User accounts

Manage user accounts

2
Chapter Overview

• Creating User and Computer Objects

• Maintaining User Accounts
• Creating User Profiles
3
Creating User and Computer Objects

• Each user needs a user account to log on to a

domain or to a computer.
• Each regular network user needs a unique user
account.
4
Introducing User Accounts

• Microsoft Windows 2016 has three types of user

accounts:
• Local user accounts
• Domain user accounts
• Built-in user accounts
5
Local User Accounts

• Enable users to log on to (and access resources

on) only the computer where the user account is
located
• Reside in the computer's local security database
• Are not for use on computers that require access
to domain resources
6
Local User Accounts (Cont.)
7
Domain User Accounts

• Domain user accounts allow users to log on to the

domain and access resources anywhere on the
network.
• When a user logs on, Windows 2016
• Authenticates the user
• Creates an access token for the user
8
Domain User Accounts (Cont.)

• Domain user accounts are user objects in the

Active Directory database, which is located on
domain controllers.
• Domain user accounts are replicated to all other
domain controllers in the domain.
9
Domain User Accounts (Cont.)
10
Built-In User Accounts

• Are created automatically by Windows 2106

• The two most commonly used:
• Administrator: used to manage the overall computer and
domain configuration
• Guest: allows occasional users to log on and access
resources
11
Creating Domain User Accounts

• Use the Active Directory Users And Computers

console to create and manage domain user
accounts.
12
Active Directory Users And Computers Console
13
Creating a User Object in a Domain

• To create a user object in a domain:

1. open Server manager ,Menu Tools, and then click
Active Directory Users And Computers.
2. In the scope pane, right-click the Users folder,
click New, and then click User.
3. Configure the options in the New Object – User
dialog box, and then click Next.
4. Configure password options, and then click Next.
5. Click Finish to create the new user object.
14
The New Object – User Dialog Box
15
Configuring Password Options
16
Simplifying the Creation of User Accounts

• If you often create user objects with the same

properties, create a user template object to
simplify your work.
• Then copy the template object to create a new
user object.
17
Setting User Account Attributes

• After you create a user account, you can configure

its attributes.
• Use the Properties dialog box for the user object in
Active Directory Users And Computers.
• To open the dialog box, either double-click the user
object, or right-click the user object and then click
Properties.
18
The Properties Dialog Box of a User Object
19
Setting Personal Attributes

• Four of the tabs in the Properties dialog box

contain personal information about the user but
are not directly related to the operation of the
user object or the Active Directory service.
• These tabs are
• General
• Address
• Telephones
• Organization
20
The Address Tab
21
Setting Account Properties

• The Account tab in the Properties dialog box

contains several configurable user account
attributes, including
• User logon name
• Password options
• Account expiration options
• Logon hours
22
The Account Tab
23
Setting Logon Hours

• You can restrict the times a user can log on to the

domain.
• By default, access is permitted for all hours on all
days.
• When you click Logon Hours in the Account tab,
the Logon Hours dialog box appears.
24
The Logon Hours Dialog Box in the Account Tab
25
Setting the Computers That Users Can Log On
From

• You can restrict the computers that a user can log

on to the domain from.
• By default, a user can log on from any computer in
the domain.
• When you click Log On To in the Account tab, the
Logon Workstations dialog box appears.
26
The Logon Workstations Dialog Box in the
Account Tab
27
Lesson Summary

• There are three types of Windows 2016 user accounts:

• Local user accounts
• Domain user accounts
• Built-in user accounts
• Use Active Directory Users And Computers to create and
manage domain user accounts.
• You can configure numerous user account attributes,
including
• Personal attributes
• Account properties
• Logon hours
• The computers a user can log on from
28
Maintaining User Accounts

• User accounts require maintenance.

• In order to maintain and modify user accounts,
you need permission to administer the user
objects.
29
Disabling, Enabling, Renaming, and Deleting
User Accounts
• Disable a user account when a user will not need
the account for a long time, such as for a leave of
absence.
• You can enable the user account when the user returns.
• Rename a user account when a user's name has
changed or if you want to reassign the account to
a different user.
• Delete a user account when an employee leaves
the company.
30
Disabling, Enabling, Renaming, and Deleting
User Accounts (Cont.)

• To use Active Directory Users And Computers to

disable, enable, rename, or delete a user account:
1. Open Active Directory Users And
Computers, and then expand the console
tree until the user account is visible.
2. Right Click the user account, you can rename
or click the Properties and select tab suitable .
31
Resetting Passwords and Unlocking User
Accounts

• These tasks are performed when a user cannot log

on to the domain or the local computer because
of a password or account lockout problem.
• Members of the Administrators group, by default,
have the permissions necessary to reset passwords
and unlock user accounts.
32
Resetting Passwords

• Necessary when a user forgets a password

• To reset a password:
1. Open Active Directory Users And Computers, and
then expand the tree until the user account is
visible.
2. Click the user account, right click, and then click
Reset Password.
3. Type a new password for the user, and retype it
in the Confirm Password box.
4. Select the User Must Change Password At Next
Logon check box, and then click OK.
33
The Reset Password Dialog Box
34
Unlocking User Accounts

• Necessary when a user exceeds a specified

number of failed logon attempts
• To unlock a user account:
1. Open Active Directory Users And Computers,
and then expand the tree until the user account
is visible.
2. Right-click the user account, click Properties,
and then click the Account tab.
3. Clear the Account Is Locked Out check box.
35
Lesson Summary

• Use Active Directory Users And Computers to

disable, enable, rename, and delete user accounts.
• Disabling a user account prevents the user from
logging on, but leaves all of the account
information intact.
• Use Active Directory Users And Computers to
reset user account passwords and to unlock user
accounts.