Information Technology Reference
In-Depth Information
As mentioned, the only fields
required
for a valid user are a user logon name (pre-Windows
2000) and a password. However, you can get away with specifying only these two fields when
you're using DSADD. When you use Active Directory Users and Computers, you must enter a
value for the following attributes:
•
Full name
—This field is normally a composite of the First name, Initials, and Last name
fields, but you can enter a name that's different from what's in these three fields.
•
User logon name
—This field is referred to as the user principal name (UPN). As you
learned in Chapter 4, the UPN format is
logon name
@
domain
. The “@domain” part is
called the UPN suffix. You can fill in the logon name and select the domain in the drop-
down list, which is set to the current domain controller's domain by default. By using the
UPN, users can log on to their home domains from a computer that's a member of a dif-
ferent domain.
•
User logon name (pre-Windows 2000)
—Generally, this field is the same as User logon
name but need not be. It consists of the domain name (without the top-level domain), a
backslash, and the user logon name. Computers running OSs before Windows 2000 can't
be domain members, so users of these older OSs must log on to a Windows 2000 or later
domain with the format
domain
\
user
. Although the User logon name and User logon name
(pre-Windows 2000) fields can be different, it's not recommended.
•
Password and Confirm password
—These fields (see Figure 5-3) are required by default
because account policies in a Windows Server 2008 domain don't allow blank passwords.
The default password policy requires a minimum length of 7 characters and a maximum
of 127, and the password must meet complexity requirements. You can change this pass-
word policy, however.
5
Figure 5-3
Password fields
The four check boxes in Figure 5-3 are as follows:
•
User must change password at next logon
—This option, enabled by default, requires users
to create a new password the next time they log on. Typically, you use this option when
users are assigned a generic password at account creation for logging on to the domain for
the first time. After the first logon, the user is prompted to change the password so that it
complies with the password policy. This option is also used when an existing user's pass-
word is reset.
Search WWH ::
Custom Search