Professional Documents
Culture Documents
Lab 4 Organizational Units, Groups, Users
Lab 4 Organizational Units, Groups, Users
Lab 4 Organizational Units, Groups, Users
In this lab you will learn basic administration functions to create OU’s, groups
and users.
Warning
Notes
___ 1 Power on and log onto your Windows 2016 Server Domain controller.
An organizational unit is nothing more than a fancy name for folder. By creating
OU’s it makes it easier to manage many users and devices that belong to the OU.
___ 2 Once you’ve created a new Organizational Unit, you can right click inside of that
container and create a new user account. Try adding the users account to the local
administrator’s group on the computer.
User: student1
Password: passw0rd!@#
User: teacher1
Password: passw0rd!@#
___ 5 Under user account properties. Restrict this user (Joe Cool) to system access for on
Monday to Friday, from 8am to 5 pm. Paste screen capture of access hours.
___ 6 In your USA OU container create groups: students, faculty, and staff and choose
the security group of type universal.
Include screens shots of the members in student and staff group to verify what
users are members of these groups. >Right click group> properties > members
Right Click OU USA and select delegation control to start the wizard.
In the wizard select the group staff,
select “reset user password and force password change at next logon”
Note: you are doing this at the OU level thus if you had 1000 users this reset
would make all 1000 users change there passwords at next logon.
At Server Manager dashboard under tools > select group policy management from
the pull down.
Expand the menu in the left pane under group policy manager, until you see the
name of your domain.
Highlight default domain policy under your domain name > right click > select
edit
Once again expand the menu in the left pane under Computer Configuration >
Policies > Windows Setting > Security Settings > Account policies > Password
policies
Highlight Maximum password age in right pane > right click > properties >
Change the days of password expiration from 42 days to 30.