COHESIÓN E INTERACCIÓN ENTRE ESTUDIANTES

In this practice, you will create and manage user objects utilizing templates and com­ mand line tools.

Exercise 1: Create a User Template

1. Log on to Server01 as an administrator. 2. Open Active Directory Users And Computers. 3. Select the Employees OU in the tree pane.

4. Create a user account with the following information:

Text Box Name Enter

First Name Template

Last Name Sales Representative User Logon Name: Template.sales.rep User Logon Name (Pre–Windows 2000): Templatesalesrep

5. Click Next.

6. Select Account Is Disabled. Click Next. 7. The summary page appears. Click Finish.

Note As mentioned in the chapter’s “Before You Begin” section, you should create a group in the Security Groups OU called Sales Representatives. If you have not created such a group, do so now. Configure a global security group with the name Sales Representative.

8. Open the properties of the Template Sales Representative object. 9. Configure the following properties for the template account:

Tab Property Value

Member Of Member Of Sales Representatives

Account Logon Hours Monday–Friday, 9:00 A.M.–5:00 P.M. Account Expires Three months from the current date Organization Company Contoso

Profile Profile path \\Server1\Profiles\%Username%

Lesson 2 Creating Multiple User Objects 3-25

Exercise 2: Create Users by Copying a User Template

1. Select the Employees OU in the tree pane. 2. Select the Template Sales Representative object. 3. Click the Action menu, and then click Copy.

4. Create a new user account with the following information:

Text Box Name Enter

First Name Scott Last Name Bishop User Logon Name: Scott.Bishop User Logon Name Sbishop (pre-Windows 2000):

Account Is Disabled Clear the check box

Password/Confirm Password Enter and confirm a complex password as described ear­ lier in this chapter.

5. Click Next, and then click Finish.

6. Open the properties of the object Scott Bishop.

7.Confirm that the information configured for the template on the Member Of,

Account, and Organization Property pages were applied to the new object. 8.Because you will use this account for other exercises in the chapter, reset two

properties. On the Account tab, set the Account Expires option to Never, and set the Logon Hours so that logon is permitted at any time.

Exercise 3: Import User Objects Using CSVDE

1. Open Notepad.

2. Type the following information carefully, creating 3 lines of text: DN,objectClass,sAMAccountName,sn,givenName,userPrincipalName "CN=Danielle Tiedt,OU=Employees,

DC=contoso,DC=com",user,dtiedt,Tiedt,Danielle,[email protected] "CN=Lorrin Smith-Bates,OU=Employees, DC=contoso,DC=com",user,lsmithbates,Smith- Bates,Lorrin,[email protected]

3.Save the file as “C:\USERS.CSV” being certain to surround the filename with quote marks. Without quote marks, the file will be saved as C:\USERS.CSV.TXT.

4.Open the command prompt and type the following command:

5.If the command output confirms that the command completed successfully, open Active Directory Users and Computers to confirm that the objects were created. If the command output suggests that there were errors, open the USERS.CSV file in Notepad and correct the errors.

6.You will log on as these users later in this chapter. Because the users were imported without passwords, you must reset their passwords. Once the passwords have been configured, enable the accounts. Both the Reset Password and Enable Account commands can be found on either the Action or Objects shortcut menu. 7.If you have access to an application that can open comma-delimited text files,

such as Microsoft Excel, open C:\USERS.CSV. You will be able to interpret its structure more easily in a columnar display than in Notepad’s one-line, comma- delimited text file display.

Exercise 4: Utilize Active Directory Command-Line Tools

1.Open the command and type the following command:

dsquery user "OU=Employees, DC=Contoso,DC=Com" -stalepwd 7

2.The command, which finds user objects that have not changed their password in seven days, should list, at a minimum, the objects you created in exercises 1 and 2. If not, create one or two new user objects and then perform step 1.

3. Type the following command and press ENTER:

dsquery user "OU=Employees, DC=Contoso,DC=Com" -stalepwd 7 | dsmod user -mustchpwd yes

4.The command used the results of DSQUERY as the input for the DSMOD com­

mand. The DSMOD command configured the option “User must change password at next logon” for each object. Confirm your success by examining the Account tab of the affected objects.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.

1.What option will be most useful to generate 100 new user objects, each of which have identical profile path, home folder path, Title, Web Page, Company, Depart­ ment, and Manager settings?

Lesson 2 Creating Multiple User Objects 3-27

2.Which tool will allow you to identify accounts that have not been used for two months? a. DSADD b. DSGET c. DSMOD d. DSRM e. DSQUERY

3.What variable can be used with the DSMOD and DSADD commands to create

user-specific home folders and profile folders? a. %Username%

b. $Username$ c. CN=Username d. <Username>

4. Which tools allow you to output the telephone numbers for all users in an OU?

a. DSADD b. DSGET c. DSMOD d. DSRM e. DSQUERY

Lesson Summary

■ A user object template is an object that is copied to produce new users. If the tem­ plate is not a “real” user, it should be disabled. Only a subset of user properties are copied from templates.

■ The CSVDE command enables you to import directory objects from a comma-

delimited text file.

■ Windows Server 2003 supports powerful new command-line tools to create, man- age, and delete directory objects: DSQUERY, DSGET, DSADD, DSMOVE, DSMOD, and DSRM. Frequently, DSQUERY will produce a result set of objects that are piped as input to other commands.

Lesson 3: Managing User Profiles

You probably wouldn’t read this book if you weren’t supporting users, and you know that there are elements of the user’s system that cause the user pain when they are not present. For example, if a user logs on and does not have access to his or her Internet Explorer Favorites, or must reconfigure his or her custom dictionary, or does not see familiar shortcuts or documents on the desktop, the user’s productivity takes an instant plunge, and the help desk gets a call. Each of these examples relate to components of the user profile. Profiles can be configured to enhance their availability, security, and reliability. In this lesson, you will learn how to manage local, roaming, group, and mandatory profiles.

After this lesson, you will be able to

■ Understand the application of local and roaming user profiles ■ Configure a roaming user profile

■ Create a preconfigured roaming user or group profile ■ Configure a mandatory profile

Estimated lesson time: 15 minutes