DEV Community

Cover image for Exercise 2 – User Management in Active Directory
Kosisochukwu Ugochukwu
Kosisochukwu Ugochukwu

Posted on

Exercise 2 – User Management in Active Directory

INTRODUCTION

In this exercise, you will practice user management tasks in Active Directory. Think of Active Directory as a big digital phone book and security system for a company. It helps organize people, computers, and resources like printers into one central place, making it easier for administrators to manage everything.

Imagine you are the IT administrator for a company with offices in Sydney, Melbourne, and Brisbane. Each office has its own staff, and you want to make sure that:

  • Users are placed into the right Organizational Units (OUs) so they are grouped by location.
  • Contractors and employees have their own user accounts with the right passwords and expiration dates.
  • Special teams like Sydney Administrators have extra permissions to help manage accounts without giving them full control of everything.
  • You can add users into groups so permissions can be given to a whole team at once rather than one person at a time.
  • You can apply security features like Protected Users, which add extra protection to sensitive accounts.
  • If something goes wrong, you can still audit, disable, or reset accounts when needed.

By the end of this exercise, you will be simulating what an IT admin would actually do in a real company:

  • Setting up OUs for different branches of the business.
  • Creating user accounts for contractors and assigning them to the right office.
  • Creating a group for administrators in Sydney and giving them delegated permissions.
  • Securing accounts by applying restrictions and ensuring compliance with company security policies.
  • Performing everyday tasks like disabling an account when a contractor leaves or resetting a forgotten password.
  • This hands-on scenario will help you understand not just how to do these steps in Active Directory, but also why they are important in managing users and keeping an organization secure and well-organized.

Part 1 – Create Organizational Units (OUs)

Here we create three new OUs: Sydney, Melbourne, and Brisbane.

Steps:

On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Active Directory Users and Computers.

Image A

Image B
In the left panel, right-click on the tailwindtraders.internal domain.

Select New → Organizational Unit.

Image C

In the dialog box, type Sydney as the name and click OK.

Image D

Repeat the same steps to create two more OUs: Melbourne and Brisbane.

Image E

Image F

Part 2 – Create Users

You will now create three contractor accounts (one for each city) and set properties for them.

Steps:

On TAILWIND-DC1, open Active Directory Users and Computers.

Right-click the Sydney OU → select New → User.

Image G
Fill in:

Full Name: SydneyContractor

User Logon Name: SydneyContractor

Click Next.

Image I
Set the password: Pa55w.rdPa55w and confirm it.

Image J
Click Next → Finish.

Image K
Open the Sydney OU, double-click SydneyContractor.

Image L
On the Account tab → under Account expires, select End of: and set the date to Jan 1, 2030 → click OK.

Image N
Now, copy the SydneyContractor account:

Right-click SydneyContractor → select Copy.

Image O
Type:

Full Name: MelbourneContractor

User Logon Name: MelbourneContractor

Click Next.

Image P
Use the password: Pa55w.rdPa55w.rd.

Click Next → Finish.

Image R
Repeat the copy process again to create:

Image S
Full Name: BrisbaneContractor

User Logon Name: BrisbaneContractor

Image T

Password: Pa55w.rdPa55w.rd.

Image U
Move users to their correct OUs:

Image W
Drag MelbourneContractor into the Melbourne OU.

If a warning pops up → click Yes.

Image X

Drag BrisbaneContractor into the Brisbane OU.

If a warning pops up → click Yes.

Image Y

Part 3 – Create the Sydney Admins Group

You will now create a security group and add a user to it.

Steps:

On TAILWIND-DC1, open Active Directory Users and Computers.

Image Z1
Right-click the Sydney OU → select New → Group.

Image Z4
Type Sydney Administrators as the group name.

Set Group scope to Universal.

Click OK.

Image Z5

In the Sydney OU, double-click SydneyContractor.

Image Z2
Go to the Member Of tab → click Add.

Image Z3
Type Sydney Administrators.

Click Check Names → OK → OK.

Image Z6

Image Z7

Part 4 – Configure a User as a Protected User

Steps:

On TAILWIND-DC1, open Active Directory Users and Computers.

Image Z8
In the Sydney OU, double-click SydneyContractor.

Image Z9
Go to the Member Of tab → click Add.

Image Z10
Type Protected Users.

Click Check Names → OK → OK.

Image Z11

Part 5 – Delegate Security Permissions to an OU

You will allow the Sydney Administrators group to reset passwords for accounts in the Sydney OU.

Steps:

On TAILWIND-DC1, open Active Directory Users and Computers.

Image KKO
Right-click the Sydney OU → select Delegate Control.

Image N1
In the wizard:

On the Welcome page → click Next.

Image N2
Click Add, type Sydney Administrators, then click Check Names → OK → Next.

Image N3

Image N4

Image N5
On the Tasks to Delegate page → select Reset user passwords and force password change at next logon.

Image N6
Click Next → Finish.

Image 7N

Part 6 – Configure City Attribute for a User

Steps:

On TAILWIND-DC1, open Active Directory Users and Computers.

Image Z13
In the Sydney OU, right-click SydneyContractor → select Properties.

Image Z14
In the Address tab, set City to Sydney → click OK.

Image Z15
To confirm:

Right-click the tailwindtraders.internal domain → select Find.

Image Z16
In the Advanced tab, select:

Field → User → City

Image Z17
Condition: Is (exactly)

Value: Sydney

Click Find Now.

Image Z18
Click Yes when asked about searching the directory.

Image Z19
Make sure SydneyContractor shows up in the results.

Image Z20
Close the window.

Part 7 – Disable the Melbourne Contractor User

Steps:

On TAILWIND-DC1, open Active Directory Users and Computers.

Image Z21
Open the Melbourne OU.

Right-click MelbourneContractor → select Disable Account.

Image Z22

Click OK.

Image Z23

Part 8 – Reset the Password of the Brisbane Contractor User

Steps:

On TAILWIND-DC1, open Active Directory Users and Computers.

Open the Brisbane OU.

Right-click BrisbaneContractor → select Reset Password.

Image Z24

Enter the new password: Pa66w.rdPa66w
Image Z25 twice.

Click OK → then OK again on the confirmation dialog.

Image Z26

Conclusion
In this exercise, you explored how to manage users within Active Directory, including creating, modifying, and organizing user accounts. These skills are essential for ensuring proper access control and maintaining an organized directory structure in a networked environment.

Now, we will move forward to the next Exercise – Configure Security Settings, where we will focus on strengthening system protection through security configurations. Following that, we will continue with Exercise – Manage Password Policies, which will further enhance account security by enforcing strong authentication practices.

Top comments (0)