Module 2:

Managing User
and Computer
Accounts
Overview

Creating User Accounts

Creating Computer Accounts
Modifying User and Computer Account
Properties
Creating a User Account Template
Managing User and Computer
Accounts
Using Queries to Locate User and
Computer Accounts in Active Directory
Lesson: Creating User Accounts

What Is a User Account?

Names Associated with Domain User
Accounts
Guidelines for Creating a User Account
Naming Convention
User Account Placement in a Hierarchy
User Account Password Options
When to Require or Restrict Password
Changes
Tools to Create User Accounts
Practice: Creating User Accounts
Best Practices for Creating User
What Is a User Account?

Local user accounts

(stored on local computer)

Domain user accounts

(stored in Active Directory)

Windows Server 2003 Domain

Multimedia: Types of User Accounts

Names Associated with Domain
User Accounts

Name Example
User logon name Tadams

Pre—Windows
contoso\Tadams
2000 logon name

User principal
Tadams@contoso.msft
logon name
LDAP CN=terry
distinguished adams,ou=sales,dc=contos
name o,dc=msft
LDAP relative
distinguished CN=terry adams
name
Guidelines for Creating a User
Account Naming Convention

A convention for naming user

accounts
should accommodate:
Employees with identical names

Different types of employees, such as

temporary or contract employees
User Account Placement in a
Hierarchy

Geopolitical Design Business Design

North America Accounting

Users Users

South America Sales

Users Users
User Account Password Options

Account Description
Useroptions
must
Users must change their
change
passwords the next time they
password at
log on to the network
next logon
User cannot Users do not have the
change permissions to change their
password own password

Password Users’ passwords will not expire

never expires and do not need to be changed

Users cannot log on by using

Account is
the
disabled
selected account
When to Require or Restrict
Password Changes

Option Use this option when you:

Require
passwor Create new domain accounts
d Reset passwords
changes
Restrict
passwor Create local and domain service
d accounts
changes
Tools to Create User Accounts

Tools available to create user accounts

Active Directory Users and
Computers
Command-line utilities
•Dsadd
•Net user
Batch utilities
•CSVDE
•LDIFDE
• Computer Management MMC to
create local users
Practice: Creating User Accounts

In this practice, you will:

Create a local user
account by using
Computer Management
Create a domain account
by using
Active Directory Users and
Computers
Create a domain user
account by using dsadd
 Best Practices for Creating User
Accounts

Best practices for creating local user accounts

Limit the number of people who can
log on locally
Rename the Administrator account

Use strong passwords

Best practices for creating domain user accounts

Do not use the Users container for
ordinary
user accounts
Disable any account that will not be
used immediately
Require users to change their
passwords the first time that they log
on
Lesson: Creating Computer
Accounts

What Is a Computer Account?

Why Create a Computer Account?
Where Computer Accounts Are Created
in a Domain
Computer Account Options
Practice: Creating a Computer Account
What Is a Computer Account?

Identifies a computer in a
domain
Provides a means for
authenticating and auditing
computer access to the
network and to domain
resources
Is required for every computer
running:
 Windows Server 2003
 Windows XP Professional
 Windows 2000
 Windows NT
Why Create a Computer Account?

Security
 Authentication
 Auditing
Management
 Software deployment
 Desktop management
 Hardware and software inventory
through Systems Management Server
Where Computer Accounts Are
Created in a Domain

Computers that join a

domain are created in the
Computers container
Computer accounts can be
moved to
or created in other
organizational units
Computer Account Options
Practice: Creating a Computer
Account

In this practice, you will:

Create a computer account
by using Active Directory
Users and Computers
Create a computer account
by
using dsadd
Lesson: Modifying User and
Computer Account Properties

When to Modify User and Computer

Account Properties
Properties Associated with User
Accounts
Renaming a User Account
Properties Associated with Computer
Accounts
Practice: Modifying User and Computer

Account Properties
When to Modify User and
Computer Account Properties

Modify
Makeuser account
it easier to useproperties
search to:
capabilities
to find users
Match a company’s organizational
hierarchy
Determine the group membership of
a user account
Modify computer account properties to:
Assist in asset tracking (Location
property)
Document who manages a computer
(Managed By property)
Properties Associated with User
Accounts

The Properties dialog box for a user account

contains:
Renaming a User Account

The Rename User dialog box

Properties Associated with
Computer Accounts

The Properties dialog box for a computer account

contains:
Practice: Modifying User and
Computer Account Properties

In this practice, you will

modify user
and computer account
properties
Lesson: Creating a User Account
Template

What Is a User Account Template?

What Properties Are in a Template?
Guidelines for Creating User Account
Templates
Practice: Creating a User Account
Template
What Is a User Account Template?

Employs a user account with

properties meeting common user
requirements
Makes creating user accounts with
standardized configurations more
efficient

User Account
Template
What Properties Are in a Template?

Tab Properties copied

Address All properties except Street Address

Account All properties except Logon Name

All properties except Profile path and
Profile Home folder reflect new user’s logon
name
Organizatio
All properties except Title
n
Member Of All properties
Guidelines for Creating User
Account Templates

Create a separate classification for

each department

Create a separate group for short-

term and temporary employees

Set user account expiration dates for

short-term and temporary employees

Disable the account template

Identify the account template

Practice: Creating a User Account
Template

In this practice, you will

create a user account
template
Lesson: Managing User and
Computer Accounts

Why Enable or Disable User and

Computer Accounts?
What Are Locked-Out User Accounts?
When to Reset User Passwords
When to Reset Computer Accounts
Practice: Resetting and Disabling a
User Account
Why Enable or Disable User and
Computer Accounts?

Scenarios for disabling accounts

User takes a leave of absence
Creating accounts that will not be
used immediately

Tools available for disabling or

enabling accounts
Active Directory Users and Computers
Dsmod command
What Are Locked-Out User
Accounts?

Account lockout
thresholds:
 Define the number
of failed logon
attempts
 Prevent hackers
from guessing
user passwords
Logon failures can
occur:
 At the logon
screen
 At a screen saver
protected by a
password
When to Reset User Passwords

Reset a password when a user forgets

his
or her password
After the local user’s password has
been reset, the user can no longer
access some types of information
When to Reset Computer Accounts

Reset computer accounts when:

Computers fail to authenticate to the
domain
Passwords need to be synchronized
Practice: Resetting and Disabling a
User Account

In this practice, you will:

Reset a user account
password
Disable user accounts
Lesson: Using Queries to Locate
User and Computer Accounts in
Active Directory

Multimedia: Introduction to Locating

User and Computer Accounts in Active
Directory
Search Types
What Is a Saved Query?
Importing and Exporting Saved
Queries
Practice: Using Saved Queries to
Locate Users and Computers in Active
Directory
Multimedia: Introduction to
Locating User and Computer
Accounts in Active Directory

This presentation will explain

how to locate objects in Active
Directory
Search Types

Basic query criteria

include:
Object type
Location
General values
associated with
the object,
such as name
and description
What Is a Saved Query?
Importing and Exporting Saved
Queries
Practice: Using Queries to Locate
Users and Computers in Active
Directory

In this practice, you will:

Create a query to find
computer accounts in the
sales department
Export the query as an XML
file in the Admin_tools
shared folder
Lab: Managing User and Computer
Accounts

In this lab, you will:

Create user accounts
Create computer accounts
Use queries to locate objects
Modify user and computer
properties