In my quest to deepen my understanding of Active Directory, I've set up a home lab to explore various tasks, from adding new users to creating Group Policy Objects (GPOs).

I will be doing the following below:

Adding a New User to a Domain: One of the fundamental tasks in Active Directory is adding a new user to a domain. Using Remote Server Administration Tools (RSAT), I'll demonstrate how to join a Windows computer to the domain and create a new user account with limited functions, perfect for a helpdesk scenario.

Creating a New User in Active Directory: In Active Directory Users and Computers (ADUC), I'll show you how to create a new user account from scratch. We'll go through the process of specifying user details such as name, username, password, and group memberships, essential for effective user management.

Searching for a New User: Once a new user is created, it's crucial to be able to find them quickly within Active Directory. I'll demonstrate how to use the search functionality in ADUC to locate a newly created user account based on specific criteria.

Creating Organizational Units (OUs): Organizational Units (OUs) are key to organizing users, computers, and other objects in Active Directory. I'll guide you through the process of creating OUs using the ADUC console and moving objects into them, helping you keep your AD environment well-organized.

Creating Group Policy Objects (GPOs) GPOs are powerful tools for managing and applying settings to users and computers in a domain. I'll show you how to create GPOs using the Group Policy Management Console (GPMC).

Follow along with me on this Active Directory journey as I explore these essential tasks and share practical insights into AD management.

How to join a computer onto a domain

I am going to create another Virtual Machine with a Windows 10 operating system. Where I would then change the workgroup of the computer to the domain.

The reason you would want to make a computer join a domain is so that the computer can be centrally managed. It allows for centralized user authentication, meaning you can log in with the same username and password on any computer within the domain. It also has a lot of other benefits and can help create a more secure network and data environment.

Requirements

Windows 10 ISO

I remember being able to simply download the ISO for Windows 10. However now you would need to start by downloading their tool first.

After downloading their tool , run the file and it will then ask you to accept terms and conditions, then ask what you would like to do. In my case I wanted the ISO , so I followed all the prompts until it let me save the ISO file.

Creating another Virtual Machine with Windows 10

While it was very similar to how I created the Windows server 2022 version. While doing the installation for the Windows 10 , don't pick the Home version as that won't allow you to connect a computer to a domain.

Windows 10 Pro, Enterprise, and Education editions support domain joining, while Windows 10 Home does not. If you need to join a domain, you would need to upgrade to a Windows 10 Pro or higher edition.

Additional setup for the Virtual Machine

This new computer has one account created which was an admin. However I didn't want to use that account and instead wanted to use the real Admin account on the computer.

To set this up , I had to go into computer management, then into Local Users and Groups, then Users. Once I got into there I went ahead and right clicked on the Administrator account and went into properties and unchecked the Disable account option.

*Note : The users in the computer with the down arrow means that account is disabled.

I then set a password to login, after doing this I logged in as the Admin account then deleted the account that was first made so that I only have the Admin account.

Joining the computer to a domain

My goal here is now to add this new computer that I made into the domain. However before doing that I need to prepare it more by getting the RSAT tools.

I then went ahead and went to add/remove programs and went to optional features and got RSAT tools. RSAT Tools gives to the ability to access active usages on computers on a Windows 10 machine.

After this, I went ahead and opened up "About your PC" > Advanced system settings > and then on the system properties windows , I went to "Change..." and select the option on Domain and entered the Domain I made earlier ADLab.local.

In which it prompted me to enter in a USER / PASS , where I put in the administrator and the password that was set on the 2022 server.

After doing this and restarting the computer, If I go check on the Server 2022 instance, I can see that the Desktop1 is now listed in the Active directory users and computers.

I also created a new user called help desk giving the permissions what the Administrator would have.

I created this user by right clicking on Administrator and press on Copy.

Now I am going to try and login to the helpdesk account on the Windows 10 that has the RSAT tools installed.

I was able to login and also have the Active directory tools in order to make changes to the domain.

How to find a user with Active Directory

In Server Manager go to "Tools" and then open "Active Directory Users and Computers".

I then expanded the forest and right clicked on "Computers" , then pressed on find.
From there I also made sure to change the "In:" drop box to "Entire Directory" because the user I am looking for my not be in "Computers".

*Note , setting it to entire directory because the user you may not be looking for is not in that

Creating an Organizational Unit

After logging into the helpdesk account I created from the server, I am going to another user and create an Organizational unit

I created an Organizational Unit named "HR" and also created a new user under "user". After doing that I then dragged that new user named Shankar into the HR folder.

Group Policy Object

A GPO, or Group Policy Object, is a feature in Microsoft Windows operating systems that allows administrators to manage and enforce settings for users and computers in an Active Directory environment. These settings can include security configurations, software installation policies, scripts to run at startup or logon, folder redirection, and more. GPOs provide a centralized way to manage the configuration of Windows settings across multiple computers in a network.

In this lab, I will adjust the security settings to lock out users who enter the wrong password a certain number of times.

Unlock an account

If someone were to actually get locked out , you can go into (ADUC) and then look for the account tab and check the unlock account.
By doing this the user will then be able to try and login again.

Useful Tip

Open AD administrative center, you would want to enable the recycle bin for your AD because if you happen to accidently delete something you can find it there

Conclusion

In this learning lab, we've explored several key aspects of Active Directory management, including adding new users, creating organizational units, and configuring Group Policy Objects. By performing these tasks, we've gained valuable hands-on experience that will enhance our skills in managing and maintaining Active Directory environments.