Active Directory – Build a Company Structure
Now you have a domain you will need to create a Company Structure in AD. For this exercise you will build a fictitious company with many staff members located in different departments. We will start by creating a new user in a new department.
1. Start the AMS-DC1 virtual machine if not already started.
2. Login with the credentials canon\administrator and the password "Suppied by your Trainer".
3. Select “Active Directory Users & Computers” from the tools drop down menu.
4. Open the tree for canon.training domain to view the existing structure.
NOTE: Now we are going to create our first department (Organizational Unit) or OU.
5. Right Click the domain, select new, then “Organizational Unit”
6. As our fictional company has some service engineers we will create an OU for them. Create the OU "Service Engineers"
NOTE: The tick box for "Protect from accidental deletion" leave this ticked as you will discover more later.
7. Now we are going to create our first domain user. Right click on the new “Service Engineers OU” and select “New” then “User”.
8. Now create "yourself" as a new user, with the name convention “Firstname Surname”, using the details in a similar way to below. User logon name Frist letter of firstname DOT surname.
9. For your password please use “Canon-01” or if not something you will not forget and share with your trainer if needed.
10. Set to password to User Cannot change password and password never expires. This will require you to deselect user must change password at next login.
Give some permissions to your domain user account.
Next we will give you some special permissions in your training domain. To do this we need to make you a member of a pre-defined group. "Domain Admins"
1. Select “Users” to see the built in groups available in AD.
2. Now let’s make Your Account a member of the Domain Admins group. First we will select John from the Engineers OU, Double Click to see your account properties.
3. Select the “Member Of” tab.
4. You will see you are at present a member of “Domain Users” only, all domain users will be members of this group by default.
5. Select “Add” to add yourself to a new group.
6. Now type “Domain” into the object name search area.
7. The search will show multiple groups containing the phrase “Domain”. Select "Domain Admins" and Add.
8. Click "apply" click "ok" then i will see he is a member.
9. Click OK.
NOTE: Another useful group to add users to is the remote admins so you can login to a computer remotely (a requirement to use cloud based hardware).
10. You will not need to addyourself as the Domain Admins account has remote login rights.
NOTE: The remote admins rights also need to be applied to the remote computer to enable access. This will become clear in further excersises.
Now create a company with 300 users and 240 computers.
This would be a massive task for you to use the manual / graphical process above.
We will look at some other graphical interfaces you can use later in the training.
There are many tools available to help with this requirement.
We will have a quick look at PowerShell as a tool for AD in the next section.
If you have some time while others finish please spend some time looking at what PowerShell can do and what it is, using and internet search engine.
 |