year ago

Hi profile avatar HUMBLEITMAN

You can go ahead and do it again. The labs can be done multiple times with no restrictions. If you need further help let us know.

Ricardo

profile avatar
CLStyle(@conradl)
Member
1 year ago

Good day. Is their a way to just practice IT Labs without the timer?

profile avatar
Ricardo P(@ricardop)
Admin
Reply to  CLStyle
1 year ago

Hi profile avatar Conrad Laurent

There’s no way to practice IT Labs without the timer.

If you have enough computer hardware, you can practice on your physical machine following the Building you IT Lab course.

Ricardo

profile avatar
CLStyle(@conradl)
Member
1 year ago

How do you add a user to a group when you created a user in the Domain Admin folder?

profile avatar
Ricardo P(@ricardop)
Admin
Reply to  CLStyle
1 year ago

Open the User properties, click on the Member Of tab, click Add and search for the Group you would like the user to be a member of.

profile avatar
khristiano(@khristiano)
Member
1 year ago

Hello! Thanks for the great course Paul! The only suggestion I have is that you allow the user a way to view what the password policy is. I had to spend about 10 minutes guessing what the correct format was. I know that this is addressed in the lesson for group policy, but that is another lesson entirely and goes against the course that a student would take as they process

Otherwise, thanks for the lesson!

profile avatar
mattm2(@mattm2)
Member
1 year ago

can you go into more detail about the “Server Academy” OU? If we are creating a DC from scratch should we need to create something similar? How many of these OUs should we create? Why wouldn’t we just use the root OU?

profile avatar
Ricardo P(@ricardop)
Admin
Reply to  mattm2
1 year ago

Hi profile avatar Matt Mattice

There are multiple ways in which to create an OU structure and there’s no right or wrong way of organizing a structure since it depends from what I have seen on the size of the company.

For smaller organizations the approach of creating an OU like Server Academy works and you can create under the OUs.I have seen these under 300 employees and one site or office. Other organizations like a multinational might have a different approach. I’ll leave a link to an article that explains some considerations to take when creating the OU Structure.

https://climbtheladder.com/10-ad-ou-structure-best-practices/

https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc462797(v=msdn.10)?redirectedfrom=MSDN

Ricardo

profile avatar
mattm2(@mattm2)
Member
Reply to  Ricardo P
1 year ago

much appriciated!

profile avatar
al-jhonem(@al-jhonem)
1 year ago

where can i download the server manager?

profile avatar
Ricardo P(@ricardop)
Admin
Reply to  al-jhonem
1 year ago

Hi profile avatar Al-Jhone Mercado,

Server Manager is part of Windows Server. There’s nothing to install.

Ricardo

profile avatar
intern1(@jafara)
Member
6 months ago

It does not allow me to create a user. It says password requirements are not met. How do I fix this?

profile avatar
Ricardo P(@ricardop)
Admin
Reply to  intern1
6 months ago

Hi profile avatar Intern1,

The Windows Server password requirements as below:

1. More than two contiguous characters from user name cannot be contained in password.

2. Be at least six characters in length and three of following four types of character need to be included in password.

• English uppercase characters (A through Z)

• English lowercase characters (a through z)

• Base 10 digits (0 through 9)

• Non-alphabetic characters (for example, !, $, #, %)

You can try with the lab passwords on your lab server: Pa$$w0rd, P@ssw0rd or similar.

Ricardo

profile avatar
intern1(@jafara)
Member
Reply to  Ricardo P
6 months ago

but who created these rules, did they come with windows server? And how do I edit these?

profile avatar
Ricardo P(@ricardop)
Admin
Reply to  intern1
6 months ago

These are part of the Domain Controller in Windows Server. Open Group Policy Management Editor>Domains>(domain Name)>Default Domain Policy (right Click – Edit) Computer Configuration>Policies>Windows Settings>Security Settings>Account Policies>Password Policy You should see them there.

On a regular Windows machine you can open the Local Security Policy. Check how to on the following Link:

https://green.cloud/docs/how-to-set-password-policy-in-windows-server-2019/