Skip to content
Site logo Site logo ucch45

Active Directory

Basics

Active directory comes with Windows Server editions. These servers have active directory domain services role. To access active directory:

  • From the server manager dashboard page > Tools
  • Select active directory users and computers

At the top level, it should be the container holding the domain. If we expand the domain, we can find OUs (organizational units):

  • Builtin contains various security groups holding special permissions. New user accounts created are assigned to a group with the specific rights in mind
  • Computers contain the domain added computers. By default any added computers to the domain will be added here
  • Users lists out the type of users there are with their assigned groups and descriptions

Organizational Units

To create an OU under our domain:

  • select the domain from left sidebar
  • under new > Organizational Unit

OU’s are protected from accidental deletion by default. To get around that:

  • from the menu bar > View > turn on Advanced features
  • right click OU and enter properties
  • under object tab uncheck “Protect object from accidental deletion”
  • now we should be able to delete an OU

Search for objects/users

To help users with their account related issues, we might often need to search it. Under the subtab below the menu bar there should be a search icon which opens up the find options.

  • we can search for various types of OUs within selected scope
  • If we want to find for a computer, we can try and search the computer name under a selected OU or a domain or the entire directory (to search within multiple domains or sub-domains)
  • from the search results, we can click and open the object and check it’s location(i.e. workstation location) under the object tab (advanced features needs to be turned on for this)

Manage user accounts

To give user accounts their appropriate privileges, we need to put users under specific OUs. Enabling advanced features from the view menu is necessary to execute a lot of these operations.

To create a new user under an OU (say for a new employee):

  • select OU > under new > User
  • fill in the name
  • standard logon username is first letter of the first name, and then the last last name (i.e. vpaul)
  • set password (for a new employee we can check the user must change password at next logon)

To add the user to a group with admin privileges:

  • enter user properties
  • under the member of tab > add or remove from group

Companies usually have Disabled Accounts or Disabled Users OU for accommodating employees who are not part of the organization anymore.

To move a user:

  • simply drag and drop the user object into an OU (i.e. disabled accounts OU)

To disable an account :

  • under user properties > under account tab
  • under account options > check Account is disabled > Apply changes
  • the AD user icon for the user should change to disabled status

To reset user password:

  • find the user object with their name
  • right-click and select reset password
  • if company work policy has an account lockout rule (i.e. after 3 failed attempts it gets locked out), we might want to check the unlock the account checkmark as well. It should show the account lock status on the password reset window

To unlock account without password reset:

  • enter user proterties
  • under account > check account status (“locked” or “unlocked”)
  • check Unlock account to unlock


© 2020-2025 Ucchas Muhury