Managing Multiple User Accounts

Managing Multiple User Accounts

You can use Active Directory Users And Computers to modify the properties of multiple accounts simultaneously . Any changes you make to the property settings are made for all the selected accounts.

You can select multiple accounts by doing the following:

• Select multiple user names for editing by holding down the Ctrl key and clicking the left mouse button on each account you want to select.

• Select a range of user names by holding down the Shift key, selecting the first account name , and then clicking the last account in the range.

When you're finished selecting accounts for management, right-click to display a shortcut menu. The options available include

• Add To A Group

  Displays the Select Group dialog box that you can use to designate the groups the selected users should be members of

• Disable Account

  Disables all the selected accounts

• Enable Account

  Enables all the selected accounts

• Move

  Moves the selected accounts to a new container or organizational unit

• Properties

  Allows you to configure a limited set of properties for multiple accounts

The Properties option is the one we'll look at in the sections that follow. As shown in Figure 10-10, the Properties On Multiple Objects dialog box has a different interface than the standard user Properties dialog box. You should note the following changes:

• Account name and password fields are no longer available. You can, however, set the DNS domain name (UPN suffix), logon hours, computer restrictions, accounts options, account expiration, and profiles.

• You must specifically select fields that you want to work with by clicking their associated check boxes. Once you do this, the value you enter in the field is applied to all the selected accounts.

Setting Profiles for Multiple Accounts

You set the profile information for multiple accounts using the options of the Profile tab. One of the best reasons to work with multiple accounts in Active Directory Users And Computers is to set all their environment profiles using a single interface. To do this, you will usually rely on the %UserName% environment variable, which lets you assign paths and file names that are based on individual user names. For example, if you assign the logon script name as %UserName%.cmd, Windows replaces this value with the user name ”and it does so for each user you're managing. Thus, bobs, janew, and ericl would all be assigned unique logon scripts and those scripts would be named Bobs .cmd, Janew.cmd, and Ericl.cmd.

An example of setting environment profile information for multiple accounts is shown in Figure 10-11. Note that the %UserName% variable is used to assign the user profile path , the user logon script name, and the home directory.

Although you might want all users to have unique files and paths, there are times when you want users to share this information. For example, if you're using mandatory profiles for users, you might want to assign a specific user profile path rather than one that's dynamically created.

Setting Logon Hours for Multiple Accounts

When you select multiple user accounts in Active Directory Users And Computers, you can manage their logon hours collectively. To do this, follow these steps:

1. Select the accounts you want to work with in Active Directory Users And Computers.

2. Right-click and then select Properties. In the Properties dialog box, select the Account tab.

3. Choose the Logon Hours check box and then click the Logon Hours button. You can then set the logon hours as discussed in the section of this chapter entitled "Configuring Logon Hours."

Setting Permitted Logon Workstations for Multiple Accounts

You set the permitted logon workstations for multiple accounts using the Logon Workstations dialog box. To access this dialog box, follow these steps:

1. Select the accounts you want to work with in Active Directory Users And Computers.

2. Right-click and then select Properties. In the Properties dialog box, select the Account tab.

3. Choose Computer Restrictions and then click Log On To.

4. If you want to allow the users to log on to any workstation, select the All Computers option button. On the other hand, if you want to specify which workstations users are permitted to use, select The Following Computers option button and then enter the names of up to eight workstations. When you click OK, these settings are applied to all the selected user accounts.

Setting Logon, Password, and Expiration Properties for Multiple Accounts

Users accounts have many options that control logon, passwords, and account expiration. You set these values in the Account tab of the Properties dialog box. When you work with multiple accounts, you must enable the option you want to work with by selecting the corresponding check box in the leftmost column. You now have two options:

• Set the option by selecting its check box. This enables the option. For example, if you were working with the Password Never Expires option, a flag is set so that the password for the selected users won't expire when you click OK.

• Don't set the option, which effectively clears the option. For example, if you were working with the Account Is Disabled option, the accounts for the selected users are reenabled when you click OK.

If you want to set the expiration date of the selected accounts, you start by selecting Account Expires and then you select the appropriate expiration value. The Never option removes any existing account expiration values. You use the End Of option to set a specific expiration date.