Module 3: Managing User Accounts
Module 3: Managing User Accounts
Creating User Accounts
What Is a User Account?
Names Associated with Domain User Accounts
Guidelines for Creating a User Account Naming Convention
User Account Placement in a Hierarchy
User Account Password Options
When to Require or Restrict Password Changes
Tools to Create User Accounts
Best Practices for Creating User Accounts
What Is a User Account?
Multimedia: Types of User Accounts
Domain user accounts (stored in Active Directory)
Local user accounts (stored on local computer)
Windows Server 2003 Domain
Names Associated with Domain User Accounts
Name Example
User logon name Tadams
Pre-Windows 2000 logon name
contoso\Tadams
User principal logon name
LDAP distinguished name
CN=terry adams,ou=sales,dc=contoso,dc=msft
LDAP relative distinguished name
CN=terry adams
Guidelines for Creating a User Account Naming Convention
A convention for naming user accounts should accommodate:
Employees with identical names
Different types of employees, such as temporary or contract employees
User Account Placement in a Hierarchy
Geopolitical Design
Users
North America
Users
South America
Business Design
Users
Accounting
Users
Sales
User Account Password Options
Account options Description
User must change password at next logon
Users must change their passwords the next time they log on to the network
User cannot change password
Users do not have the permissions to change their own password
Password never expires
Users’ passwords will not expire and do not need to be changed
Account is disabled
Users cannot log on by using the selected account
When to Require or Restrict Password Changes
Option Use this option when you:
Require
password
changes
Create new domain accounts
Reset passwords
Restrict password changes
Create local and domain service accounts
Tools to Create User Accounts
Tools available to create user accounts
Active Directory Users and Computers
Command-line utilities
Dsadd
Net user
Batch utilities
CSVDE
LDIFDE
Computer Management MMC to create local users
Best Practices for Creating User Accounts
Best practices for creating local user accounts
Limit the number of people who can log on locally
Best practices for creating domain user accounts
Disable any account that will not be used immediately
Require users to change their passwords the first time that they log on
Do not use the Users container for ordinary user accounts
Rename the Administrator account
Use strong passwords
When to Modify User Account Properties
Modify user account properties to:
Make it easier to use search capabilities to find users
Match a company’s organizational hierarchy
Determine the group membership of a user account
Properties Associated with User Accounts
The Properties dialog box for a user account contains:
Renaming a User Account
The Rename User dialog box
Creating a User Account Template
What Is a User Account Template?
What Properties Are in a Template?
Guidelines for Creating User Account Templates
Practice: Creating a User Account Template
What Is a User Account Template?
Employs a user account with properties meeting common user requirements
Makes creating user accounts with standardized configurations more efficient
User Account
Template
What Properties Are in a Template?
Tab Properties copied
Address All properties except Street Address
Account All properties except Logon Name
ProfileAll properties except Profile path and Home folderreflect new user’s logon name
Organization All properties except Title
Member Of All properties
Guidelines for Creating User Account Templates
Create a separate classification for each department
Create a separate group for short-term and temporary employees
Set user account expiration dates for short-term and temporary employees
Disable the account template
Identify the account template
Why Enable or Disable User Accounts?
Scenarios for disabling accounts
User takes a leave of absence
Creating accounts that will not be used immediately
Tools available for disabling or enabling accounts
Active Directory Users and Computers
Dsmod command
What Are Locked-Out User Accounts?
Account lockout thresholds:
Define the number of failed logon attempts
Prevent hackers from guessing user passwords
Logon failures can occur:
At the logon screen
At a screen saver protected by a password
When accessing network resources
When to Reset User Passwords
Reset a password when a user forgets his or her password
After the local user’s password has been reset, the user can no longer access some types of information