INTRODUCTION
In this exercise, you will practice user management tasks in Active Directory. Think of Active Directory as a big digital phone book and security system for a company. It helps organize people, computers, and resources like printers into one central place, making it easier for administrators to manage everything.
Imagine you are the IT administrator for a company with offices in Sydney, Melbourne, and Brisbane. Each office has its own staff, and you want to make sure that:
- Users are placed into the right Organizational Units (OUs) so they are grouped by location.
- Contractors and employees have their own user accounts with the right passwords and expiration dates.
- Special teams like Sydney Administrators have extra permissions to help manage accounts without giving them full control of everything.
- You can add users into groups so permissions can be given to a whole team at once rather than one person at a time.
- You can apply security features like Protected Users, which add extra protection to sensitive accounts.
- If something goes wrong, you can still audit, disable, or reset accounts when needed.
By the end of this exercise, you will be simulating what an IT admin would actually do in a real company:
- Setting up OUs for different branches of the business.
- Creating user accounts for contractors and assigning them to the right office.
- Creating a group for administrators in Sydney and giving them delegated permissions.
- Securing accounts by applying restrictions and ensuring compliance with company security policies.
- Performing everyday tasks like disabling an account when a contractor leaves or resetting a forgotten password.
- This hands-on scenario will help you understand not just how to do these steps in Active Directory, but also why they are important in managing users and keeping an organization secure and well-organized.
Part 1 – Create Organizational Units (OUs)
Here we create three new OUs: Sydney, Melbourne, and Brisbane.
Steps:
On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Active Directory Users and Computers.
In the left panel, right-click on the tailwindtraders.internal domain.
Select New → Organizational Unit.
In the dialog box, type Sydney as the name and click OK.
Repeat the same steps to create two more OUs: Melbourne and Brisbane.
Part 2 – Create Users
You will now create three contractor accounts (one for each city) and set properties for them.
Steps:
On TAILWIND-DC1, open Active Directory Users and Computers.
Right-click the Sydney OU → select New → User.
Fill in:
Full Name: SydneyContractor
User Logon Name: SydneyContractor
Click Next.
Set the password: Pa55w.rdPa55w and confirm it.
Click Next → Finish.
Open the Sydney OU, double-click SydneyContractor.
On the Account tab → under Account expires, select End of: and set the date to Jan 1, 2030 → click OK.
Now, copy the SydneyContractor account:
Right-click SydneyContractor → select Copy.
Type:
Full Name: MelbourneContractor
User Logon Name: MelbourneContractor
Click Next.
Use the password: Pa55w.rdPa55w.rd.
Click Next → Finish.
Repeat the copy process again to create:
Full Name: BrisbaneContractor
User Logon Name: BrisbaneContractor
Password: Pa55w.rdPa55w.rd.
Move users to their correct OUs:
Drag MelbourneContractor into the Melbourne OU.
If a warning pops up → click Yes.
Drag BrisbaneContractor into the Brisbane OU.
If a warning pops up → click Yes.
Part 3 – Create the Sydney Admins Group
You will now create a security group and add a user to it.
Steps:
On TAILWIND-DC1, open Active Directory Users and Computers.
Right-click the Sydney OU → select New → Group.
Type Sydney Administrators as the group name.
Set Group scope to Universal.
Click OK.
In the Sydney OU, double-click SydneyContractor.
Go to the Member Of tab → click Add.
Type Sydney Administrators.
Click Check Names → OK → OK.
Part 4 – Configure a User as a Protected User
Steps:
On TAILWIND-DC1, open Active Directory Users and Computers.
In the Sydney OU, double-click SydneyContractor.
Go to the Member Of tab → click Add.
Type Protected Users.
Click Check Names → OK → OK.
Part 5 – Delegate Security Permissions to an OU
You will allow the Sydney Administrators group to reset passwords for accounts in the Sydney OU.
Steps:
On TAILWIND-DC1, open Active Directory Users and Computers.
Right-click the Sydney OU → select Delegate Control.
In the wizard:
On the Welcome page → click Next.
Click Add, type Sydney Administrators, then click Check Names → OK → Next.
On the Tasks to Delegate page → select Reset user passwords and force password change at next logon.
Click Next → Finish.
Part 6 – Configure City Attribute for a User
Steps:
On TAILWIND-DC1, open Active Directory Users and Computers.
In the Sydney OU, right-click SydneyContractor → select Properties.
In the Address tab, set City to Sydney → click OK.
To confirm:
Right-click the tailwindtraders.internal domain → select Find.
In the Advanced tab, select:
Field → User → City
Condition: Is (exactly)
Value: Sydney
Click Find Now.
Click Yes when asked about searching the directory.
Make sure SydneyContractor shows up in the results.
Close the window.
Part 7 – Disable the Melbourne Contractor User
Steps:
On TAILWIND-DC1, open Active Directory Users and Computers.
Open the Melbourne OU.
Right-click MelbourneContractor → select Disable Account.
Click OK.
Part 8 – Reset the Password of the Brisbane Contractor User
Steps:
On TAILWIND-DC1, open Active Directory Users and Computers.
Open the Brisbane OU.
Right-click BrisbaneContractor → select Reset Password.
Enter the new password: Pa66w.rdPa66w
twice.
Click OK → then OK again on the confirmation dialog.
Conclusion
In this exercise, you explored how to manage users within Active Directory, including creating, modifying, and organizing user accounts. These skills are essential for ensuring proper access control and maintaining an organized directory structure in a networked environment.
Now, we will move forward to the next Exercise – Configure Security Settings, where we will focus on strengthening system protection through security configurations. Following that, we will continue with Exercise – Manage Password Policies, which will further enhance account security by enforcing strong authentication practices.
Top comments (0)