Information Sheet 3.

1-5

Creating OUs, Users, Computer accounts

and groups and join computer clients to domain

LEARNING OBJECTIVES:

After reading this INFORMATION SHEET, STUDENT(S) MUST be able to:

Create organizational unit and groups in active directory users and computers
Create users accounts
a) In active directory users and groups
b) Using dsadd command line option
c) Using batch script
Create a bulk of users accounts using a batch script.
Join client computers to domain
We have the brain of the CSS network, but its not particularly usable yet. We need
to add in Organization Units, user Accounts, Computer Accounts, and Groups.
Well be accessing CSS DC 1 via Remote Desktop to add in all of our object, and let
replication add them to CSS DC 2.

What is an OU?
An organization Unit is a container that holds AD Object like User Accounts,
Computer Accounts, and Groups.
OUs help to keep your objects organized, but also are used to control what your Users
can and cant do (among the other things)
Well start off building a few OUs so our Users and Computer Accounts will have a
place to live.
You can organize OUs:

Geographically
By function (Departments. etc.)
But remember to KISS as much as youre able to! Keep it Simple, Sysadmin.
User accounts

it allow users to access network resources

Creating account using server manager

Create accounts using command line

DSADD is a command-line option that will allow you to create users with commands.
Syntax:
dsadd user cn=Username,ou=OUName, dc=YOurndomain, dc=yoursuffix

Example
dsadd user itsmeuser, ou=CSSStudents, dc=css, dc=com

IF you are going to add users complete name use the following syntax.
dsadd user itsmeuser, ou=CSSStudents, dc=css, dc=com fn Ismael ln
Balana pwd css_2016 mustpwd no
If you want fast and easy creation of users just use the following codes, but this time
you need type the codes using Notepad or any equivalent text editor.

1. Open notepad or notepad++ > then type an example shown below

Syntax:
dsadd user cn=%1, ou=OUName, dc=YourDomain, dc=YourSuffix fn%2
ln%3 pwd Password mustchpwd yes
Example:
dsadd user cn=%1, ou=CSSUsers, dc=itsmeismael, dc=com fn%2 ln%3
pwd css_2016 mustchpwd yes

2. Save it as addUsername.bat in accessible directory.

3. Open command line, navigate to the directory where the script resides and type:

Syntax
addOUName username firstname lastname

Example:
addCSSUsers itsmeismael Ismael Balana

4. Open server manager OUs destination and check the result

Exercise
Ismael Balana, the CEO of CSS Corp., has just sent you an Excel Sheet of 25 names a
new employees that will be needing User Accounts.

Computer accounts

Allow AD to keep track and control the computers in your network. A computer
without an Account in AD cant access the network its security measure.
It resides in OUs which allow you to install software to all machines in OU at
once.
When you are going to join a computer in your domain (youll need Admin level
credentials)
A computer account is automatically created in AD.
OU vs Groups

OUs keep your object organized and are used to control what uesers and computers
can and cant do.

Groups are active directory objects that allow you to provide and deny access to
resources like printer folder en masse. Groups are reside in organizational unit.

To join computers running Windows Server 2008 R2 and Windows 7 to the

domain

1. Log on to the computer with the local Administrator account.

2. Click Start, right-click Computer, and then click Properties.
The System dialog box opens.

3. In Computer name, domain, and workgroup settings, click Change settings.

The System Properties dialog box opens.
 Note

On computers running Windows Vista, before the System

Properties dialog box opens, the User Account Control dialog box opens,
requesting permission to continue. Click Continue to proceed.

4. Click Change. The Computer Name/Domain Changes dialog box opens.

5. In Computer Name, in Member of, select Domain, and then type the name of
the domain you want to join. For example, if the domain name is css.com,
type example.com.

6. Click OK. The Windows Security dialog box opens.

7. In Computer Name/Domain Changes, in User name, type the user name, and
in Password, type the password, and then click OK. The Computer
Name/Domain Changes dialog box opens, welcoming you to the domain.
Click OK.

8. The Computer Name/Domain Changes dialog box displays a message

indicating that you must restart the computer to apply the changes. Click OK.
9. On the System Properties dialog box, on the Computer Name tab, click Close.
The Microsoft Windows dialog box opens, and displays a message, again
indicating that you must restart the computer to apply the changes.
Click Restart Now.