Differences between revisions 13 and 26 (spanning 13 versions)
Revision 13 as of 2014-10-02 12:26:48
Size: 1139
Editor: scot
Comment:
Revision 26 as of 2016-08-21 14:33:54
Size: 2451
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
Line 4: Line 3:

In this lab you will create some organizational groups and users in
In this lab you will create some organizational groups and users in your AD.
Line 9: Line 7:
 1. Create an organizational group named {{{OU_Contractors}}}
    a. Create a global group in the {{{OU_Contractors}}} called {{{g_contractors}}}
    a. Create a user called {{{contractor}}} and put them in {{{g_contractors}}} group.
 1. Create an organizational unit named {{{OU_Contractors}}}
  a. Create a global group in the {{{OU_Contractors}}} called {{{g_contractors}}}
  a. Create a user called {{{contractor}}} and put them in {{{g_contractors}}} group.
Line 13: Line 11:
    a. Make mgr the Administrator for the {{{OU_Contractors}}} set his password as {{{Hello123Password!}}} Make sure there is no requirement to change the password.
    a. Make mgr a member of the server operators group and give the account remote desktop access.
    a. I will test mgr's ability by changing the password for "contractor"
  a. Make mgr the Administrator for the {{{OU_Contractors}}} by using the delegation wizard. Make sure the the user has "Reset user passwords..." and "Modify the membership of a group"
   1. set his password and document it in the "password" page. Make sure there is no requirement to change the password.
   1. Make mgr a member of the server operators group and give the account remote desktop access (through system, remote add user).
  a. Start Group Policy - Find the Domain Controllers Folder/OU, right click on the Default Domain Controller Policy, click edit
   1. Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignments
   1. Add the mgr user to the "Allow Logon through remote desktop services" list.
   1. From a command prompt or powershell type: gpupdate /force
  a. You will demonstrate mgr's ability by changing the password for "contractor" (Note: When you try to run server manager, it will ask for a username and password. Use the mgr username and password. After that you can run the tools from the menu and they will work for you correctly. If you run "Active Directory Users and Computers" directly without going through the server manager you will have to again use the mgr username and password each time you open it or any other tool.)
Line 20: Line 23:
   a. Add {{{g_contractors}}} group to the {{{dl_temporary}}} group.
    
  a. Add {{{g_contractors}}} group to the {{{dl_temporary}}} group.
Line 23: Line 26:
 1. Document the OU structures added and Groups added to each domain on the domains page.
 1. Do this in a new section called "Organizational Units" and "Groups"
Line 24: Line 29:
 1. Document the OU structures added and Groups added to each domain.
 2. Do this in a new page called Lab04 and Create new pages called "Organizational Units" and "Groups"
== Video Grade Guide ==
||'''Topics''' ||'''Points''' ||
||Video Shows: OU structures and groups created in the instructions ||20 ||
||Video Shows: A remote login event using the mgr user. ||30 ||
||Video Shows: the mgr user changing the password for the contractor user. ||30 ||
||Video talks through the required documentation. ||20 ||

Lab 04

Instructions

In this lab you will create some organizational groups and users in your AD.

In your primary domain:

  1. Create an organizational unit named OU_Contractors

    1. Create a global group in the OU_Contractors called g_contractors

    2. Create a user called contractor and put them in g_contractors group.

  2. Create a user mgr in the users folder.
    1. Make mgr the Administrator for the OU_Contractors by using the delegation wizard. Make sure the the user has "Reset user passwords..." and "Modify the membership of a group"

      1. set his password and document it in the "password" page. Make sure there is no requirement to change the password.
      2. Make mgr a member of the server operators group and give the account remote desktop access (through system, remote add user).
    2. Start Group Policy - Find the Domain Controllers Folder/OU, right click on the Default Domain Controller Policy, click edit
      1. Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignments
      2. Add the mgr user to the "Allow Logon through remote desktop services" list.
      3. From a command prompt or powershell type: gpupdate /force
    3. You will demonstrate mgr's ability by changing the password for "contractor" (Note: When you try to run server manager, it will ask for a username and password. Use the mgr username and password. After that you can run the tools from the menu and they will work for you correctly. If you run "Active Directory Users and Computers" directly without going through the server manager you will have to again use the mgr username and password each time you open it or any other tool.)

In your subdomain:

  1. Create a domain local group called dl_temporary in the users folder.

    1. Add g_contractors group to the dl_temporary group.

Documentation

  1. Document the OU structures added and Groups added to each domain on the domains page.
  2. Do this in a new section called "Organizational Units" and "Groups"

Video Grade Guide

Topics

Points

Video Shows: OU structures and groups created in the instructions

20

Video Shows: A remote login event using the mgr user.

30

Video Shows: the mgr user changing the password for the contractor user.

30

Video talks through the required documentation.

20

WindowsAdministration/Lab04DelegationAndShares (last edited 2024-10-03 19:39:01 by scot)