Now that we have a basic understanding of how users and groups operate , let's create nine users and divide them up among three groups.
If you have not done so, log into your server as the administrator.
Click the Start Menu , point to Administrative Tools , and click Active Directory Users and Computers .
The Active Directory Users and Computers Microsoft Management Console ( MMC ) appears:
Notice how it is split into two panes. The left pane displays the overall structure of the domain guinea.pig, while the right side shows a more detailed view of selected objects. In the left pane, click the plus (+) sign next to guinea.pig . This expands the list of objects present in our domain.
In the right pane, right-click any blank area, point to New , and click User .
The New Object-User window appears. Fill in the blank fields with user data such as this individual's name . The most important field to enter data into here is the User Logon Name . This is the name that this user will type when logging into the Active Directory domain. A good practice on creating logon names is to use the person's first name initial followed by his or her last name. You might also incorporate a middle initial if you have users with similar first/last name combinations. For example, for the user that we're creating for this exercise, Mr. Mann A. Kinn, we use mkin for the logon name. Notice the two logon name fields. One is for Windows 2000 and XP computers, and the other is for older Microsoft operating systems, such as Windows 98. Keep the pre-Windows 2000 field as is. Click Next .
Figure 3-1: The create new object-user dialog box. Use the information here to create new users to log into the Active Directory Domain.
You are now asked to enter a password for this new user, along with specifying other restrictions on how he or she may log in. For example, you may specify if this user must change the password you set here the next time he or she logs in; you may prevent the user from changing the password; you may set this password so that it never expires ; or you may completely disable this account so that the user may not log in at all. For this exercise, place a check in Password never expires and uncheck everything else.
Type a password for this user. Keep in mind that Windows Server 2003 is configured right out of the box for greater security. As a result, a password must meet certain criteria:
It cannot contain the user's account name
It must be at least six characters long
It must contain at least three of the following four categories
English upper case letters
English lower case letters
any numeric digit (based on 0 through 9)
non-alphabetic character (such as !, %, or #)
Click Next after entering the password, and click Finish .
|Get Info|| |
Although it's not a good practice, you may find times when you wish to lessen the server's rules for password complexity. This can be done in the Domain Security Policy MMC snap-in located under the Start Menu -> Administrative Tools . In the left pane, expand the plus (+) sign next to Account Policies and click Password Policy . Here, you may edit the password policies for password history (so that users may not choose the same password twice), maximum password age, minimum password age, minimum password length, whether or not the password must meet the previously mentioned complexity levels, and whether or not to store passwords using reversible encryption (plain text). You may edit any of these values by double-clicking each item.
Create eight more unique users. Notice that all users appear "loose-leaf" right out in the middle of the domain in the right pane of Active Directory Users and Computers: