Windows Lab 4 - Creating User Accounts
In this lab we'll setup our Active Directory infrastructure. This will include creating Organizational Units (OU) to store our user accounts. You'll create an account for you personally as well as ten other accounts manually. Then we'll create 200 user accounts using a script. After that you'll create some more OUs to help organize your users based on department.
Sharing the CIS232 Folder with the Virtual Machine
We're going to need to access resources on the physical machine from the virtual machine in order to complete this lab. We're going to use a feature of VirtualBox which will allow us to share a folder from the physical machine to the virtual machine called Shared Folders. The folder will be accessible as a network drive on the virtual machine.
You can click on the Devices drop down menu followed by Shared Folders - Shared Folder Settings. Or you can click the folder icon at the bottom of the window the click Shared Folders Settings.
Click the folder icon with the plus on it to add a shared folder.
Enter the path or browse to the CIS232 folder. If you're on a lab computer it will be in C:\CIS232. If you're using your own device it will be where ever you choose to store it. On my computer I have it in the root of my profile folder. Name the folder CIS232, check all boxes and set the mount point to z: then click Ok.
It should show the Shared Folder as a machine folder. Click Ok.
The network drive should appear immediately on the server. Open File Explorer, select the CIS232 network drive and drag the Import folder to the C: drive.
Select the C: drive and verify the Import folder is there. Once it's there we can move on to the next part.
Create GotoHull Users OU
You can close File Explorer and make sure you have Server Manager open for this next part. We'll start to create our OU structure in Active Directory using the newer Active Directory Administrative Center. Prior to this tool we did our management using Active Directory Users and Computers.
In Server Manager click the Tools drop down menu and click Active Directory Administrative Center.
The first thing we're going to do is close the orange welcome message. Click the x in the upper right corner.
If you want to enable the welcome message you can always select it from the content menu. This is a consistent feature in Active Directory Administrative Center. If you accidentally close a section you can turn it back on in the content or sections menu. You'll find this even when you're viewing the properties of an object in Active Directory, you can disable sections you don't want to see, and easily bring them back using the sections menu.
On the left side we'll see our domain. We want to create a new OU (Organizational Unit) to hold all our users in gotohull.com. By default there is already a Users container, not an OU, that holds some of the built in user accounts. We aren't going to use that built in container, instead we're going to create our own OU called "GotoHull Users". An OU will give us more capabilities that a generic built in container will. Right click on the domain gotohull on the left side, click New - Organizational Unit.
Type in the name GotoHull Users for the name of the OU and click Ok. Make sure you name it properly, a script we're going to run soon is going to look for this OU.
You can select the newly created OU by click the triangle next to the domain, in the menu that appears double click on the GotoHull Users OU.
Active Directory Administrative Center will add the GotoHull Users as a favorite listed under the domain. It will keep a collection of the OUs you access the most.
Alternatively you can select the tree view to see all Active Directory containers and OUs. We're going to spend the most of our time in the list view. You can see the Users container in tree view. If you notice the icon for a container verses an OU, they are different. Currently the only other OU is "Domain Controllers". There are many builtin containers that we're not going to touch.
Manually Create Users
Now that we have an OU for our users we're going to create a few accounts for use to use in our environment.
Switch back to list view and make sure you have GotoHull Users selected. Now we're going to create our first user account. Select New on the right side then click User.
You're going to create yourself an account first. Enter your first name and last name. Set the username to the first letter of your first name followed by your last name. Set you password to P@ssw0rd and set it to never expire. Notice fields with a red star are required.
We're going to make your account be an administrator of the domain. In order to do this we need to add your account to the Domain Admins group in the domain. Being a Domain Admin will make you an administrator of the domain, as well as any computer joined to the domain by default. Click Member Of then click Add on the right.
Type in Domain Admins for the name of the group and click Check Names. If all goes well Domain Admins will become underlined. Click Ok.
We've entered all the required information to create your account. In the past with Active Directory Users and Computes you couldn't do this in one step. You would have to create the account using a wizard, then go back and edit the account to make changes such as adding an account to Domain Admins. Click Ok.
Now we're going to create a standard (Non Domain Admin) account for Mike Smith. Open the new user screen and enter the details for Mike Smith. Make sure to set the password not to expire. DO NOT add the account to the Domain admins group. Click OK when done.
Create user accounts for the following list of people using the same settings as Mike Smith.
Chris P Cream
Import User Accounts
We have 11 user accounts in our OU at this point. We have an additional 200 users to create. This would be a pain to do manually so we're going to use a PowerShell script to import the users using a Comma Separated Variable file (CSV).
Open File Explorer and browse to the Import folder in the root of the C:\ drive.
Right click on the Import Users script and select Edit.
That will open PowerShell ISE (Integrated Scripting Environment). This will work for our lab, but Microsoft has stopped development of this tool. It's recommended we use Visual Studio Code with the PowerShell Extension. Since that's not built in and we don't have an Internet connection on the server we're going to use PowerShell ISE. The script will read in all the users from an input file and create an account for them if the username is available. Press the green play button to run the script.
You'll see the results of the script in the bottom window. It should show you all the accounts that were create if all went well.
Switch back to Active Directory Administrative Center to verify the new accounts are there. If you don't see them you may have to hit the refresh button at the top.
When the refresh is complete you should see 211 accounts in the OU.
Organize Our Users
Now that we have all these user accounts we're going to organize them based on the user's roles. In order to do that we need to create OUs for each department. Then we'll move the users into the OUs.
We're going to start off by creating the first sub OU in the GotoHull Users OU. Open Active Directory Administrative Center and select the GotoHull Users OU. Then click New on the right side and select Organizational Unit.
Enter Accounting for the name of the OU then click Ok.
You'll see the Accounting OU listed with the user accounts in the GotoHull Users OU. Create the following OU's using the same methods.
Once complete you can click the Type column header to put all the OUs at the top of the list. Verify they're all there.
Now you can click the Description header to sort all the users together based on their department.
Find the first person in the Accounting department and select them. Then hold down the Shift key and select the bottom person in the Accounting department. This will select all the users in the accounting department. We want to move them to the Accounting OU. Click the Move option on the right side.
In the box that appears select GotoHull Users then Accounting and click Ok. Repeat this process to add the correct users to the following OUs.
When you're done you should have the original 11 users and the 7 OUs that you created. In the screen shot below I sorted by Name by clicking the Name column header.
Move each one of the manually created users to the OUs listed below. Once complete your account should be the only account let in the root of GotoHull Users.
Mike Smith - Accounting
Crystal Clear - Quality
Robin Graves - Quality
Ben Dover - Information Technology
Justin Tyme - Information Technology
Anna Mull - Human Resources
Joe King - Accounting
Crystal Ball - Human Resources
Jim Nasium - Sales
Chris P Cream - Sales
Once you're complete shut down both servers and take snap shots of both machines called Lab 4 Complete.