WEBVTT

00:00.560 --> 00:08.190
This lesson or will practice with manage and use around computer objects we'll be focusing on accomplishing

00:08.220 --> 00:09.540
the following tasks.

00:09.570 --> 00:17.730
You then Power Shell will be creating new user and computer accounts modifying user and computer objects

00:18.030 --> 00:25.090
enabling and disabling the user and computer accounts more than the user and computer account deleting

00:25.130 --> 00:27.300
the user and computer records.

00:27.360 --> 00:32.980
As you may know Active Directory is all about users and computers.

00:33.060 --> 00:37.530
Each user in the organization will have at least one account.

00:37.580 --> 00:43.050
There will be scenarios where a single user can have multiple accounts.

00:43.050 --> 00:51.780
This is very true in the case of I.T. users where one account is used for regular activities such as

00:51.780 --> 01:00.180
checking email browsing and so on whereas there are the privilege to account is used for managing the

01:00.270 --> 01:01.720
infrastructure.

01:01.770 --> 01:08.670
Apart from these there are service accounts that are designed to run a particular service.

01:08.670 --> 01:16.620
This shows how rapidly user accounts can grow in Active Directory environment along with the necessity

01:16.620 --> 01:20.410
to manage them in a much more efficient way.

01:20.520 --> 01:28.930
In the fall of last and we'll be explaining how to perform user object operations use power sharing.

01:29.070 --> 01:35.790
So let's begin with creating user accounts managing user accounts is one of the day to day job.

01:35.790 --> 01:44.340
So as the Windows administrator new user John company is on a frequent basis and sometimes the Walder

01:44.340 --> 01:52.920
might go by in such cases creating user accounts to use using conventional methods is a time consuming

01:52.950 --> 01:55.370
and involves errors.

01:55.410 --> 01:59.280
So the best choice in that case is automation.

01:59.400 --> 02:05.040
It produces less errors and it's less time consuming.

02:05.100 --> 02:12.690
In Active Directory the manual account creation process involves graphical user interface or guru such

02:12.690 --> 02:20.200
as Active Directory Users and Computers and Active Directory administrative center.

02:20.340 --> 02:28.550
First let's take a look at how user creation can be done to use an Active Directory administrative center.

02:28.710 --> 02:36.780
It relies on Active Directory power shell command lets and to use them in the background to perform

02:36.780 --> 02:39.010
the Active Directory liberations.

02:39.060 --> 02:46.200
We can start it by clicking on server manager and one server manager is launched.

02:46.200 --> 02:49.980
We go to the upper right corner.

02:50.130 --> 02:58.800
Click on Tools menu and Blaunche Active Directory administrative center and the left side pane we have

02:58.800 --> 03:00.870
to select our domain.

03:00.870 --> 03:10.650
In my case it's contorts So when we select the domain the new tasks pain will show up in the right part

03:10.740 --> 03:12.080
of this window.

03:12.120 --> 03:20.090
Here you can find this new bottom will click on it and select new user.

03:20.280 --> 03:27.060
There are two mandatory fields that must be provided in order to create a user account.

03:27.060 --> 03:31.340
Full name and user same account name.

03:31.380 --> 03:38.100
Other fields are optional at the time of user creation and can be updated later.

03:38.100 --> 03:45.720
You might have also noticed that the password is not specified at the time of creation so active directory

03:45.720 --> 03:51.140
keeps this field in a disabled state until the passport is set.

03:51.150 --> 03:58.410
Once the passport is set by the administrator the user object has to be enabled explicitly.

03:58.410 --> 04:02.700
Similarly when a user account is created Husan power shell.

04:02.700 --> 04:07.680
It has to be one mandatory property that must be parsed.

04:07.830 --> 04:12.390
The name parameter this parameter is equal to the full name.

04:12.390 --> 04:14.380
Well in UI.

04:14.550 --> 04:23.880
Also the same parameter well is used for the user of same account name attribute that at the same time

04:23.880 --> 04:30.280
of user account creation use and power shell and user account in the Active Directory can be created

04:30.280 --> 04:34.160
to you and the new Desch the user command left.

04:34.320 --> 04:42.660
So let's launch Power Shell integrated scripting environment or IAC and try the following command.

04:42.660 --> 04:50.530
A new dash 80 user name parameter and will specify user's name.

04:50.580 --> 04:54.440
I'll type test user one for the test and purposes.

04:54.480 --> 04:58.880
Rather this amount is executive from the power shell vendor.

04:58.980 --> 05:08.010
It creates are as the default user container they count created it will be in a disabled state because

05:08.010 --> 05:12.150
no password has been provided at the time of creation.

05:12.180 --> 05:19.910
This behavior is different when you create users use an active directory users and computers can.

05:19.920 --> 05:27.770
So we're providing a password is mandatory as you can guess these commands that we have run.

05:27.960 --> 05:34.710
It's not sufficient for creating user accounts in the production environment you are required to provide

05:34.710 --> 05:43.860
well use for different attributes such as first name last name display name password two options such

05:43.860 --> 05:52.350
as user must change password to the next time around Office address phone numbers job title department

05:52.350 --> 05:53.360
and so on.

05:53.490 --> 05:58.000
So we need to enhance our code to populate these properties.

05:58.140 --> 06:03.820
At the time of look them before we start creating a full fledged user account.

06:04.050 --> 06:12.120
Let's see which properties can be populated by the new Desch 80 user command lad at the time of user

06:12.120 --> 06:13.170
creation.

06:13.230 --> 06:19.290
You can get this simply by Iran in the following help command get help.

06:19.560 --> 06:24.010
Mutilator user detailed the get help command.

06:24.180 --> 06:27.110
You could also type just help.

06:27.120 --> 06:34.940
So this command led to the power shell command led to use and see the help content of any of the command

06:34.950 --> 06:35.490
land.

06:35.700 --> 06:38.460
The usage of detailed Savvich tells.

06:38.460 --> 06:39.090
Get help.

06:39.090 --> 06:40.640
Come on let's run.

06:40.830 --> 06:44.270
All the help contend for the given and left.

06:44.340 --> 06:52.830
It includes a list of parameters their syntax and explanation of parameters and examples.

06:52.830 --> 06:56.300
Which is very useful when you run this command.

06:56.310 --> 07:01.820
You can find that there are various properties called attributes.

07:01.830 --> 07:06.840
You can set these attributes at the time of user creation.

07:06.960 --> 07:14.740
If the attribute you want to set is not present then you can use the other attributes parameter to set

07:14.740 --> 07:15.180
it.

07:15.180 --> 07:23.230
Note that you need to provide other attributes names and well use in a hash table format while passing

07:23.310 --> 07:26.340
to their other attributes parameters.

07:26.460 --> 07:35.700
Will take a closer look at this hash tables later on when we'll be talking about modifying user properties.

07:35.700 --> 07:43.320
Now let's see how we can create any user account by Pozen all kinds of ralliers that we want to set

07:43.410 --> 07:46.050
at that same time of user creation.

07:46.080 --> 07:52.560
In this example we'll cover some of the properties that are frequently used to the time of use or object

07:52.560 --> 07:53.570
creation.

07:53.580 --> 08:01.320
However you can modify this command and play around with certain other parameters and remember that

08:01.320 --> 08:03.580
practice makes one perfect.

08:03.660 --> 08:10.340
The pass through parameter is used to return the user object after creation of the account.

08:10.350 --> 08:18.660
If this parameter is not specified the command led will not show you any output after successful creation

08:18.660 --> 08:19.820
of the object.

08:19.830 --> 08:27.500
So first we need to prepare a POS for it for the user to do the setting since their account Ponsford

08:27.550 --> 08:33.210
come and let requires their input to be in securest reinforcement.

08:33.210 --> 08:41.190
We need to populate the POS for terrible with the desired Botsford as shown in this command.

08:41.190 --> 08:50.250
So in this command we create a wearable which is equal to read most Come and let is as secure trend

08:50.370 --> 08:51.440
parameter.

08:51.450 --> 08:59.730
It means that everything that we type will be parsed as securest dream to this wearable and this will

08:59.730 --> 09:06.070
prompt you to enter the password and you'll see asterisk symbols as you.

09:06.120 --> 09:13.410
And to ensure that the password to your entered should miss the password complexity of your domain.

09:13.440 --> 09:16.140
Otherwise the following command will fail.

09:16.290 --> 09:20.040
Now let's create a new user with a full own command.

09:20.130 --> 09:30.270
We'll do that with the new 80 user command let his name parameter given name email address same account

09:30.270 --> 09:37.030
name account password that will be used in the variable which we have created before.

09:37.050 --> 09:48.130
Display name department can receive the best parameter which will ensure that the account will be created.

09:48.230 --> 09:57.210
That needed you and enabled parameter which means that the account will be enabled enabled after creation

09:57.360 --> 09:58.870
pass through parameter.

09:58.890 --> 10:07.700
I've emancipate it or show us the result of this command again about pass parameters ensure that you

10:07.700 --> 10:12.830
update path parameter to reflect their distinguished name over there.

10:12.830 --> 10:15.110
Or you in your environment.

10:15.270 --> 10:18.310
Otherwise the operation might fail.

10:18.330 --> 10:21.940
And also please know that pass parameter is optional.

10:21.950 --> 10:30.260
If you don't specify this the user account will be created in the default to users contain and run Mirabilis

10:30.260 --> 10:35.540
command the power shell will return the output as follows.

10:35.540 --> 10:44.270
The output shows the path of the object where it is created and other properties is set during the creation

10:44.270 --> 10:45.150
process.

10:45.170 --> 10:50.650
By default there output shows only a minimum set of attributes.

10:50.690 --> 10:59.570
You can see all current attributes and the values of user object using the Get A user command let's

10:59.570 --> 11:00.620
so let's run it.

11:00.620 --> 11:09.020
Get a user with identity parameter and we have to specify the user we are looking for.

11:09.170 --> 11:16.820
And after that Propertius parameter and asterisk which will find all the properties for the user we

11:16.820 --> 11:17.980
are looking for.

11:18.140 --> 11:20.990
And we can see the output of this command.