Active Directory Tutorial for Beginners - Live Training

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone how's it going hope y'all are having a good friday so today i'm doing things a little bit differently uh i decided that i would broadcast this live stream across uh to youtube as well not just uh inside of our internal serveracademy.com website so i'm going to be a little bit like if i'm just i have to read two comment sections so uh if i don't get your question right away then uh just hang out i will do my best if you're on the server academy platform i know who you are if i don't get to your question i will follow up with you after the live stream if you're on youtube you could i guess either email me directly at paul serveracademy.com or support serveracademy.com you can also hop on our forms if you go to serveracademy.com there's a community link if you go there you can register and put your question there or you can post your email and i'll i'll try and catch it in the comment uh and get back to you that way that's probably not the best idea but i'm just reading yeah so we got a lot of people joining on youtube uh so that's pretty cool uh a lot of requests for group policy and i we're gonna i don't know if we'll have time to get through that because i have about 15 points i want to cover in active directory i have an old video on active directory but i wanted to update it because i thought um it you know it's just kind of dated so uh the reason why i'm doing this stream is like someone just pointed out in the live stream in the youtube chat is that you guys not everybody here is employed and they're trying to get hands-on experience right and so when someone starts a job in the it field and uh you know maybe they don't have all the hands-on experience they need it's hard for them to get the job but once they get the job they're working with me i can take them to a server i can sit them down and i can show them how to uh you know install active directory how to manage active directory how to do things to group policy right and so they get up to speed pretty quickly well if you aren't able to get the job you never get that chance to get the experience so you're kind of stuck in this vicious cycle of not having it experienced so you don't have a job and not having a job so you can't get it experienced so the whole reason i started serveracademy.com is to get uh be able to provide that types of experience that's why we have labs and things like that um so that's my goal is to give you guys as much hands-on experience as you guys want or as you guys can get so i'm gonna switch over here to my desktop capture and i realize that youtube is showing a black screen right now uh i'm gonna try and fix that let me see turn that off turn it back on see if that works uh there we go okay so can everybody see my screen on both on both platforms i'm gonna just double check real quick let me know if you guys can see it okay cool so this is the this is my website server academy these are all the course modules that you get access to but what we're interested in is going over to the lab section and for those of you who have access um whether it's you're on the free trial or whether you're a paid member we're going to search for active directory and we're going to launch this active directory users and computers lab and this is going to open in a new page and it's going to give us okay cool so everyone can see it's going to give us access to an active directory server and a windows 10 workstation within your web browser so this is great for those of you who cannot run the vms on your local computer because either you don't have time to set them up your computer's not fast enough or maybe um you're just you don't have the time to go through and put everything together or you just don't want to for whatever reason but you can just run it directly in your web browser so i'm going to paste that link um i'm going to copy this link and paste it in the members chat if you don't have an account at server academy you can start a free trial i think and it's free for seven days i will put that link if any of you guys want to do that and get access to the lab otherwise you guys can download virtualbox uh and i will show that really quick uh but if you really quick just let me copy and paste this i'm gonna paste this link that's the link to start up for the free trial if you want access to the it labs if you don't want access to the it labs then go to google.com and you can set up your own by go downloading virtualbox i wasn't really planning on doing this but you can go to virtualbox and click download so when you download virtualbox you'll be able to install and run virtual machines on your computer on your host computer so you can install windows server uh install windows 10 vm you can join and make your own little virtual network and i have a video of that how to do that on my channel but we're going to be using these online it labs so this will be coming up i'm going to go ahead and read uh just through some of these comments uh everyone can hear me okay and everyone can i know that you guys can see my screen this one make sure everyone can hear me on both platforms all right okay someone said it's blurry uh it should be 1080p and yes the stream the live stream will be saved i'll be um saving it and giving you guys a replay okay cool yeah so zuber's saying that's exactly what his manager did he had zero experience yeah and that's awesome if you can get a job a lot of people are unable to get a job uh if they don't have experience so they get stuck in this loop and uh that's what we're gonna try and avoid it's unnecessary maybe 10 or 15 years ago it was you couldn't get experience on your own but now like i just showed you there's companies like server academy what i run and there's just virtualbox which you can download for free and you can download the free version of windows server install it and get the experience that you need all right so it's booting up this server here so what i'm going to do is i'm going to drag this side over here for those of you who aren't familiar with the labs or maybe you're getting access to them for the first time on the right hand side we have the virtual machines in our environment listed we have the username and password for each and then we have kind of the dvd drive so we can switch between isos if we want um so this is the windows 10 ver vm and then this is the domain controller which is sad c01 so i'm going to hit control delete and i'm going to go ahead and get logged into this server so if i click on the password there it will type it in for me and i can just hit the the arrow i'll go ahead and log in well now i can just stay out of that one for now then i'm going to drag this to the side someone's asking what's the main difference between azure and active directory or as your active directory in active directory as your active directory is in the cloud uh so you don't have to install the operating system or manage the replication or anything in the backend that's all handled for you when you install active directory on your local server like what i have set up here you're responsible for maintaining uh the integrity of the active directory database patching the server and things like that so i can't have active directory unless i have this local server here which is sad c01 up and running so if this server goes down my entire active directory goes down when you use azure active directory it's hosted by jira's cloud and you don't have to worry about keeping the server online keeping it patched or anything like that so that's one of the main differences okay so let me go ahead and change the resolution of this vm so i'm going to right click go to display settings just to make it a little bit better for you guys i know someone mentioned it was blurry so it's going to be it's going to be worse if it's not a higher resolution so i'm going to go 1600 by 900 hit okay and here's server manager so i had someone who's a little bit confused uh i think it's corey wiggins i think i see you online uh in the server academy members you were a little bit confused about when you would use server manager to actually do anything with your domain server manager is just a console that you're going to be using on windows server to manage your server assuming you have the desktop experience installed so if you have server core obviously you're going to be using s config or something different but server manager anytime you have an instance of windows server installed you need to use server manager to configure things like the computer name uh if you're using azure you probably don't need to configure the ethernet that's probably configured for you but if you need to go set a static ip you can do that also as well as installing windows roles and features so any one role and feature you want to install generally be done through windows server manager it could be done through powershell but i just wanted to make that clear to you because i know you had those questions on the forms earlier this week so all right so i'm going to select tools here in the top right hand corner and we're going to talk about how you start active directory so there's a couple different ways uh i'm logged directly into the domain controller so i can start active directory by inside of server manager selecting tools and selecting active directory users and computers there are other ways to connect to active directory however so if you install something called rsat let me go ahead and google this so there's something called rsat and that's the remote server administration toolset and this allows you to install the group policy active directory and other active directory consoles directly on your computer but they won't work they're just consoles that allow you to connect to a domain controller so i've installed it on this computer so if i go here and i type in active directory of course it brought it up on the other screen but if i try to launch it actually i can probably scroll down to administrative tools and find it that way so you guys can see it here we go so here i have active directory uh sites and services using computers and the whole suite of tools if i click on this it's just saying that you know i'm not joined to a domain and uh i need to log in with a domain user account well this computer is not on a domain so what it's going to do is just open the console and from here i need to right click and i need to change domain and join a domain controller so you can remotely manage active directory with rsa if you're on a domain join computer now i'm not on a domain join computer and i don't have access to a domain right now so that's not an option for me but i want you guys to be aware that you don't have to log into the domain controller or that is any server with the adds server role installed to access active directory but easiest way to get to it just go on your active directory domain controller select tools and select active directory users and computers all right so i'm going to expand this and we're going to talk about some basic things here here in the top left we have our domain which is active directory or i'm sorry ad.serveracademy.com now this is not reachable by the internet but i used mydomainserveracademy.com just kind of as a signifier an indicator that it's part of my domain ad is just to you know make it a sub domain so that it's it lets me know that it's the active directory domain for my serveracademy.com website and uh this is again inside of the it labs at serveracademy.com so this isn't a production network or anything like that so you can really come in here you can do silly things like you know try and delete everything in active directory and see what happens and if you break everything you just revert the lab and then you know you just click up here click close and then you go back here and just relaunch the lab and you'd have everything back again let me check on the comments real quick because i'm getting some questions um someone is saying how much is this course this isn't a course uh serveracademy.com is a membership platform where you'll get access to uh these courses and it's just you get a free trial so if you want to try it you can try it for seven days for free and then if you don't like it you can cancel after the seven day free trial it's uh 37 a month okay so we have our domain ad.serveracademy.com and then we have this list of objects below this we have containers and we have organizational units and we have this built-in type so mainly what i'm going to talk about right now the difference between containers and organizational units so this is important because a lot of you guys were asking about group policy and this is a big big important thing that you need to understand you can't really talk about active directory without getting into group policy usually active directory is part one group policy is part two but the main difference is a container is a default object that generally comes with active directory and an organizational unit is something that you're going to be creating most of the time except for this domain controllers organizational unit but it's something you'll be creating that you can apply group policy to so uh right here we have the domain controllers organizational unit now this will have a group policy object already applied to the organizational unit and when you're making your security policies and different configurations and group policy they cannot be applied to a container so we have this users container you really wouldn't want to start putting your domain users inside of this container and i'll give you an example and since there was a lot of interesting group policy i'm going to change this up a little bit let's open tools and we're going to go to group policy management and i see a lot of you guys on my platform are opening the lab right now so you guys will be able to catch up you guys will have the same lab that i'm working on here and i'm going to try and go slow so here's a group policy management console if i drag this open a little bit if i can click on it i don't know why i can't click on that there we go i can click on domains we have our forest active directory or ad.serveracademy.com then we have domains and then i see ad.serveracademy.com that's essentially the same thing that i'm seeing here in active directory if i expand this i'll see the domain controller's organizational unit you'll notice i don't see the user's container i don't see the managed service account or foreign security principles or the computers container or the built-in type of container in this list all i see is the organizational unit domain controllers and if i go inside of that i can see if there's a group policy object that is linked to this organizational unit so main difference one thing i want you guys keep in mind there's containers and then there's organizational units and the main difference is that group policy objects link to organizational units and not containers and definitely not to the built-in type all right so what we're going to do uh let me see what i wanted to start out uh at first so yeah i want to talk to you guys about i want to show you how to create an organizational unit and why you would want to do that well the reason why is for the group policy but you can structure your infrastructure in a way that would be logical with group policy so that the group policy objects flow in a certain direction in in a way that you want so what we're going to do is right click on the domain ad.serveracademy.com we're going to select new and we're going to choose organizational unit and from here i'm going to give it a name now this is a brand new domain and i don't have any any organizational units except for domain controllers so a lot of times what i see happening in the real world uh there'll be an organizational unit with the same name as the domain either server space academy or just server academy could be server academy all lower case but you'll create like this root organizational unit and then inside of that you'll make your organizational units for domain computers domain users member servers web servers whatever the case may be so i'm just going to call it server academy and i'm going to click on ok all right so now i've got this organizational unit from here i'm going to make another organization unit by right clicking and i'm going to choose new and i'll select organizational unit dental deletion this prevents just like it says it keeps an admin from coming in and accidentally deleting the ou which can be catastrophic in active directory so it's a really good idea to keep that checked and that'll come back into play in here just a second so we're going to make another organization unit under the server academy ou and we're going to call this domain computers and let's make one more and we'll call it domain groups all right so now that we have these organizational units uh let's make one more let's call it delete me just so you understand how to delete organizational units all right so we have this delete me organizational unit maybe you know you decide for whatever reason you need to delete know you well you can right click on it and you can choose delete if i can find it there it is and if i click on delete it's going to say are you sure you want to delete the organization this is something you got to be really careful about if you're working first of all if you're following along with my video on a production network that's bad you should not you have to be very careful you shouldn't be deleting organizational units in a production network that's why i have the serveracademy.com it labs that you can basically use them as a staging environment you're not going to blow up your production but i'm going to go ahead and click yes and it's safe for me to do this inside of this lab environment and we're going to get this error and it says you don't have sufficient sufficient privileges to delete delete me or the object is protected from accidental accidental deletion you'll remember that we had that checkbox selected so we can right click on the gpo or the ou and select properties but we're not going to be able to find that option if we go under general manage buy and com we don't there's no way to turn off the accidental deletion well the way that you do that active directory is kind of the engineers at microsoft are kind of hidden behind a couple layers to protect you know administrators and i t professionals and basically infrastructure on windows from accidentally deleting your use and causing problems in the network so what we have to do is select view and we need to turn on advanced features once we do that it's going to refresh the page and it almost looks like we're in a different location but we're really not um i'm going to grab a drink of water real quick okay cool so we've seen a whole bunch of different things that we didn't have before like lost and found keys program data uh ntds quotas and so on what we've done is just kind of like you know windows explorer how you can view hidden files it's essentially the same thing we're just turning on things we couldn't see before we have the same organizational units if i go down here i have domain controllers and the server academy ou that we created if i double click on this i see delete me now if i right click on this and hit properties all of a sudden we have a whole bunch of more tabs and we can go to manage by we can go to objects security and then we have the same other ones complex and then we have attribute editor which we can view all the attributes of this organizational unit so what we're going to do is go to object and uncheck the checkbox protect from accidental deletion now i'm going to click apply and click ok now when i right click on this and i say delete it's going to give me the same pop-up are you sure you want to do it i'm going to say yes and now i have deleted the organizational unit from this point i'm going to go ahead and just click up here on view and turn off advanced features so that i'm not going to be messing anything else up or get confused all right so now we have we're back to our normal view we have active directory and we have our three ous that we wanted to have before all right so now some more basics we need to get out of the way how you create active directory users i'm going to go inside of this domain users ou and i'm going to right click and i'm going to say new user okay and this allows us to configure the user information that we want to make for this new user and i'm going to call it paul and i'll just give my name paul hill and for the user logon name this is going to be the username that they're going to type in when they're logging into the server so i'm going to say paul.hill and now i'm going to click next and if you want you can add your initial here doesn't you don't have to uh pretty much all this is optional but you wouldn't want to create a user without a first and last name um and then we need to type in a password now in my lab environments i like to use the same password for every account never do that in production it's a terrible idea but if you click here it'll type in the password for me i'll do the same thing here and here we have a couple options we can make the user change their password at the next logon okay hold on and say i'm getting a message on face on youtube can you guys still hear me okay i need to double check and awesome thanks kennedy i'm glad you're liking the platform that's awesome i just need to check is this is everything working still good on youtube i just got some kind of pop-up saying there's a keyframe sequence i don't know everything's still good all right we're gonna go okay cool all right so we can force them to change a password at next log on that means when i go to uh when i go to log in as this new user and i type in the password that i just created right here it's going to say hey before you finish logging in you need to make a new password this is useful when you have new hires who are coming into your office and you want to create a password and maybe you use like a password one which is not a good idea but you use some kind of temporary password that you don't want them to keep using you can force them to change it as soon as they log in with this checkbox all right we can set the user cannot change password this is a bad security practice you you shouldn't use this again it forces them so that they don't have or it removes the requirement that they change their password um and then we say we have password never expires that unchecks this checkbox that means you know they never have to worry about the password expiring it's useful for service accounts but again it's a bad security practice so i'm going to uncheck that recheck this one and then we have account it's disabled and this kind of goes back to the same scenario of this top one where we have a new hire maybe he's starting next tuesday or next monday and you want to create the account right now well you don't want that account to be accessible by maybe a hacker or someone like that until the user is here so you don't you want the account let's say for example you use the same password password one and you hand that out to all new hires well say somebody quits or a disgruntled employee decides that hey i'm gonna gain access to their network and i know that somebody's starting on monday and i know they use password1 so on saturday i'm gonna go to this account i'm gonna type in his first name and it dot last name and i'm going to use password one and log in and gain access to the systems that would be bad so we can use this account as disabled to keep the account yes it's created but it cannot be used until we go back and enable the account so that's not necessary in this case i'm just going to uncheck that and we'll click next and now we have this last message we can click on finish just kind of an overview of the user now we can right click and we can select properties and we can view all the properties of the user so we can we can enter in more information like the description their office uh email address uh what groups they're a member of we're gonna talk about that in a little bit and uh other things like the organization telephone number and a lot of these things will tie into third party apps if you have them in your domain so what i'm going to do now is go ahead and switch over to my windows 10 workstation and we're going to test out that new user account that i just created so i click here on the right hand side to the windows 10 workstation i'm going to hit ctrl alt delete and i'm going to select other user and we're going to type in that username that we just created which is paul dot hill and that password so i'm clicking that and i'm going to hit go and here's the message that says your user's password must be changed before logging in and if you remember that was the first check box where we said force user to change their password at next login so we'll go ahead and click ok now we need to create a new password so i'm just going to hit this and type in 2 just add a 2 at the end so password and then 2 and then i'll hit the next arrow and now it's going to allow me to log in and i'll get access to this computer it's just saying it's been changed so i'm going to get access to this computer as a domain user paul dot hill so people are asking is on-premises active directory deployments worth it as everyone's talking about cloud um well it really depends it really depends on if you already have hardware if the size of your company and do you provide other it services so if you're a startup uh i would not recommend purchasing server hardware and setting up a data center it just you got to pay for cooling you got electrical issues you got to worry about backups much easier to host everything in azure and or aws and uh you can scale as needed if you need a second domain controller you can spin it up if you don't need the second domain control you can turn it back off and you can save money so it's a lot easier to to kind of grow and shrink which is important you know if you spend you know a hundred thousand dollars in it equipment setting up a an infras uh data center and then all sudden you don't need it like what do you do with all that all that it infrastructure so that's where the cloud is really a good way to go whether you have the cloud or not though you're still gonna have to know how to log in and configure you know windows server you might be using as your active directory if you're on aws though you're going to have to configure windows server install active directory and things like that cool all right so let me just read through the comments see if we got anything else i'm going to grab a drink just wait for this vm to log in all right all right so this thing uh is going to create the profile for the first time and all that so i don't need to necessarily wait on that okay so is there an easier way to check what security group does when the names aren't chosen well um that's a good question hmm how would you do that i don't because i i'm assuming by what it does you're wanting to know what kind of group policies apply to that security group is that what you're asking because it's possible the security group doesn't do anything so the first thing that comes to mind with that question is using something called group policy modeling and if you go to group policy management console you can right click and you can say group policy modeling wizard and you can choose what domain controller you want to use and you can select what user so let's say for user information it'll search paul dot hill okay and uh let's see let's click default first site name next click next okay now we have security groups so what you can do is add your poorly named security groups here well it's for example i haven't created any yet but say we have domain admins if i click on check names i click ok i could remove domain users if i wanted to you can't remove these two but then i could check and i could see um what kind of group policy is going to be applied to this user so i think that would probably be your best bet as far as seeing like what settings are applied so here's all the settings that are applied based on this group so here's applied gpos if i can get it to scroll up it's not one to load yet but yeah group policy might be a good option also group policy results could be good it's essential it's a similar kind of idea um but i would have to go down that route or just go into group polite and yeah go into group policy and see where your gpos are being linked and if they're being linked to the the groups that you're trying to figure out or learn about yeah definitely group policy results here or group policy modeling is the way that i would go down that road and there also might be a way to do it in powershell that might be more efficient um but you know that's for another that's a whole other topic so okay so if i go back to my windows 10 vm i got let's see i i'm logged in as paul dot hill right so if i right click here on the task bar of course it's taking as good old time first time log in click on task manager and if i go to more details and users i can see that i'm logged in as paul dot hill the new user account that we just created okay so the next most common thing you're gonna have to do uh with user accounts this is like the well this is like the number one thing you have to reset passwords right so if you right click on the user you can select reset password and it's pretty straightforward we type in the new password that we want and then whether or not we want the user to change the password and next log on and then we can unlock the user account and say they log try to log in three or four times they failed and maybe you have policies where the accounts lock out automatically you can unlock the account by selecting this checkbox of course it tells you whether or not the accounts are locked out right here at the bottom says mine's unlocked but so if i want to change it to password instead of just the password to i can do that and click ok now to log into windows 10 i'm going to need to type in the new password that i just set in active directory that's not half the battle half the battle is finding the user account because you know you might work in an environment that has fifty thousand hundred thousand users and you can't just select the ou and browse through all those users and find them so what we're gonna do is we're gonna click on this search button up here that says find objects in active directory now here the first thing you wanna do is make sure you're searching in the correct domain you can search in a specific ou but a lot of times you won't be in the correct ou so you might be under like maybe domain controllers or something if you hit search it's going to default to search for users contacts and groups and domain controllers which is not going to turn anything up if i type in paul dot hill and i press enter i'm not going to find anything right so i either need to select entire directory or active direct or ad.serveracademy.com so i'll find it this way and if i do entire directory i'll find it that way difference between these two is if you have maybe i had ad.serveracademy.com and i had staging.serveracademy.com and production.serveracademy.com i had all these domains listed instead of having to search through each of those i could just select entire directory and it will find everything so now from here i can right click say reset password and i can type in the new password and do it just as easily that way okay so um let's see here uh let's talk about i'm kind of okay now let me check out where i am so let's see we're about 30 minutes in and about halfway done um let's talk about disabling user account uh well before we do that let's talk about group membership so someone was just asking about they have a i guess a lot of active directory groups and they're poorly named that's a big pain and a big problem that hopefully nobody else has to deal with but the way that you add and manage active directory users and groups or groups rather is by clicking on the user and going to the member of tab this lists all the groups that this user is a member of right now a member i'm a member of domain users so what exactly does that mean domain users has a set of permissions that are valid on your active directory domain now if i want this user to be an administrator on the domain i need to click add and i need to search for and add domain admins and i can click check names and it will correct the name and underscore it or underline it if i have the correct group and i can click ok and now i'm a member of domain admins so you might be wondering how i find that name i'm just going to go back and show you if we go under users let me expand this out we have a list of all of our default for me default active directory groups that are that are installed because this is a fresh installation of group policy i haven't really done anything other than install i mean a fresh installation of active directory i haven't really done anything except for install and promote active directory as a domain controller so we have if we look under here we have domain admins and it gives a kind of a description designated administrators of the domain you could do more research online about what the domain admins group does but it's basically god rights for your active directory domain only people who should have the access only someone who you would trust your entire like basically the keys to the kingdom that's what you're giving people when you give them domain admin permissions so this is not something you should hand out lightly in fact if somebody doesn't have a specific need to log into a domain controller and make changes uh maybe access other people's data if they don't if you don't trust them to do that they should not have the domain admins membership role so another way we can check group membership is by double clicking on one of these roles like let's go for domain users if i double click on this the first thing i'm going to see here is the general tab the description and if i go to members i can see who's a member of this domain so here i have paul hill if i double click on this it'll open the paul hill user and if i go to member of i'll see domain users so you can kind of like cross check between the two groups that way so let's go ahead and add actually before we do that let's attempt to log into the domain controller with my paul dot hill account so i'm going to go ahead and click here and i'm going to say sign out and then i'm going to log back in or try to log back in with paul dot hill so i'll hit control delete i'm going to select other user and i'm going to say paul dot hill and i'll type in the password that we just changed and i'll click go and it says the sign in method you're using or you're trying to use isn't allowed for more information contact your network administrator well i'm the network administrator so we have a problem here and the problem is i did not grant the domain administrator membership to that user so therefore i'm not allowed to log into a domain controller because of the sensitive data that i would have access to all right so once this comes back up what we're going to do is add the domain administrator membership to paul.hill and then i will be a domain admin and i'll be able to log in so let's go ahead and do that so we're going to go to tools active directory users and computers someone is asking how would you upgrade from 2012 r2 to 2019 um you don't want to necessarily you don't want to do an in-place upgrade if at all possible uh what's better is to install 2019 promote it did you say a domain controller yeah you did so install server 2019 on your network promote it as a domain controller and join it to your existing domain then demote the 2012 domain controllers so you probably want to do that like install two 2019 domain controllers promote them join them to the domain and then demote your old 2012 r2 domain controllers okay hope that answers your question so kennedy's asking does the profile feature work on properties i'm not sure what you mean by feature work on properties maybe you could clarify that yeah and um pa was saying that you can use group policy results r scope computer slash user you can actually just type in gp result slash r if you run it as administrator it'll already give you the scope for computer end user and you can do that but the problem is well not the problem but you'll need to log in as the uh as a user who has those memberships to see exactly what is going on group policy modeling allows you to run that gp result um or not group um i'm sorry it was called let me go back for getting the name of it now let's see group policy management there is a tool in here that allows you to do that yeah group policy results this is the same thing except you don't have to log in as a user who has the membership you're trying to test okay so uh that's a little tip that i don't think a lot of people know are aware about all right so let's go back here let's just click on the domain and click on search and we're just going to search paul dot hill if i can click on the text box here and we're going to double click on my user and let's go to member of and we're going to add the domain admins role or membership rather so now i'll hit apply hit ok and let's go ahead and try and sign back in with that membership so i'm hitting sign out cool yeah and that honestly it's the safest way because imagine you try to upgrade and play i mean well first of all i've never had a microsoft upgrade at work without issues i've never had there's always been something wrong uh after an in-place upgrade so my preference what you know my personal preference is always to build a new server that's completely separate um join it to the network join to domain promote it and then if something goes wrong with it it's just another domain controller you know i mean it's not the greatest thing but if something goes wrong active directory doesn't work you just turn it off and it's you know not too much damage done so let's go ahead and hit control delete and other users we're going to say paul dot hill so same user account let's type in the password and we'll hit go and so now it's actually letting me log in because i have the uh group membership or the membership of domain administrators so memberships are extremely important in active directory that's how you control access to your domain that's how you're going to do things like if you want to create a development folder and you don't you only want to have the developers have access you can create a developer's active directory group and you can assign those permissions and group policies so only they have access to the file share and you know what since we had some questions on group policy uh i can probably go ahead and do that now let me know if you guys are interested in that if not we're gonna move on to uh well actually while i'm waiting on we can just do disabling users account user accounts real quick so let's go to active directory users and computers someone okay so corey's asking how do you add another column to the user let me see if i can understand what you're talking about by another column oops let's type in paul dot hill and also by the way you don't have to search for the username you can do first name you can do last name i think you can do a combination of both paul hill so you don't have to search by just username corey can you tell me exactly what you mean by add another column to the user maybe you mean in this search here i'm not aware of a way that you can do that you can scroll to the right but if you're talking about the search i actually don't know that's a good question yeah i think it only gives you these three options if you want more uh then what you should do is open powershell if it'll come up let me pull this up here and you should say get dash ad user filter and we can just filter for star i think this will work i haven't done this in a while yeah and this will list more information uh you can also select multiple properties if you want so i think we can do property start also in addition to oops let me get into the right window we can also do properties if i hit tab it'll auto complete and say star and it's going to give out a ton of information but check this out if we pipe that to ogb or outgrid view it's going to open this list and here we have tons and tons of columns that we can search through so this is all the information for my users and if in the filter i type in paul.hill guess what it filters out to my specific user so here's the cn is paul hill this is my user account and this is all of my information so if you want more columns this is one way to do it you can also instead of doing property star you could you could pick specific properties that you wanted that might be more useful like say you wanted to grab like let's pick something out of here um let's see what would be something that you want to be let's see uh last login date so if we want to grab that we could paste that down here so we're doing get let me zoom in so you guys can see what i'm doing i don't know how easy that is to see uh how do i i don't know if i can send a control zoom let me see properties let's go to font let's try like this oh of course it's not okay cool it worked yeah so i have get 80 user filter and then properties let's say last logon date and i pipe that to ogb what that's going to do is give me uh less results but if i wanted the last log on date it's listed right here so i hope that answers your question about uh adding more common columns to the user results so if you want to get results there's other ways to do it and probably better ways than using you know the active directory console we can also do do we can also do export csv i'm hitting tab and it's trying to auto complete and we can do dash path and i think if i just call this users.csv press enter now if i go to if i type in dir i should have this users.csv listed here now if i go to c under this directory here c users see users and paul dot hill i should have users.csv now i don't have excel installed but if i had excel i would be able to open this in a spreadsheet program uh and look at it this way so this may also be useful to you if you're trying to get user information in a spreadsheet i hope you guys like that little tip okay i'm getting majorly sidetracked all of that stuff is inside of the courses that we offer at server academy so um i think you'll find more information about that in the in module two active directory and identity also uh a lot of this is covered in module seven for powershell um so you guys can get chances to work on that and then that in combination with the labs that we have by the way for you guys that don't know i just updated this today if you want to go to the labs you can search now so if you want to sccm lab you can pull that up if you want powershell specific you can get that same for dns so you can now search for your labs and just launch them directly from here as well as being inside of the courses i just wanted to make that announcement because i don't think i've told anyone i did that a couple hours ago um but just so everybody knows all right so i'm way behind on chat uh let's see so someone's asking if i started on the azure course uh i have not but i'm planning on doing it in the next couple weeks so that's coming soon uh and by the way for those that voted on that survey that i sent out thank you for doing that azure was the clear winner um so we'll be making more courses out of that list i think mdt is going to be created me and robert hill will be coming together to create that course for you but yeah azure will definitely be coming uh as well as some of the other ones so um just keep your eyes out for that uh janice is asking how you enable all users to log in via remote desktop that is a group policy configuration um i'm going to write that down janus and i'm going to do that in the next live stream because i'm already at 40 minutes and i still have a couple more things to go through so if you will make it it will be on sept it'll be two weeks from today september oh no it's gonna be october 2nd oh by the way star wars the new star wars game comes out on that day so man i don't know wow i guess uh i'm gonna have to not play star wars for a couple hours i was planning on getting playing that game all day yeah but i'll do that on uh october 2nd okay but i have that saved in my notes um so i won't forget you okay let me figure out where i am uh we were going to talk about disabling user accounts so before i do this since i'm logged into paul.hill what i'm going to do is just create another user account really quick go to domain users also i would never store domain users in the same organizational unit as domain admins i would make a new ou called domain admins and i would put them in their own ou this is because i'm probably going to be making group policy settings and i just dragged and dropped that over here you can also right click and choose move and you can choose where you want it to be so you could do it like domain this is a safer way to do it domain admin said okay but a lot of times you might be setting up specific group policy objects in the organizational unit where domain admins are located uh so domain having done your regular users that are only to be logging into windows and they're only going to be clients using your domain you don't want them in the same ou as your domain administrator it's just not a good practice okay so let's make a new domain user and we're going to call him joe friday i think that was the name of the detective on dragnet if you guys remember that joke friday so joe.friday we're going to give them the same password because it's a lab environment i'm going to say does not need to change their password we'll click next uh so now i can log in as this user account just like i did to paul.hill but if i right click on this user i can select disable account and it says joe friday has been disabled now we can see a little down arrow here on the left hand side in most domains you want to have an organizational unit called disabled users and this is where you put the people that you haven't deleted yet but you're probably going to delete at some point so what i do is right click select move and we go under server academy and we'd select disabled users if i hit ok that will move the user out of here we would assign a group policy object that denies the right uh to log in to any computer in your domain and we can talk about that i'm gonna add that actually here um so we're gonna deny login right for disabled users ou we'll cover that in the next uh live streaming group policy but we create a group policy object attach it here and the reason why you would do that you'll be surprised how many users are supposed to be disabled but for whatever reason they accidentally got re-enabled or the administrator just forgot to disable the user account and now you just have a user account with a password that can access your domain that should not be able to do it so we create this disabled users ou and when we move users in that ou they should be disabled so if another admin comes through and they see hey i see this account disabled users ou but it's not disabled you can go ahead and disable it if you don't see that you also have the group policy object that's going to deny the right to log in or use any kind of resources in your domain so you're kind of protected a lot more than if you just you know have one big container one big organizational unit and you're just trying to you know disable user accounts as you need to okay so if i go here what i'm going to do is i'm going to try and log in as jio friday and just show you guys what happens so i'm at windows 10 i'm going to hit control delete i'm going to select other user and we'll type in joe.friday and i'm going to type in the password and it says your account has been disabled please see your assistant administrator yeah if you see this it works bad news probably got fired i hope not but that's never a good thing to see when you're trying to log in at work so someone's asking what the best scheme or the best uh structure for active directory is yeah i yeah i try to avoid the default organizational units for everything except for the domain controllers i think leaving your domain controllers in the default ou is fine there may be reasons why you don't want to do that that i'm not aware of but i've never encountered any issues doing that but in most cases i'll create for me in the environments that i've worked in we've all done the same thing we create an organizational unit under the domain that has the same name as the domain so server academy and then we create uh as much separation as we need so you can kind of see like i started out with domain users domain computers and i think it was domain groups but as i was going i realized i needed to make a disabled users ou i needed to have um domain admins and things like that so it's gonna change depending on the needs of your network but i would at least have this set of organizational units here if you're giving services maybe your software is a service company and you have different tiers you might create different organizational units for the different tiers that your software adds or offers so it just really depends but this is kind of the base that i would build if someone asked me to come build infrastructure or active directory infrastructure for them regardless of whether it's on-premises or if it's your active directory this is what i would start with okay all right uh so these uh i'm not sure how i pronounce your name him and shu i think i got it right he's asking once the account is disabled after how many days or weeks would it would the company delete it i've seen places where it's 90 days i've seen companies where they never delete it and they just disable it if you have a high amount of users that is 50 000 or more users you may want to start deleting disabled user accounts but if you have a smaller network it's less than a thousand less than 5000 you really don't have to this is something though that it doesn't it doesn't hurt to leave the disabled user there if you don't have a bunch but you can automate this with powershell you can set up a scheduled task to run the get dash 80 user command and you can filter it to say if the user is disabled and it's been 90 days then go ahead and just delete their account you can also write powershell scripts to disable any user account that is in the disabled user's ou and i think i have that inside of the group i don't know if that's in the group policy or the powershell but i do have a lesson on how to do that but that's you know another any way you can automate things deleting user accounts you don't need any more disabling user accounts uh maybe i i think also in the same lecture we show how to move user accounts to the disabled users ou so say i come here and i disable uh joe friday but i forgot to move them we can you can write powershell scripts to move that account to the disabled user uh ou for you so you don't have to worry about doing that and any way you can automate tasks uh that is you know it saves man time it seems man hours and it saves your company money it saves you time saves you money so it's a good thing to do so perry's asking what an object relay is i'm not sure what you mean by object relay you have to give me some context i think there any other questions in the chat we're almost at 50 minutes so i'm gonna have to hop off soon um i wanted to get created to creating file shares and joining computers to domain but we're not gonna have time so i think we're actually gonna end up wrapping it up about here um one thing i want to point out is that we have uh let me get the link for you guys you guys want to see this if you go to serveracademy.com youtube right there if you guys go to that link um you can get that's how you can start a free trial and get access to everything that i've been showing you all these it labs uh it's gonna take you to a page where um you'll enter your billing info but you're not gonna be charged for seven days it's a seven day free trial and you can just sign up and just use the labs for today or re-watch the live stream from today and um and then once you're done with that you can cancel that's totally cool um but hopefully you'll sign up and you'll like it and you'll want to stay stay on as a member but yeah if you click that you'll come to this page and you can try out the platform for free you'll get access to our discourse uh which is the community tab the live hangouts which we regularly run these live hangouts every other week uh usually it's only internal i don't host it on youtube but i decided to do it today hopefully you guys on youtube got some good value out of this but again if you like this kind of stuff you should really consider joining at least the free trial get access to all of our courses you're going to get access to all the labs you get access to me to ask me questions as well as interact in the community with other students and things like that so i think that's going to wrap it up today so what i'm going to do now is i'm just going to switch over and just answer questions if you guys have any and i think you guys can see my husky there on the left-hand side he's hanging out um cool man i'm glad uh glad to hear that you guys have been enjoying it all right so oh okay so perry uh it's an object what i was moving was a user between organizational units and uh it's not an organizational unit i know i'm talking kind of fast it's probably not helping but yeah i was moving a user from one organizational unit to another and that's important because group and group policy you will attach specific policies could be security policy could be a desktop wallpaper it could be software that gets automatically installed but you'll apply these policies to specific ou's so if your users in the wrong organizational unit then they're going to get the wrong policies and that can be really bad if you're granting permissions that they don't need to have or they shouldn't have someone's asking the best way to back up your domain controller um the free option you have is windows server backup and that's a server feature that you can install and you can take a system state backup i think i have actually a lab on this if you want to practice it um windows backup let's see is it back yeah windows server backup if you come if you join sign up for the free trial run this lab it's also inside of this course active directory i show how to backup your active directory server but if you run this lab you'll be able to actually create a backup and i think restore it i think is how it works but yeah you need to run a system state backup i don't know this is the best way but it's the freeway that's included with windows server uh someone asked about a link to today's video i will email that out at the end of the video today and then also it'll be on youtube uh yes we do offer a certificate of completion uh you have to complete all the material it's about 40 hours um it takes longer than 40 hours to get through everything but that's the requirements and then i review everything that you've done and then i award the certificate uh let's see oh yeah man uh adam awesome man thanks for joining um that's awesome uh terraform and powershell which one would be the best literature id you have to use both if you're if you're using terraform to bring up your infrastructure you're probably going to be wanting to implement with powershell also to automate other things right you wouldn't use terraform to create active directory user accounts but you would use powershell to do that so you should use both when do you want to need to create an ou and active directory uh just depends on the infrastructure that you have like you saw that i was disabling user accounts and i realized hey i need to make a disabled user's organizational unit so i went ahead and did that um so it's kind of as a as needed basis but i would start out with the same structure that i was showing you uh earlier dj ryan has an interview friday that's awesome and why is vmware needed so much they say i need knowledge in it vmware is a virtualization technology that's actually um what some of my labs are hosted on but virtualization tech it's it's they all do the same thing so if you understand hyper-v you're going to have a different interface with vmware but you're going to be able to do the same kind of things so uh you can download vmware esxi for free if you go to google.com google.com and if you download that and you can install it on an extra computer if you have it i might actually set up i have some vmware stuff in here i have a cenos lab this is actually run on vmware but you don't get access to the backend so maybe i could add a lab for you for esxi yeah shoot me an email if you want that or if you sign up and you want access to the lab i can i can do that for you uh and congrats on the interview man i hope you kill it hey andre good to see you man andre is a regular student at server academy he's always i'm always working with him he's a great he's super super diligent super uh super hard working uh he's doing great in in the platform yeah and we're uh andre we will be bringing azure to the platform soon that's definitely the plan someone's asking what's the difference between deactivation and disabling an account uh you don't deactivate accounts in active directory you only disable them so i would say it's the same thing probably just a different term unless you meant deleting deleting is the account's gone you're not going to recover it so disable the account first wait 90 days then if you know you don't need it then come back and delete it cool dj ryan my email is paul serveracademy.com horizon horizon vdis that's different that's virtual desktop infrastructure that allows you to use basically a desktop computer um from almost anywhere in the world right anywhere you have an internet connection you can log into your desktop infrastructure it's a little bit different um you know but it is virtualization so same kind of idea but you're virtualizing desktops you're not virtualizing servers like what we're doing here this is a virtual machine um that i'm running here in the background that you guys were working at or looking at which i realized just now you guys can't see my screen but uh so you can sign up by going to serveracademy.com youtube i'm going to stick this on the screen so you guys can see it if you guys go to this link you guys can get access and you can practice what we were doing today let me share my screen here desktop with webcam serveracademy.com forward slash youtube uh that is how you're gonna get access to what i was working on today and let me and for the surf academy members i'm not gonna show that you guys don't you guys already know you're already members on the platform so you guys don't even see that um so for ceus you can use them uh it's i think it's i forget what the credit hours are but there's 40 hours in our platform so i think it's i don't know if that's 40 ce's i don't remember but there's a if you go on comptia you will see um how many ceus per hour you get and we we run 40 hours so it'll say on your certificate as well how many hours that you actually uh did to get the completion um let me see if i can pull up an example certificate i think i have one let me see if i can find that just so you guys can see what it looks like here's an example okay so this is an example that i'm pulling from my images folder it has an old number it has 30 hours but the new ones will show 40 hours so this is something that we had on our website um that's old but down here it's going to say 40 hours not 30. it tells you it gives you a certificate id so if somebody needs the verified certificate they can do that they can do that with us and then it has an expiration date our shirts are good for five years and then it just has the title of what you did and yeah that's pretty much it so you get that when you reach under let me go to the courses page here i'm just going to go ahead and uh bring this up so when you reach 100 up here this button that says request certificate will turn green you can click that and you can get your certificate after it's not an automated process i go through and i look at what you've done i review your progress and then i issue the certificate people are asking if companies recognize my certificate i am not accredited so you're not going to go um i'm not even sure how to describe that yes companies recognize my certificate um yes they do ask for the curriculum i show them the curriculum and they see what you guys have gone through which you can also see that if you go to serveracademy.com curriculum you guys can see what it looks like this is the curriculum that outlines all the lessons that you're going to go through all the different tasks we have file system storage allocation units if i scroll down it's it's a lot of stuff right but if they want to know more about the certificate that you have and what you've learned uh we can provide them with this certificate and i'm sorry this curriculum and they can review all of it so this is powershell powershell arrays variable challenge um you know while loops i think we get down to sccm after that and then we have like a virtualization section operating system deployment endpoint protection i mean it's a long list um but you know if there's any question or they want to ask about what you've been learning you know you can give them the certificate give them the curriculum and uh and that speaks for itself okay let's see what else um so someone's asking what the price is it's it's a free seven-day trial so you guys don't have to pay anything you can get access and you get access to everything you get access to all the courses you'll literally everything that i just used in this webinar and more because you guys didn't get to see the courses but uh you guys will have access to all of this material uh all the all nine modules it's not restricted at all you have access to all the labs all the labs listed here uh you're gonna have access to the community uh which you can sign up to without you know needing it to be a paying member but you get access to everything all the live hangouts just by signing up to the free trial so after that if you guys decide want us if you decide you want to stay it's 37 a month um but it's uh it's free you can try it out for free i think i mean everyone should try it at least try it and uh if you don't like it then tell me what you don't like because i'm trying to make it better someone's asking how do you pull the last logs if there's more than one domain controller you want to have if if you have a big network you want to have a log server let's see i've used uh lately i'm using splunk but there's other i've used like gfi events manager i think there's a free one i think it's gray log free uh let's let me search this free open source log or yeah log event management software management tools i'm pretty sure the one that i used was gray log there's logley if you search for this you're going to find tons of results so let me just put that over here yeah top seven free log management tools you want to have some kind of log management software it's great because if one of your server crashes you still have the logs because it's pulling logs off of the server so dj ryan i'm rusty so your videos can help me that's awesome um oh okay yeah so i don't i don't have training on vmware horizon um i don't i don't have any training on vdis and things like that so you'll need to go somewhere else to get vdi specific training my training is all on windows server it's on hyper-v powershell everything that's listed here um right here and inside of the curriculum uh url that i just showed you guys installing configuring windows server active directory identity group policy dns dhcp wsus powershell sccm and then i have like on-premises and cloud virtualization maybe i can bring vmware horizon to this module 9 that's on virtualization but right now there's not like a lot of demand for it so i don't think it's i don't think it's really an in-demand topic so i'm kind of focusing on azure because azure is like one of the top ones that everybody wants cool so i want to do more live streams on youtube even though i try to keep my technical training to the members um today was an exception i wanted to bring it out to everybody so you guys could get access to it hopefully you guys enjoyed it hope you guys liked it if you guys liked it hit the like button hit subscribe uh you probably already are subscribed if you joined the webinar but it helps me out um you know even if you don't pay and join the met the platform just having your subscription having your likes on the on the video really helps me out a lot but i want to do like more hangouts uh i think i was thinking about just even hanging out while i'm gaming or something like that i could answer questions um i don't know i don't know if you guys would like that or not but it's something i'm thinking about doing awesome i'm glad you guys liked it i've been meaning to make a new video and i still might do it um dj ryan's asking if i am a sysadmin i am a senior systems administrator currently working most of my work is on infrastructure in aws like windows centos um so i run server academy i don't pay myself anything from server academy um i put all the money back into the platform because i'm trying to make it into something worthwhile but i do work full-time as a senior assistance administrator and then i've been using it like i started it with my own money and now the company pays for itself and i pay my employees and things like that but i'm still working in the field and that's one thing that makes uh me different from other instructors is i'm not a full-time instructor so i'm out there like i go out and i see what companies are doing i work for a sas software as a service company so i'm seeing like what the best trends are the best practices and i'm bringing them back and i'm adding them to the platform so that's definitely one thing that makes me different than anyone else who's offering training i'm not i'm not a solely just a trainer i'm actually out in the field yeah so i am going to be bringing azure to the platform definitely uh michael's asking about an aws tutorial yes that is in the plans i'm actually better much more comfortable with aws than i am in azure but azure has been so popular and plus i'm already teaching almost you know almost the whole microsoft suite or the major core components of microsoft infrastructure i figured i would go with azure um or azure how do you guys want to pronounce it but uh yeah i i'm thinking about doing aws maybe like on a cover like just the solutions architect just real high level stuff but yeah it's definitely on my mind all right corey thanks for hanging out man uh i will be talking to you later oh cool uh server plus that's a good start to get another good start to get is security plus so that should be the next one on your list also corey i responded to you on the discussion board so i don't know if you saw that i don't know if you actually responded hopefully i didn't miss your uh response but i just wanted you to know that i did respond to that and have a good night i do have uh i do have a section on installing and managing windows server core uh generally what you're going to want to do and by powershell core that's that's what you get when you install server core you're going to be managing everything through the powershell um uh core instance so if we go to labs and i go to server core if i search server core if i can type it right we have installing uh server core this is installing the operating system and then we have a lab for installing roles and features once you install server cord and you get it connected to your network you're pretty much going to be managing it from another server that has a gui um so you know there are differences in powershell what's available in server core and the desktop experience but um you know it's you're going to be asking you're going to be managing it through a gui pretty much for the most part the 37 is monthly it's a monthly membership sure thing michael just checking on my phone now i got all these messages hey archer come here you want to say hi come here archer come here my dog is confused i'm trying to get him to come say hi everybody can you guys see him you want to say hi come here come here you want to say hi to everyone no someone yeah he's distracted there's other stuff going on all right guys i think i'm gonna head out um how long is it training about 40 hours currently and it's growing all right guys i think that's going to be it for today so thank you for coming and hanging out and we will do another live stream in two weeks um but i'll talk to everyone later bye

Info

Channel: Server Academy

Views: 41,099

Rating: undefined out of 5

Keywords:

Id: h0QLtup0CWQ

Channel Id: undefined

Length: 68min 7sec (4087 seconds)

Published: Sat Sep 19 2020