April 20, 2009

Active Directory Primer

So many of you, (or maybe not so many) may be wondering... Wow Mitchel You've been gone so long at school, but there's no posts on anything from school.

Well I've got one for you. Two ways to look at creating users in active directory GUI (I'm working on a database project that can add multiple users in the server 2003 command line with dsadd and will talk about that when the bugs are out)

  • The first way, which is the simplest but most time consuming is to go directly to the user group or the OU that is assigned to you and click add new user or the picture of the user (single human) and when the GUI opens you fill in the name, the address, the fax number, the phone number, give them and e-mail address, create their roaming profile, create their network folder, add them to all the groups you think they fall in and then wait for the user to call and complain about which network resources they still need access to, (more on NTFS troubleshooting in the future, just remember high/high/low for principle of least privilege), and then blame their supervisor for not knowing what groups the employee should have been in.

  • The second way is to re-evaluate your current ADUC structure and make a group for each department and create a new "template" user with all the generic info about their site, add a home directory of \\server\folder\%username% (the %username% is a universal variable, if you don't understand how this saves time then google it) and the same for their roaming profile.

Now all you have to do is add their group to the security tab on the system NTFS folders in question and your done... unless you need to have your group access shares outside your local domain, don't know what an OU was, are not sure what a roaming profile is, or enjoy setting up one account at a time.

