Create and Manage AD Users and Computers

Question 1

ADUC

Answer 1

Active Directory Users and Computers

Question 2

ADAC

Answer 2

Active Directory Administrative Center. Runs on top of Windows Power shell.

Question 3

UPN Suffix

Answer 3

Method of Logging on with your domain name in the user prompt. For example, (DOMAIN\username or Username@domain)

Question 4

Template User AD Account

Answer 4

Blank Password.

• User Cannot Change Password.
• Account disabled.
• Password Never Expires.

Profile Path:
\file1\share1\%username%

Question 5

Last Logon date for Users (Old Way)

Answer 5

get-aduser -filter * -Properties lastlongondate | ft name, lastlogondate

Question 6

Remove disabled accounts (Old Way)

Answer 6

get-aduser -filter {enable -ne $true}

Question 7

Find Disabled accounts (New way)

Answer 7

Search-AdAccount -AccountDisabled -useronly | fl name

Question 8

Find Inactive Accounts (new Way)

Answer 8

Search-ADAccount -accountinactive -timespan 30:00:00:00 | fl name

Question 9

Find Passwords Expired on accounts (New Way)

Answer 9

Search-Adaccount -Passwordexpired

Question 10

Find Passwords that never expire (new way)

Answer 10

Search-Adaccount -passswordneverexpires

Question 11

Find Locked out AD accounts

Answer 11

Search-ADAccount -LockedOut

Question 12

CSVDE

Answer 12

Uses CSV to perform bulk operations in AD. Default is to export information. i.e, csvde -f output.csv.

Question 13

CSVDE filtering containers & objects

Answer 13

csvde -f output2.csv -d “cn=users, dc=company, dc=pri” -r “(objectclass=user)”

Question 14

CSVDE Import File

Answer 14

csvde -i -f output2.csv

Question 15

LDIFDE

Answer 15

creates, modifies, and deletes directory objects. You can extend the schema, export AD users and group information to other applications or services, and populate AD DS with data from other directory servers.

Requires admin cmd prompt, and AD DS or AD LDS roles.

output format is in ldif.

ldifde -f output3.ldf

Question 16

Import CSV for AD account creation

Answer 16

Import-CSV .\newusers.csv | New-ADUser

Question 17

Offline domain Join

Answer 17

djoin /provision /domain company.pri /machine server1 /savefile server1.txt (txt is the shared secret and keep them close at hand)

Question 18

Offline domain Join desktop operation

Answer 18

admin cmd prompt.

djoin /requestodj /loadfile server1.txt /windowspath %systemroot% /localos

Then reboot

Question 19

Create new OU with powershell

Answer 19

New-ADOrgnizationalUnit “Company Users”

Question 20

Create a new AD Group with power shell

Answer 20

New-ADGroup -name “Extremely Untrusted Users” -GroupScope global -path “ou=company users, dc=company, dc=pri”

Question 21

Add Users into group with Powershell

Answer 21

Add-AdGroupMember “Extremely Untrusted Users” jason, djones

Question 22

Group Nesting

Answer 22

• Users go in Global Groups
• Global groups go in Domain Local groups.
• Assign permissions to Domain Local groups.

UGLA.

Question 23

Global Group

Answer 23

can only include objects from the same domain.

Question 24

Domain local

Answer 24

Can include objects from any domain in the forest.

Question 25

Who is a group member in AD group (Powershell Command)

Answer 25

Get-AdGroupMember “Domain Admins” | ft name

Question 26

Get memberships a user has (Powershell Command)

Answer 26

Get-ADPrincipleGroupMemberShip jason | ft name

Question 27

Recursive Match for a group and trace users indirect membership (Powershell Command)

Answer 27

Get-ADUser -Filter ‘memberof -recrusivematch “cn=domain admins, cn=users, dc=company, dc=pri”’ | ft name

Question 28

Domain Local Conversion

Answer 28

domain local groups and global groups can be converted to universal groups.

Question 29

Universal group Conversion

Answer 29

Universal groups can be converted to domain local groups or global groups.

Question 30

Domain Local Non-Conversion

Answer 30

Domain local groups cannot be converted to global groups.

Question 31

Global Group Non-conversion

Answer 31

Global groups cannot be converted to domain local groups.

Question 32

Powershell Group conversion

Answer 32

Get-ADGroup “My Universal Distribution group” | Set-ADGroup -groupScope Universal.

Get-ADGroup “My Universal Distribution group” | Set-ADGroup -groupcategory 0

Question 33

Group Policy Management Console Shortcut

Answer 33

gpmc.msc

Question 34

Delegate Control

Answer 34

Delegate control wizard. Right click on OU. I.E. give IT group access to perform various tasks.

Question 35

Find Delegation Applied

Answer 35

Turn on advanced features. Security Settings on OU. Check Security, and you will find special permissions.

Question 36

Manage Default Location for newly created computer objects

Answer 36

redircmp “ou=company computers,dc=company,dc=pri”