𧩠Step 1: Open Active Directory Tools
- Go to Server Manager β Tools β open Active Directory Users and Computers (ADUC).
- This is your main interface for managing users, groups, and organizational units (OUs).
π€ What is a User in Active Directory?
A user in Active Directory represents a person, service, or application that needs access to resources in the network.
Each user has a username (SamAccountName) and usually a password. This allows them to:
- Log in to computers
- Access files, applications, and services
- Be assigned permissions
π Example: IT-User1, john.doe, hr.manager
π€ Step 2: Create a New User
- In ADUC, navigate to the Users container or your custom Organizational Unit (OU).
- Right-click β New β User.
- Enter user details (e.g., name, username).
- Set a password and define password options (e.g., user must change at next login).
- Finish to create the user.
π₯ What is a Group in Active Directory?
A group is a collection of users, and sometimes other groups, that allows you to manage permissions and access rights collectively.
Instead of giving permissions to users one-by-one, you assign them to a group and then give permissions to the group.
π Example: HR-Group, Finance-Group, IT-Admins
𧱠Types of Groups in AD
| Group Type | Description |
| Security Group | Used for assigning permissions (e.g., to folders, printers) |
| Distribution Group | Used for sending emails (Exchange/Outlook) |
π₯ Step 3: Create and Manage Groups
- Right-click an OU β New β Group.
- Choose:
- Group Name (e.g., Finance-Group)
- Group Scope (usually Global or Universal)
- Group Type (usually Security)
- To add members: Right-click the group β Properties β Members β Add.
π’ What is an Organizational Unit (OU)?
An Organizational Unit (OU) is a container within Active Directory (AD) that helps you organize and manage users, computers, groups, and other resources in a logical and structured way.
ποΈ Step 4: Organize with Organizational Units (OUs)
OUs help you logically group users, computers, and groups.
- Right-click your domain β New β Organizational Unit.
- Give it a name (e.g.,
Sales,IT,HR). - Move objects (users, computers) into the OU by dragging or using Move.
π‘οΈ Step 5: Apply Group Policies (GPOs)
- Open Group Policy Management from Server Manager β Tools.
- Right-click an OU β Create a GPO and Link It Here.
- Edit the GPO to configure settings (e.g., password policies, desktop restrictions).
- Use
gpupdate /forceon a client machine to apply the changes.
π Step 6: Delegate Administrative Control
Use Delegation of Control Wizard to give limited admin rights to others:
- Right-click an OU β Delegate Control.
- Choose users or groups.
- Assign specific tasks (e.g., reset passwords, create users).
π Step 7: Monitor and Audit AD Activity
- Use tools like:
- Event Viewer for login and access logs.
- Active Directory Administrative Center (ADAC) for easier GUI management.
- Enable Auditing Policies through Group Policy for deeper tracking.
Final Thoughts
By learning how to manage users, groups, OUs, and policies, Iβve started to get a real handle on how powerful and flexible Active Directory can be. These basics are just the beginningβbut theyβve already made a big impact on how I manage Windows Server environments.