Norman McCord

Manage Users in Active Directory

This content is from a technical documentation assignment I submitted during my Fall 2023 semester at Kennesaw State University. I used Windows Server 2019 in a VM. The domains, logins, users, groups, etc. found within were created to build the documentations and have since been deleted.

1. Introduction

1.1 Background

Windows Server 2019 is a server operating system developed by Microsoft that provides a platform for running enterprise-level applications and services. Windows Server 2019 offers various features, including improved security, enhanced support for containers and virtualization, and better integration with cloud services. It is a successor to Windows Server 2016 and is often used by businesses and organizations to manage and deploy network infrastructure, data storage, and various server-based applications.

Active Directory Users and Computers (ADUC) is a management tool provided by Microsoft for administering and organizing users, groups, and computer objects within a Windows Active Directory environment (Posey, 2023). It allows network administrators to create, modify, and delete user accounts, manage group memberships, and control various aspects of user and computer security settings. ADUC is a crucial component in the administration and organization of network resources, providing a central location to manage user access and permissions, making it easier to maintain a secure and organized network infrastructure.

1.2 Before You Begin

This guide outlines the common Active Directory Users and Computers (ADUC) steps required to add, remove, and modify users as well as the steps needed to reset user passwords and unlock user accounts. Active Directory is a critical component of network management, and these tasks are necessary for maintaining a secure and efficient network environment.

This guide is intended for junior level administrators as it only contains basic tasks. The user of this guide needs to have access to a Windows Server 2019 computer, administrator-level login credentials, and knowledge of locating/opening the Server Manager Dashboard. This guide does not cover creating new membership groups, adding computers to the domain, configuring servers, configuring domain controllers, or other more advanced tasks. All tasks should take no longer than 2 minutes to complete. Consult your Lead Administrator if you do not have the needed requirements or if the task is outside the scope of this guide.

2. Cautions and Warnings

  • Caution: Ensure that you have the necessary permissions and are following security best practices when performing these tasks. See your supervisor or Lead System Administrator to ensure you have appropriate permissions to perform the steps in this guide.
  • Warning: Verify that Active Directory has been backed up before making any significant changes.

Note: These instructions and included figures were created by me using Windows Server 2019 Standard Edition on a virtual machine. Your production environment may vary.

3. Log into Windows Server and Launch ADUC

  1. Ensure you have the necessary permissions and an Administrator Login for Windows Server. At the login screen press Ctrl+Alt+Delete (See Figure 1). You will be prompted to enter a password on the following screen (Figure 2).
windows server login screen press control alt delete
Figure 1 Windows Server 2019 Login Screen
windows server login screen Password Prompt
Figure 2 Password Prompt
  1. Ensure your username is visible (shown in Figure 2 as “\Administrator”)
  2. Enter your password and press the Enter key or click the arrow next to the password box.
  3. The Server Manager Dashboard will open automatically.
  4. Open ADUC (Active Directory Users and Computers) from the “Tools” menu.

Important: Since all tasks are performed within the ADUC window, the instructions above are required prior to performing ALL the following actions.

4. Create/Remove User Accounts

4.1 Create a New User Account

  1. Open ADUC using the step in in Section 2 and Figure 3.
  2. See Figure 4 to navigate the ADUC window. Double-click the server (“nmlabs.local” in the figure below) if it is not already opened. Right-click Users, mouse over New, Select User as shown in the figure (Rackspace.com, 2020).
Create New User In Active Directory Users and Computers (ADUC) Window
Figure 4 Create New User In Active Directory Users and Computers (ADUC) Window
  1. Fill in the applicable information in the New User window.
Figure 5 Fill in user information.
Figure 5 Fill in user information.
  1. Click “Finish” and the user will be added to Active Directory.
Figure 6 Complete New User Setup
Figure 6 Complete New User Setup
  1. Verify the new user was created by selecting “Users” in the left pane of the ADUC window.
Figure 7 Verify Added User
Figure 7 Verify Added User

4.2 Remove a User Account

  1. Locate User: Find the user you want to remove, right-click the user and select “Delete.”
Figure 8 Delete User
Figure 8 Delete User
  1. Confirm the deletion when prompted.
Figure 9 Confirm User Deletion
Figure 9 Confirm User Deletion
  1. Verify the user is no longer listed.
Figure 10 User No Longer Listed
Figure 10 User No Longer Listed

4.3 Reset User Password

  1. Locate the user whose password you want to reset, right-click the user, and select “Reset Password” (Blackwell, 2023).
Figure 11 Reset User Password
Figure 11 Reset User Password
  1. Enter and confirm the new password.
Figure 12 Enter New User Password
Figure 12 Enter New User Password
  1. Click “OK” to confirm the password reset.
Figure 13 Confirm Password Reset
Figure 13 Confirm Password Reset

5. Modify User Group Membership

  1. Select “Users” from the left pane in ADUC. Right-click the user and select “Properties.
    • Note: Users can be added to or removed from group memberships in the same menu.
Figure 14 Open User Properties
Figure 14 Open User Properties
  1. Select the “Member Of” tab to show current groups.
Figure 15 Display User Memberships
Figure 15 Display User Memberships
  1. Select a group to remove and click “Remove” button.
Figure 16 Remove User Membership
Figure 16 Remove User Membership
  1. Confirm group removal by selecting “Yes.”
Figure 17 Group Removal Confirmation
Figure 17 Group Removal Confirmation
  1. Click the “Add” button (without selecting any current groups) to add the user to a new group.
Figure 18 Add User to Group
Figure 18 Add User to Group
  1. Type the name of a known group in the text box and click the “Check Names” button.
Figure 19 Checking Group Names 1
Figure 19 Checking Group Names 1
  1. If the group exists, its correct name will be displayed. Click the “OK” button.
Figure 20 Checking Group Names 2
Figure 20 Checking Group Names 2
  1. If the group is not found, double-check the name and try again. If the name fails again, or if the correct group name is not known, contact a lead administrator for support.
  1. Verify the group additions and removals were completed by checking the “Member Of” tab in the properties window again. Click “Apply” and “OK” to close the window.
Figure 21 Group Membership Verification
Figure 21 Group Membership Verification

6. Conclusion

6.1 Summary

This guide serves as a fundamental resource for Junior administrators seeking to navigate Active Directory Users and Computers to add, remove, and modify users and their memberships within the Windows Server 2019 environment. By outlining these essential steps, the document empowers administrators with the necessary knowledge to effectively oversee user accounts and basic access rights. With a strong grasp of these foundational procedures, administrators can confidently provide user support and streamline user management processes, thereby contributing to the smooth operation and maintenance of an efficient network infrastructure.

6.2 Contact Information

norm@normanmccord.com

References

Blackwell, J. (2023, March 24). Reset password via set-adaccountpassword Poweshell Cmdlet. Netwrix Blog | Insights for Cybersecurity and IT Pros. https://blog.netwrix.com/2023/03/24/set-adaccountpassword-powershell-cmdlet/

Posey, B. (2023, February 16). What is active directory users and computers? ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More. https://www.itprotoday.com/active-directory/what-active-directory-users-and-computers

Rackspace.com. (2020). Create, manage, and delete users and groups in active directory. Rackspace Technology Documentation. https://docs.rackspace.com/docs/create-manage-and-delete-users-and-groups-in-active-directory

by

Norm McCord