Creating Active Directory Users
Server Academy Members Only
Sorry, this lesson is only available to Server Academy members. Create a free account now to get instant access to this and more free courses. Click the Sign Up Free button below to get access to our free courses now, or sign in if you have an account.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
In this lesson, I'll be showing you how you can create Active Directory user accounts.
Now, I am picking it up right where I left off in the last lesson and I have the Active Directory console open. If you know how that opens, you are following along in the IT lab, go ahead and open it now.
What I am going to do is expand my domain ad.serveracademy.com and I want to mention right away that it's extremely important that you create the Active Directory user account in the right location. If you created the AD user in the wrong spot that means they could get the wrong set of Group Policy security settings. So, just to explain this a little bit more, we have a full course at ServerAcademy.com for Group Policy. We are not going to get deep into it in this course, but, if I have an Organizational Unit, Server Academy, which you'll notice almost every organization has this, they'll have a Domain and then they'll have an OU that kind of mimics the same name, so I have ad.serveracademy.com. Up here is my domain and I have an OU for that where I am going to put ALL of my domain infrastructure.
So, I have Domain Admins and Domain Users. Now, it's possible that they'll be different Group Policy objects applied to this OU versus this OU. So, Domain Users and Domain Admins will get different security settings than Users in Domain Users.
That's important because you don't want to create a user in the Domain Admins if they are not supposed to be a Domain Admin because you don't want them to have more access than they should, okay? This all again would have to go back to how Group Policy and how is configured for your Domain, and you really don't know that until you open the Group Policy management console, but I just want to stress that it is important we create the AD users in the correct location.
If you guys are starting an IT job, I don't want you taking this training and then creating all your users under the root of the domain or in the Users container worst of all. We want to create everything in the Server Academy Organizational Unit where they belong.
Now, again, this is going to differ from every enterprise, so not all are going to have the same layout here, this OU I created manually and I created these OUs specifically for this IT Lab because this is generally how I see it setup. But, just note that it may be different in your workplace, and if you are not sure just ask. It never hurts to ask and that's going to be something that everyone is going to expect you to act before you just go out and figure it out on your own.
Now, with that being said there are a couple of different ways we can create a user. I am going to choose the Organizational Unit where I want to create the user account. In this case, we’ll create it under Domain Users, and we can select the New User button up here. We can right-click on the OU and choose New User. Or we can right-click once we've opened the Organizational Unit and select New User.
I am just going to choose this one, and a new pop-up will appear, and what we are going to do here is just type in the information of the user. I am going to use myself so that will be Paul Hill, and well call it paul.hill as my username. Generally, I like to use first name dot last name but every company is going to have a different naming convention for their user accounts. If you are not sure just take a look at the other user accounts and see how they are naming their users and hopefully there's some kind of standard or convention and you can follow that.
Server Academy Members Only
Want to access this lesson? Just sign up for a free Server Academy account and you'll be on your way. Already have an account? Click the Sign Up Free button to get started..
I like the tip about disabling users until the user accounts are actually required.
Very good material and the level is just right for beginner. Thanks for this.
Great explanation, for free, is more then I expected. great job
Excellent advice for disabling the account before the end user begins working.
Very informative. I like the practical application training method. 👍
You deserve the acknowledgement for the good service provided
I am from Afghanistan. I work as an IT Speciallist for a NGO I was watching your youtube channel then I find here, wish found it earlier.
I like the explanation and the great videos for free! Good material for beginners.
keep it up and I will recommend this site to my colleagues for sure. 👍
You did not say weather or not to remove ‘change password at next login’. So I removed it. And now the next lesson ‘Remove Change Password At Next Login for Sofia Pallab’ does not work even if I remove her recreate her and or enable it, then disable it.
Your Check Sofia Pallab button continues to popup an error even though its disabled. Politely speaking now may I resolve this. Can you assist to reset my lab? Please advise.
You did not say weather or not to remove ‘change password at next login’. So I removed it. And now the next lesson ‘Remove Change Password At Next Login for Sofia Pallab’ does not work even if I remove her recreate her and or enable it, then disable it.
Your Check Sofia Pallab button continues to popup an error even though ChangePasswordAtNextLogin is unchecked. Politely speaking now may I resolve this. Can you assist to reset my lab? Please advise.
Hi
HUMBLEITMAN
You can go ahead and do it again. The labs can be done multiple times with no restrictions. If you need further help let us know.
Ricardo
Good day. Is their a way to just practice IT Labs without the timer?
Hi
Conrad Laurent
There’s no way to practice IT Labs without the timer.
If you have enough computer hardware, you can practice on your physical machine following the Building you IT Lab course.
Ricardo
How do you add a user to a group when you created a user in the Domain Admin folder?
Open the User properties, click on the Member Of tab, click Add and search for the Group you would like the user to be a member of.
Hello! Thanks for the great course Paul! The only suggestion I have is that you allow the user a way to view what the password policy is. I had to spend about 10 minutes guessing what the correct format was. I know that this is addressed in the lesson for group policy, but that is another lesson entirely and goes against the course that a student would take as they process
Otherwise, thanks for the lesson!
can you go into more detail about the “Server Academy” OU? If we are creating a DC from scratch should we need to create something similar? How many of these OUs should we create? Why wouldn’t we just use the root OU?
Hi
Matt Mattice
There are multiple ways in which to create an OU structure and there’s no right or wrong way of organizing a structure since it depends from what I have seen on the size of the company.
For smaller organizations the approach of creating an OU like Server Academy works and you can create under the OUs.I have seen these under 300 employees and one site or office. Other organizations like a multinational might have a different approach. I’ll leave a link to an article that explains some considerations to take when creating the OU Structure.
https://climbtheladder.com/10-ad-ou-structure-best-practices/
https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc462797(v=msdn.10)?redirectedfrom=MSDN
Ricardo
much appriciated!
where can i download the server manager?
Hi
Al-Jhone Mercado,
Server Manager is part of Windows Server. There’s nothing to install.
Ricardo
It does not allow me to create a user. It says password requirements are not met. How do I fix this?
Hi
Intern1,
The Windows Server password requirements as below:
1. More than two contiguous characters from user name cannot be contained in password.
2. Be at least six characters in length and three of following four types of character need to be included in password.
• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Non-alphabetic characters (for example, !, $, #, %)
You can try with the lab passwords on your lab server: Pa$$w0rd, P@ssw0rd or similar.
Ricardo
but who created these rules, did they come with windows server? And how do I edit these?
These are part of the Domain Controller in Windows Server. Open Group Policy Management Editor>Domains>(domain Name)>Default Domain Policy (right Click – Edit) Computer Configuration>Policies>Windows Settings>Security Settings>Account Policies>Password Policy You should see them there.
On a regular Windows machine you can open the Local Security Policy. Check how to on the following Link:
https://green.cloud/docs/how-to-set-password-policy-in-windows-server-2019/