Active Directory Domain Name Services Setup and Account Creation, CMD Commands

Second Installment
Second Installment

Introduction



In this lab, I will complete the post-deployment configuration for Active Directory by installing and setting up Active Directory Domain Services. Once this process is finished, I will be able to create and locate users within Active Directory.



Deployment Configuration



  1. Click "Promote this server to a domain controller"




  1. Toggle 'Add a new forest' because this is a new environment setup, meaning we don't have any existing domains or forests.




  1. Fill in the 'Root domain name' text field. Since I will be hosting my domain on a static IP, I can choose any name I like. If your domain is hosted on the internet, you may need to change the name if it is already taken by someone else.




  1. Leave all settings as they are in the Domain Controller Options, then create a password.




  1. Click "Next".


  1. Verify that the NetBIOS domain name is correct.


  1. Click "Next".




  1. Click "Next".




  1. We will encounter several error messages, but since we are setting up a basic DNS server environment on a static IP address, we don't need to worry about them. Simply click 'Next'.




  1. Your PC will restart automatically and begin applying computer settings. This process may take some time.


  1. After your computer has finished restarting, go to 'Other User' and check if 'Sign in to: (Your Domain Name)' is displayed. If it is, that means your domain is up and running. It also indicates that the user you create will be part of your domain.




With Server Manager, we can containerize and manage user computers and Organizational Units (OUs) using Active Directory Users and Computers. In this post, I will explore more of the features within Active Directory.



Finding a user in an active directory



  1. In Server Manger, navigate to Tools > Active Directory Users and Computers




  1. Right-click your domain name and click 'find'. My domain name is 'davesworld.com'




  1. Click on the directory navigation and select 'Entire Directory.' It is best practice to search the 'Entire Directory' as it will search everything. Since the user may not be in the domain or a specific directory, it is important to perform a search across the entire directory.




  1. Fill in the 'Name:' text field, search for the desired user, and click the 'Find Now' button.




  1. You should see the user show up after the previous step.




  1. Click 'View' in the navigation bar within Active Directory Users and Computers, then select 'Advanced Features.' This will provide additional information about users whenever you search for them. By repeating these steps to find a user within Active Directory, you can see which directory they belong to.




  1. Repeat the steps to find a user within the Active Directory, and then double-click the user.




  1. Click "Object" in the Properties settings.




  1. This shows which directory the user belongs to. In my case, the user 'Guest' belongs to the 'Users' directory.




Sidenote



When searching for something within your domain, right-click the domain directory and select 'Find.' In the example below, we right-clicked the 'Computer' directory to demonstrate that you may not find what you're looking for if you search within the 'Computer' directory.



Enable Recycle Bin



Enabling the recycle bin is useful because it allows you to retrieve items if you accidentally delete them.

Steps to enable recycle bin



  1. Click the Windows Start button, search for 'Windows Administrative Tools,' and then select 'Active Directory Administrative Center.'




  1. Click on your local domain name




  1. Enable the Recycle bin (located on the right sidebar).




  1. Click "ok".




  1. Click the refresh icon in the navigation bar.




  1. You should see a folder called "Deleted Objects". This is your recycle bin.




Account Creation



It is best practice to create a user with roles that can be copied, rather than manually assigning roles and permissions to each new user. This approach is scalable and saves time, especially when creating multiple user accounts.



Steps to create a user account from an existing user



  1. Right-click on an established user and copy it



  1. Then fill out the required text fields such as name and password




  1. The permissions and Active Directory settings are already configured for the user you copied from.




  1. Click "Finish".




  1. You should see the user you created in the directory where you created it.




  1. Right-click the created user and select 'Properties' to view the directories they belong to. Since the user was created by copying an existing one, they should be part of the same directories as the original user. In my case, the 'helpdesk' user should be part of the same directories as the 'Administrator'.




  1. Click "Member Of"




  1. Here, you can see which directories the user is a part of. I did a side-by-side comparison to show that the user I created by copying the 'Administrator' user is identical.




Steps to create a new user account scratch



  1. Right-click on the directory you want to create the user in and click "New".




  1. Fill in the information for the user.




  1. Create a password for the user and give them the permissions that you want them to have.




  1. When you view the properties of the newly created user, you will notice that they are not part of any directories. You will need to assign them to the desired directories individually.




CMD Commands



  1. ipconfig




The ipconfig command provides the IP address of the computer you are using.



  1. ipconfig/all




ipconfig/all command provides all the IP addresses in the network.



If you see DHCP Enabled: Yes, it means the computer is obtaining an IP address from the Dynamic Host Configuration Protocol. If you see 'DHCP Enabled: No,' the computer is using a static IP address.



What are some real-world use cases for static IPs?



Answer: A real-world use case for static IPs would be assigning a printer a static IP in a workplace. Since IP addresses can change in a workplace, it’s beneficial to assign a static IP to the printer. If the printer's IP address changes, you won’t be able to print to it. For this reason, it’s good practice to assign a static IP address to the printer, ensuring uninterrupted printing.



  1. net use


This command will tell you the shared drives that a person is connected to.



  1. net user (user domain name) /domain




This cmd command shows you information about the user domain that you enter. For example what time their password expires, what group they are a part of etc.



Sidenote



When entering commands in a terminal, the question mark (?) is there to assist you. If you're unsure of the properties or extension of a command, add a question mark to it.



Summary



In this lab, I installed Active Directory Domain Services and explored how to locate users within a domain using Active Directory Users and Computers. I also learned how to enable the Recycle Bin in Windows Server 2022 and how to create user accounts using two methods. The first method, the copy method, involves using an existing user as a template. For example, I copied my admin account to create a helpdesk account. I then reviewed how to create a new user from scratch. Lastly, I explored some useful command-line tools, such as ipconfig, net user (user domain name) /domain, and others.