1 00:00:05,650 --> 00:00:13,370 In this lesson I will practice with manage any user and computer objects will be focusing on accomplishing 2 00:00:13,400 --> 00:00:14,740 the following tasks. 3 00:00:14,750 --> 00:00:22,910 You then power Shell will be creating new user and computer accounts modifying user and computer objects 4 00:00:23,210 --> 00:00:27,070 enabling and disabling the user and computer accounts. 5 00:00:27,130 --> 00:00:32,520 More than a user and computer accounts delete an user and computer accounts. 6 00:00:32,570 --> 00:00:38,270 As you may know Active Directory is all about Users and Computers. 7 00:00:38,270 --> 00:00:42,840 Each user in the organization will have at least one account. 8 00:00:42,860 --> 00:00:48,250 There will be scenarios where a single user can have multiple accounts. 9 00:00:48,260 --> 00:00:56,990 This is very true in the case of I.T. users where one account is used for regular activities such as 10 00:00:56,990 --> 00:01:06,980 checking email browsing and so on whereas the other privileged account is used for managing the infrastructure. 11 00:01:06,980 --> 00:01:13,880 Apart from this there are service accounts that are designed to run a particular service. 12 00:01:13,880 --> 00:01:21,800 This shows how rapidly user accounts can grow in Active Directory environment along with the necessity 13 00:01:21,800 --> 00:01:25,700 to manage them in a much more efficient way. 14 00:01:25,730 --> 00:01:33,990 In the following lesson will be explaining how to perform User object operations using power shall. 15 00:01:34,280 --> 00:01:41,350 So let's begin with creating user accounts managing user accounts is one of the day to day jobs. 16 00:01:41,650 --> 00:01:49,970 As a Windows administrator new user adjourn companies on a frequent basis and sometimes the Walden might 17 00:01:49,970 --> 00:01:59,600 go high in such cases creating user accounts using conventional methods is a time consuming and involves 18 00:01:59,720 --> 00:02:00,580 errors. 19 00:02:00,620 --> 00:02:04,520 So the best choice in that case is automation. 20 00:02:04,610 --> 00:02:11,360 It produces less errors and it's less time consuming inactive directory. 21 00:02:11,360 --> 00:02:19,760 The manual account creation process involves graphical user interface or guru such as active directory 22 00:02:19,760 --> 00:02:25,530 Users and Computers and Active Directory administrative center. 23 00:02:25,550 --> 00:02:33,900 First let's take a look at how user creation can be done using Active Directory administrative center. 24 00:02:33,920 --> 00:02:41,960 It relies on an Active Directory power shall come on lads and to use them in the background to perform 25 00:02:41,960 --> 00:02:44,240 the Active Directory operations. 26 00:02:44,270 --> 00:02:51,330 We can started by clicking on server manager and once our manager is launched. 27 00:02:51,410 --> 00:03:01,280 We go to the upper right corner click on tools manager and launch Active Directory administrative center 28 00:03:01,580 --> 00:03:03,400 and the left side. 29 00:03:03,530 --> 00:03:12,740 We have to select our domain in my case it's control so when we select the domain the new tasks pain 30 00:03:13,010 --> 00:03:17,210 will show up in the right part of this window. 31 00:03:17,300 --> 00:03:25,450 Here you can find this new bottom will click on it and select new user. 32 00:03:25,460 --> 00:03:32,150 There are two mandatory fields that must be provided in order to create a user account. 33 00:03:32,240 --> 00:03:36,590 Full name and user Sam account name. 34 00:03:36,590 --> 00:03:43,230 Other fields are optional at the time of user creation and can be updated later. 35 00:03:43,310 --> 00:03:50,870 You might have also noticed that the password is not specified at the time of creation so active directory 36 00:03:50,900 --> 00:03:56,330 keeps this field in a disabled state until the password is set. 37 00:03:56,330 --> 00:04:03,290 Once the password is said by the administrator the user object has to be enabled explicitly. 38 00:04:03,590 --> 00:04:11,210 Similarly when a user account is created using power shell it has to be one mandatory property that 39 00:04:11,210 --> 00:04:14,480 must be passed the name parameter. 40 00:04:14,570 --> 00:04:19,630 This parameter is equivalent to the full name while in UI. 41 00:04:19,760 --> 00:04:28,610 Also the same parameter while you is used for the user same account name attribute that at the same 42 00:04:28,610 --> 00:04:35,870 time of user account creation use and power shall user account in Active Directory can be created using 43 00:04:35,900 --> 00:04:39,480 the new Dash 80 user command led. 44 00:04:39,500 --> 00:04:47,870 So let's launch power shall integrate its grouped in environment or IIS e and run the following command. 45 00:04:47,870 --> 00:04:55,760 New dash a user the name parameter and will specify user name. 46 00:04:55,790 --> 00:04:56,450 I'll type. 47 00:04:56,450 --> 00:05:03,820 Test user 1 for the testing purposes when this amount is executive executives from the power show vendor 48 00:05:04,190 --> 00:05:11,880 it creates a user account turns the default user container they count created will be in a disabled 49 00:05:11,880 --> 00:05:17,400 state because no password has been provided at the time of creation. 50 00:05:17,400 --> 00:05:25,530 This behavior is different when you create users using Active Directory Users and Computers console 51 00:05:25,830 --> 00:05:34,410 where providing a password is mandatory as you can guess these commands that we have run is not sufficient 52 00:05:34,410 --> 00:05:38,160 for creating user accounts in the production environment. 53 00:05:38,250 --> 00:05:46,950 You are required to provide well use for different attributes such as First Name Last Name display name 54 00:05:47,220 --> 00:05:54,630 password two options such as user must change password to the next time a smart office address phone 55 00:05:54,630 --> 00:05:58,680 numbers job title department and so on. 56 00:05:58,680 --> 00:06:03,170 So we need to enhance our code to populate these properties. 57 00:06:03,330 --> 00:06:10,980 At the time of log game before we start creating a full fledged user account let's see which properties 58 00:06:11,010 --> 00:06:18,390 can be populated by the new Dash 80 user command led at the time of user creation. 59 00:06:18,450 --> 00:06:27,270 You can get this simply by running the following help command get help knew the shady user detailed 60 00:06:27,560 --> 00:06:29,370 they get help command. 61 00:06:29,370 --> 00:06:32,210 You could also type just help. 62 00:06:32,310 --> 00:06:40,140 So this command led to the power shall command led to use and see the help content of any other command 63 00:06:40,140 --> 00:06:45,890 led the usage of detailed switch tales get help command led to Rahm. 64 00:06:46,050 --> 00:06:49,490 All the help content for the given command led. 65 00:06:49,530 --> 00:06:58,380 It includes a list of parameters that seem to ex an explanation of parameters and examples which is 66 00:06:58,380 --> 00:07:01,460 very useful when you run this command. 67 00:07:01,500 --> 00:07:06,920 You can find that there are various properties called attributes. 68 00:07:07,050 --> 00:07:12,150 You can set these attributes at the time of user creation. 69 00:07:12,180 --> 00:07:19,470 If the attributes you want to set is not present then you can use the other attributes parameter to 70 00:07:19,470 --> 00:07:20,360 set it. 71 00:07:20,370 --> 00:07:28,470 Note that you need to provide other attributes NAMES AND WELL USE IN hash table format while pass on 72 00:07:28,480 --> 00:07:37,650 to the other attributes parameters will take a closer look at this hash tables later on when we'll be 73 00:07:37,650 --> 00:07:40,880 talking about modifying the user properties. 74 00:07:40,890 --> 00:07:48,510 Now let's see how we can create an user account by pass and all kinds of values that we want to set 75 00:07:48,590 --> 00:07:51,270 at that same time of user creation. 76 00:07:51,270 --> 00:07:57,720 In this example will cover some of the properties that are frequently used to the time of user object 77 00:07:57,720 --> 00:07:58,760 creation. 78 00:07:58,770 --> 00:08:05,580 However you can modify this command and play around with set in other parameters. 79 00:08:05,640 --> 00:08:12,750 And remember that practice makes one perfect the path through parameter is used to return the user object 80 00:08:12,750 --> 00:08:15,540 after creation of the account. 81 00:08:15,540 --> 00:08:23,850 If this parameter is not specified the command left will not show you any output after successful creation 82 00:08:23,850 --> 00:08:24,980 of the object. 83 00:08:25,020 --> 00:08:32,900 So first we need to prepare a password for the user to do the certain since the account password Come 84 00:08:32,910 --> 00:08:38,330 on let requires the input to be in secure strewn format. 85 00:08:38,400 --> 00:08:46,110 We need to populate the password variable with the desired password as shown in this command. 86 00:08:46,380 --> 00:08:51,840 So in this command we create a variable which is equal to read. 87 00:08:51,840 --> 00:09:00,330 Host come on led with as secure as tree and parameter it means that everything that we type will be 88 00:09:00,330 --> 00:09:03,940 passed a secure stream to this wearable. 89 00:09:04,080 --> 00:09:12,080 And this will prompt you to enter the password and you'll see asterisk symbols as you enter. 90 00:09:12,180 --> 00:09:18,630 Ensure that the password to your enter should meet the password complexity of your domain. 91 00:09:18,630 --> 00:09:21,470 Otherwise the following command will fail. 92 00:09:21,480 --> 00:09:25,280 Now let's create a new user with the following command. 93 00:09:25,320 --> 00:09:35,430 We'll do that with the new ADA user command led with name parameter given name email address same account 94 00:09:35,460 --> 00:09:42,180 name account password that will be used in the variable which we have created before. 95 00:09:42,240 --> 00:09:52,500 Display name department can't receive the best parameter which will ensure that the account will be 96 00:09:52,500 --> 00:09:57,240 created in the needed overview and enabled parameter. 97 00:09:57,420 --> 00:10:04,040 Which means that the account will be enabled enabled after creation pass through parameter. 98 00:10:04,070 --> 00:10:11,970 I will he mentioned it will show us the result of this command again about pass parameter. 99 00:10:12,000 --> 00:10:20,460 Ensure that you update pass parameter to reflect the distinguished name of the O U in your environment. 100 00:10:20,460 --> 00:10:23,490 Otherwise the operation might fail. 101 00:10:23,490 --> 00:10:27,070 And also please know that pass parameter is optional. 102 00:10:27,180 --> 00:10:33,960 If you don't specify this the user account will be created in the default users container. 103 00:10:34,290 --> 00:10:42,600 And when we run this command the power Shell will return the output as follows the output shows the 104 00:10:42,840 --> 00:10:50,350 path of the object where it is created and other properties with set during the creation process. 105 00:10:50,370 --> 00:10:55,830 By default the output shows only a minimum set of attributes. 106 00:10:55,890 --> 00:11:04,720 You can see all current attributes and the values of user object using the get a the user command led. 107 00:11:04,740 --> 00:11:14,230 So let's run it get a user with identity parameter and we have to specify the user we are looking for. 108 00:11:14,370 --> 00:11:22,020 And after that properties parameter and asterisk which will find all the properties for the user we 109 00:11:22,020 --> 00:11:26,190 are looking for and we can see the output of this command.