Configure and Troubleshoot User Accounts

Creating a computer account in an OU and restricting its rights

Follow the step-by-step instructions below:

  1. Open up Active Directory Users and Computers from Administrative Tools. (If you are not logged on as Administrator, use the Run As option, right-click Active Directory Users and Computers and select it.)
  2. Right-click domain and select New and then Organisational Unit. The name of the OU is Support.
  3. Right-click Support, then select New Computer.
  4. Enter a computer name of Supportyourname. See the example below

image053

  1. Join the domain of another server (follow the instructions provided under User Profiles section). This will automatically create an account in Computers with the name of the computer joining the domain.
  2. Change this back to a workgroup called Class from domain. This is done by:
  • Select Control Panel
  • Select Classic View
  • Select System
  • Select Computer Name
  • Select Change
  • Click Workgroup radio button and fill in name of Workgroup Class
  • Select OK.

7. Rename it to the name of the account that has been pre-staged:

  • From the Control Panel select System.
  • Select the Computer Name tab.
  • Select Change (you will get a warning, as it is a domain controller, but in Windows you can rename it).
  • Enter the pre-staged computer name.
  • Restart your computer.
  • Rejoin the domain.

You should be able to access the domain and, as the computer account has already been created, another one will not be created under Computers.

  1. In Active Directory Users and Computers on the computer that has the prestaged account (not the one that has just been renamed) select the Organisation Unit Support
  2. Right-click the computer and select Disable Account.
  3. On the computer you have renamed shut down and restart. Can you access the domain? You should not be able to as the computer account is disabled.
  4. On the domain controller that has the pre-staged computer account go into Active Directory and enable the computer account. (Select Organisation Unit Support, then right-click computer and select Enable Account.)
  5. Shut down and restart the renamed computer, you should now be able to access the domain.

Configuring and troubleshooting user accounts

Working with Bill and Ben, the users you have created earlier, you are now going to configure some of their account properties. You are also going to configure some properties for the client computer, which, when it joins Active Directory Domain, will appear under Active Directory Users and Computers. You are going to carry out these tasks for each member of the group. So you will all get the chance to do the following:

  • Manage user and computer accounts.
  • See the error messages the user would see.

An Administrator can allow users access only during working hours; this would give problems if their hours change. The default for logon hours is shown below:

image054

Modify Bill’s Account tab in Properties so he can only logon in after 6pm. Now try and log in as Bill from a client and see if you are able to.

  • You can also allow users access to only certain computers. This is done under Logon Workstations. Change Ben’s account to allow him to log on from the client he is connecting from only. (Note: You have to install NETBIOS protocol from Network Settings).
  • Check Ben can log on.
  • Now change to another computer name while he is logged on, what happens?
  • Now log off and on again. Can he connect? The system will not throw him off if already connected, but it will prevent him from logging in.

Follow the step-by-step instructions below:

  1. Select Active Directory Users and Computers from Administrative Tools.
  2. Select the Users container and right-click Bill’s user account.
  3. Select Properties.
  4. Select the Account tab and select Logon Hours.
  5. Modify the logon hours so Bill can only logon after 6:00 pm. Click OK.
  6. Try and logon as Bill. (You should not be able to unless it is after 6:00 pm. If you are already logged on as Bill, changes will not take affect until you log off.)
  7. In Active Directory Users and Computers, select the Users container.
  8. Right-click Ben’s user account.
  9. Select Properties.
  10. Select the Account tab and select Logon to.
  11. Select The following computers, and enter the name of your computer.
  12. Try logging on with Ben’s user account to (a) your computer and (b) another one in the group.
  13. You will find that you are able to log on to your computer but not the other one, as you have limited which workstations you can log on from.

If you have problems with the workstation ‘finding the domain controller’, it could be because you do not have NETBIOS installed. To install NETBIOS:

  1. From the Control Panel, select Network Connections and then Local Area Connection.
  2. Click Properties.
  3. Click Install.
  4. Select Protocol, then click Add.
  5. Select NETBIOS protocol and click OK.

If a user cannot remember their password, they will not be able to access the system. This tends to happen after holidays. You are going to reset Bill’s password. To reset a domain user account password:

  1. Open Active Directory Users and Computers.
  2. Click on the Users container and right-click Bill’s user account.
  3. Select Reset password.
  4. Enter the new password keeping to the complexity rules, otherwise it will not be accepted.
  5. Select User must change password at next logon.
  6. If Bill is currently logged on, log off and on again for changes to take effect.

Next – Manage