Organizational Units, Groups, Users Lab 4

What This Exercise Is About

What You Should Be Able to Do

The big picture of active directory / directory services is that it is a database of

which the administrator and easily control policies and permissions for all users and
devices. You can control hours of access to local computer policies of being able to
changes network setting on a local device.

In this lab you will learn basic administration functions to create OU’s, groups
and users.

Warning

Notes

Securing Operating Systems Lab 4 OU’s, Groups, Users

Organizational Units, Groups, Users Lab 4

___ 1 Power on and log onto your Windows 2016 Server Domain controller.

Go to Server Manager Dashboard.

Under “Tools” select “Active Directory Users and Computers” (ADUC).
Highlight your Domain Control name
Create an organizational unit by right clicking and choosing new ->
Organizational Unit.
Name it: USA

An organizational unit is nothing more than a fancy name for folder. By creating
OU’s it makes it easier to manage many users and devices that belong to the OU.

___ 2 Once you’ve created a new Organizational Unit, you can right click inside of that
container and create a new user account. Try adding the users account to the local
administrator’s group on the computer.

User: Joe Cool

Password: passw0rd!@#

User: student1
Password: passw0rd!@#

User: teacher1
Password: passw0rd!@#

___ 3 Administration of a user account Joe Cool

Right click on Joe Cool user account
Document what setting you have over this user?

Securing Operating Systems Lab 4 OU’s, Groups, Users

Organizational Units, Groups, Users Lab 4

___ 4 Disable and Enable user account.

Change password to: passw0rd!@#$

Document these steps

___ 5 Under user account properties. Restrict this user (Joe Cool) to system access for on
Monday to Friday, from 8am to 5 pm. Paste screen capture of access hours.

___ 6 In your USA OU container create groups: students, faculty, and staff and choose
the security group of type universal.

Document these steps

___ 7 Add user: Joe Cool to groups student and staff.

Highlight and right click user to do this.

Add user: student1 to group student.

Add user: teacher1 to group faculty.
Document these steps

Include screens shots of the members in student and staff group to verify what
users are members of these groups. >Right click group> properties > members

___ 8 Remove user Joe Cool from staff group.

Document these steps

___ 9 Permissions at the OU level

Right Click OU USA and select delegation control to start the wizard.
In the wizard select the group staff,
select “reset user password and force password change at next logon”

Note: you are doing this at the OU level thus if you had 1000 users this reset
would make all 1000 users change there passwords at next logon.

Securing Operating Systems Lab 4 OU’s, Groups, Users

Organizational Units, Groups, Users Lab 4

___ 10 Permissions at the Domain level. Changing domain password policy.

At Server Manager dashboard under tools > select group policy management from
the pull down.
Expand the menu in the left pane under group policy manager, until you see the
name of your domain.
Highlight default domain policy under your domain name > right click > select
edit

Once again expand the menu in the left pane under Computer Configuration >
Policies > Windows Setting > Security Settings > Account policies > Password
policies

Highlight Maximum password age in right pane > right click > properties >
Change the days of password expiration from 42 days to 30.

Paste a screen shot of this change.

Securing Operating Systems Lab 4 OU’s, Groups, Users