Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Module Overview
Create and Administer User Accounts Configure User Object Attributes
User Account
A user account:
Enables authentication of a user with attributes, including a user logon name and password Is a security principal with a security identifier (SID) that can be assigned permissions to resources
In Active Directory, where it enables logon to the domain and can be assigned permissions to resources anywhere in the domain
Domain user accounts are administered with Active Directory snap-ins and commands
In the local SAM database of a member computer, where it enables logon to the local computer and can be assigned permissions to local resources
Local user accounts are administered with the Local Users and Groups snap-in
-Name: Name of user to create. If no other parameters are provided, this will also be the SAM Account name. [Parameters]: Parameters may include:
Name Attributes
User logon name (pre-Windows 2000): sAMAccountName
Unique in domain
CONTOSO\Tony.Krijnen
20-character limit
Tony.Krijnen@contoso.com
Tony Krijnen
Unique in OU so that the relative distinguished name (RDN) is unique in the OU, so that, in turn, the objects distinguished name (distinguishedName attribute) is unique in the forest Krijnen, Tony
Account Attributes
Logon Hours Log On To
Account is disabled
Store password by using reversible encryption Smart Card is required for interactive logon
Logon information
Virtual machine Logon user name Administrative user name Password 6425C-NYC-DC1 Pat.Coleman Pat.Coleman_Admin Pa$$w0rd
Lab Scenario
You are the administrator of Contoso, Ltd, an online university for adult education. Two new employees have been hired: Chris Mayo and Amy Strande. You must create accounts for these users. After some time, Chris Mayo leaves the organization, and his account must be administered according to the company policy for user account life-cycle management.
Lab Review
In this lab, which attribute can be modified to prompt for
the password when you are creating a user account with Windows PowerShell? password that does not meet the requirements of the domain?
Computers, click the View menu, and then select Advanced Features
Right-click any one of the selected users, and then click Properties
General: Description, Office, Telephone Number, Fax, Web page, E-mail Account: UPN suffix, Logon hours, Computer restrictions (logon workstations), all Account options, Account expires Address: Street, P.O. Box, City, State/province, ZIP/Postal Code, Country/region Profile: Profile path, Logon script, Home folder Organization: Job Title, Department, Company, Manager
UserDN : distinguishedName of the user Parameter value: Attribute and value to be modified
Profile tab. Profile path, logon script, home drive, and Organization tab. Department, company, and manager Member Of tab. Group membership and primary group
Logon information
Virtual machine Logon user name Administrative user name Password 6425C-NYC-DC1 Pat.Coleman Pat.Coleman_Admin Pa$$w0rd
Lab Scenario
You are the administrator of Contoso, Ltd, an online university for adult education. Changes in the Sales department require you to modify attributes of Sales users. Additionally, you decide to make it easier to create new accounts for sales people by preparing a user account template.
Lab Review
What are the options for modifying attributes of new and
existing users?
Can be edited with simple text editors such as Notepad or Microsoft Office Excel csvde -f filename -d RootDN -p SearchScope -r Filter -l ListOfAttributes RootDN. Start of export (default = domain) SearchScope. Scope of export (Base,OneLevel,Subtree) Filter. Filter within the scope (LDAP query language) ListOfAttributes. Use the LDAP name
CSVDE.exe
CSVDE.exe
csvde i -f filename [-k] i. Importdefault mode is export k. Continue past errors (such as Object Already Exists)
ldifde [-i] [-f filename] [-k] i. Importdefault mode is export k. Continue past errors (such as Object Already Exists)
Import-CSV New-ADUser
Import-CSV Users.csv | foreach {New-ADUser SamAccountName $_.SamAccountName -Name $_.Name Surname $_.Surname -GivenName $_.GivenName -Path "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" AccountPassword (ConvertTo-SecureString -AsPlainText $_.SamAccountName -Force) -Enabled $true}
Logon information
Virtual machine Logon user name Administrative user name Password 6425C-NYC-DC1 Pat.Coleman Pat.Coleman_Admin Pa$$w0rd
Lab Scenario
You are the administrator of Contoso, Ltd., an online
university for adult education. You are hiring several new employees. The Human Resources department has provided you with extracts from their database, in both comma-delimited text format and in LDIF format. You want to import those data files to create user accounts for the new hires.
Lab Review
What scenarios lend themselves to importing users with
include:
Extra administration effort to manage the service account password Difficulty in determining where a domain-based account is used as a service account Extra administration effort to mange the SPN
server:
service
Logon information
Virtual machine Logon user name Administrative user name Password 6425C-NYC-DC1
6425C-NYC-SVR1
Lab Scenario
You are a network administrator for Contoso, Ltd. You
have been asked to implement a managed service account for an application that will be installed on NYC-SVR1.
Lab Review
You need to obtain a list of all the managed service
accounts in the domain. Which cmdlet would you use? managed service account?
module