Information Technology Reference
In-Depth Information
As you can tell, Active Directory Users and Computers is a fairly straightforward, easy-to-
use tool for managing Active Directory objects, but not every administrator wants to use a
graphical utility to create and modify Active Directory objects. Sometimes using command-line
tools is easier or even necessary. Although this topic is explored more thoroughly in Chapters 5
and 13, the following activity introduces you to the DSADD command-line tool used to create
new objects in Active Directory.
3
Activity 3-5: Using DSADD to Create New Objects
Time Required:
10 minutes
Objective:
Create a new user with the DSADD command-line tool.
Description:
You want to get more practice creating Active Directory objects, so you decide to
create a test user by using the DSADD command-line tool and add that user to the group you
created earlier.
1. Log on to your server as Administrator, if necessary, and open a command prompt window
by clicking
Start
,
Command Prompt
.
2. At the command prompt, type
dsadd user "cn=Test User2, ou=TestOU, dc=W2k8adXX,
dc=com" -upn testuser2@w2k8adXX -Samid testuser2 -fn Test -ln User2 -pwd Password01
-memberof "cn=TestGroupG, ou=TestOU, dc=W2k8adXX, dc=com"
(replacing XX with
your student number) and press
Enter
. If you get any response other than “dsadd succeeded:
cn=Test User2,ou=TestOU,dc=W2k8adXX,dc=com,” check the command for typos and try
again.
3. This complex command creates a user named Test User2 with a logon name of testuser2 and
a password of Password01, places the user in TestOU, and makes the user a member of
TestGroupG. Close the command prompt window.
4. Open Active Directory Users and Computers, and click
TestOU
in the left pane.
5. Verify that Test User2 is there. Double-click
TestGroupG
to open its Properties dialog box,
and then click the
Members
tab to verify that this new user is a member. Click
OK
.
6. Leave Active Directory Users and Computers open for the next activity.
These steps might seem like a lot of work to create a single user, but as you learn in Chapter 5,
you can create several users at once quickly and easily with command-line tools and a text file.
Microsoft has placed an increased emphasis on command-line tools, especially with Server Core
and the new PowerShell suite of tools. You explore many of the command-line tools for server
management in Chapter 13.
In a large Active Directory environment with hundreds or thousands of users, groups, comput-
ers, and other domain objects, locating objects can be difficult for administrators and users alike.
Luckily, Active Directory Users and Computers has a search function for administrators, and
Windows Explorer incorporates an Active Directory search function for users.
You search for Active Directory objects by first selecting the type of object you're
searching for. For example, you can search for users, contacts, groups, computers, printers,
shared folders, and so forth. In a multidomain environment, you can search in a single
domain or in the entire directory (all domains). You can also limit your search to a folder
or an OU in a domain. The Find dialog box shown in Figure 3-11 is identical whether you're
searching for objects with Active Directory Users and Computers or Windows Explorer.
However, not all objects are available to all users, depending on the object's security settings
and its container.
Search WWH ::
Custom Search