Professional Documents
Culture Documents
Module 02 - Managing Objects in AD DS
Module 02 - Managing Objects in AD DS
Module 02 - Managing Objects in AD DS
To begin deployment of the new branch office, you are preparing AD DS objects. As part of
this preparation, you need to create users and groups for the new branch office that will house
the Research department. Finally, you need to reset the secure channel for a computer account
that has lost connectivity to the domain in the branch office.
1. On LON-DC1, in Server Manager, click Tools, and then click Active Directory Administrative
Center.
3. In the Tasks pane, under Managers, click New, and then click Group.
8. In the Tasks pane, under Research, click New, and then click Group.
13. In the Select Users, Contacts, or Groups dialog box, in Enter the object names to select
(examples), type Cai, click Check Names, and then click OK.
14. Select the Manager can update membership list check box.
16. In the Tasks pane, under Research, click New, and then click Group.
19. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in Enter
the object names to select (examples), type Cai; Vera, click Check Names, and then click OK.
4. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in Enter
the object names to select (examples), type Managers; Research Managers, click Check
Names, and then click OK.
2. In the Tasks pane, under Research, click New, and then click User.
3. In the Create User window, in the First name field, type _Research Template.
6. In the navigation pane, click Organization, and then in the Department field, type Research.
9. In the Select Users or Contacts dialog box, in Enter the object names to select (examples),
type Cai, click Check Names, and then click OK.
12. In the Select Groups dialog box, in Enter the object names to select (examples),
type Research, and then click Check Names.In the Multiple Names Found dialog box,
select Research, and then click OK twice.
14. In the Log on script field, type \\LON-DC1\Netlogon\Logon.bat, and then click OK.
15. Click the _Research Template account, and then in the Tasks pane, under _Research Template,
click Disable.
4. In the Copy Object – User dialog box, type Research in the First name field, and then
type User in the Last name field.
5. In the User logon name field, type ResearchUser, and click Next.
7. Clear the Account is disabled check box, and then click Next.
8. Click Finish.
2. Click the Profile tab, and then ensure that the Logon script path is \\LON-
DC1\Netlogon\Logon.bat.
3. Click the Organization tab, and then ensure that the Department is Research,
the Company is Adatum, and the Manager is Cai Chu.
4. Click the Member Of tab, and then ensure that the user is a member of the Research group.
2. In the details pane, right-click the LON-CL1 computer account, and then click Reset Account.
1. Restart LON-CL1, and then attempt to sign in as Adatum\Adam with the password Pa55w.rd.
4. In the Administrator: Windows PowerShell window, type the following cmdlet, and then press
Enter:
Test-ComputerSecureChannel –Repair
6. Sign in as Adatum\Adam with the password Pa55w.rd. The sign in will succeed now.
1. On LON-DC1, in Active Directory Users and Computers, right-click Adatum.com, click New, and
then click Organizational Unit.
2. In New Object – Organizational Unit dialog box, type London in the Name field, and then
click OK.
1. Right-click the London OU, click New, and then click Group.
2. In the New Object – Group dialog box, type London Admins, and then click OK.
2. Right-click the Beth Burke user account, and then click Add to a group.
3. In the Select Groups dialog box, in Enter the object names to select (examples):, type London
Admins. Click Check Names, and then click OK.
5. Right-click the Dante Dabney user account, and then click Add to a group.
6. In the Select Groups dialog box, in Enter the object names to select (example):, type London
Helpdesk. Click Check Names, and then click OK.
1. In Active Directory Users and Computers, click View, and then click Advanced Features.
4. In the Select Users, Computers, Service Accounts or Groups dialog box, in Enter the object
names to select (example):,type London Admins. Click Check Names, and then click OK.
5. Ensure that the London Admins group is selected, check Full Control in the Allow column, and
then click OK.
9. In the Select Users, Computers, or Groups dialog box, in Enter the object names to select
(example):, type London Helpdesk. Click Check Names, click OK, and then click Next.
10. On the Tasks to Delegate page, click Create a custom task to delegate,and then click Next.
11. On the Active Directory Object Type page, click Only the following object in this folder.
12. Scroll to the bottom of the list. Click User objects, and then select the check boxes for Create
selected objects in this folder and Delete selected objects in this folder,and then click Next.
13. On the Permissions page, click Full Control, and then click Next.
2. Click Start, click Server Manager, and then click Add roles and features.
7. On the Select features page, expand Remote Server Administration Tools, and then
expand Role Administration Tools. Expand AD DS and AD LDS Tools. Select the check box
beside AD DS Tools, and then click Next.
3. Click Tools, and then click Active Directory Users and Computers.
4. Expand Adatum.com, and then click the Research OU. Notice that the icons on the toolbar to
create users, groups, or OUs are dimmed.
5. Click the London OU. Notice that those icons are available now.
6. Right-click the London OU, click New, and then click Organizational Unit.
7. In the New Object – Organizational Unit dialog box, type Laptops in the Name field, and then
click OK. The creation will succeed.
4. Expand Adatum.com, and then click the London OU. Notice that the only available icon is
the create user icon.
1. Switch to LON-DC1.
2. Right-click the Start button, and then click Windows PowerShell (Admin).
3. Create a user account for Ty Carlson in the London OU by running the following command:
New-ADUser -Name Ty -DisplayName "Ty Carlson" -GivenName Ty -Surname Carlson -Path "o
u=London,dc=adatum,dc=com"
4. Set the password for the account by running the following command:
Set-ADAccountPassword Ty
5. When you receive a prompt for the current password, press Enter.
6. When you receive a prompt for the desired password, type Pa55w.rd, and then press Enter.
7. When you receive a prompt to repeat the password, type Pa55w.rd, and then press Enter.
Enable-ADAccount Ty
9. Test the account by switching to LON-CL1, and then sign in as Ty with the password Pa55w.rd.
1. On LON-DC1, in the Administrator: Windows PowerShell window, run the following command:
2. Confirm that the user is in the group by running the following command:
Get-ADGroupMember LondonBranchUsers
20. Exercise 2: Creating and modifying AD DS objects with Windows
PowerShell
Task 4: Modify the .csv file
2. In File Explorer, expand Allfiles (E:), expand Labfiles, and then click Mod02.
3. Right-click LabUsers.ps1, and then click Edit. In Administrator: Windows PowerShell (ISE),
read the comments at the top of the script, and then identify the requirements for the header in
the .csv file.
5. In the How do you want to open this type of file (.csv)? message, click Notepad. Click OK.
FirstName,LastName,Department,DefaultPassword
8. Close Notepad.
3. Click File, and then click Save. Scroll down, and then review the contents of the script.
4. To view the users just created, type the following command, and then press Enter:
2. In the Virtual Machines list, right-click 20742B-LON-DC1, and then click Revert.