Creating OUs, Users and Delegation of Control in Windows Server 2012 R2

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you in this tutorial it's assumed that you have the active directory role it already installed onto your server so we're going to go ahead and create three different organizational units we're going to create a Human Resources and then to sub Oh use of Human Resources users and Human Resources computers and then I'm going to show you how to go ahead and create a couple of uses and then delegate control to those users so let's go ahead and start by choosing Administrative Tools Active Directory users and computers and since we're doing our primary oh you of human resources we need to choose the forest which in this case is LabCorp but of course you to be different right-click choose new organizational unit and then type in the name of the organizational unit and as you can see the checkbox by the protect container from accidental deletion is checked this is the default for Active Directory it just keeps you from accidentally deleting organizational users or users just leave a check and I'll show you later how to go ahead and delete the user or organizational unit go ahead and click ok now for the subcategories of human resources the human resources users in computers just go ahead and in this case right-click Human Resources our primary öyou here and just follow the same procedure with new organizational unit and again for human resources computer okay now we have our primary human resources oh you plus the two sub Oh use of human resources users and human resources computers now if you want to delete one of these you right-click choose delete given the prompt are you sure you want to click yes then you met with the error message it you don't have sufficient privileges or that the object is in protected mode now to delete one of these units you have to go to the view now you have to choose advanced features now let's go ahead back to that unit will locate will do Stas we'll just scroll down till we find it drill down to human resources users again right-click try to lead again give you the prompt do you want to delete it but you still miss met with a Sal message that you can't delete it so what you need to do is you can remember when you made when you created this oh you that boxer says protect this oh you from deletion accidental deletion that's what we have to clear so now go ahead and click that oh you choose properties go to the object tab and here is to protect object from accidental deletion simply uncheck that apply okay now when we try to delete it we highlight it delete we're prompted again say yes and now as you can see it's gone that's how simple that is so let's go ahead and next create a couple of users we want to create a couple of users under the human resources users oh you so simply choose human resources or you right-click new and in this case we're going down to user and just click user just simply fill in the box we're going to go ahead and call our first user Jenny Smith and we'll give her a user login the name of Jay Smith with next usually we'll just give them a default password and allow them to change it upon their first login so let's just use a default password you can choose whatever you want and we have to confirm the password the default is using let's change password at next login that's usually checked you can go ahead and uncheck that or you can choose user cannot change password that means they can't change it from whatever you set it to for password or their password never expires usually most for security purposes your password you to trade is within a set amount of days then you have to change it this way you can override that or you can disable the account completely meaning that the user cannot log into their account at all but we'll leave it with user must change your password at next login click Next it gives us a synopsis of the name username and the fact that the user must change your password and click finish and then we have our first user Jenny Smith so let's go ahead and create another user we'll call this one oh the see how about Joe Brown and we'll give him a user name of Jay Brown next we'll give them the same default password and again we'll go ahead and leave this as default that these are must change your password when they login get our synopsis of what we've just done and click finish and now we have our two users Jenny Smith and Joe Brown both of these are not administrators they don't have any rights to change anything and this is where we're going to get into the delegation of control here so that's the next thing that we're going to accomplish here is we're going to go ahead and delegate some controls to out listeni Smith when you create new users you don't want to give everybody administrative rights however some users will need certain rights in order to perform their tasks this is where a delegation of control comes in handy there are three specific permissions in delegation or control and this is read which allows the user or group to read the GPO but not does not have a capability of editing any type of rules or settings your next permission is edit which allows the user or group to not only receive the settings but to edit the settings however they cannot delete the GPO nor adjust any of the security parameters your final permission is edit settings delete and modify this allows the user or group to actually modify the GPO settings delete the GPO or adjust the security settings for the GPO itself so let's go ahead and delegate some control to let's say Jenny as I said before we right-click Human Resources delegate control and our delegation wizard box pops up click next we'll add Jenny Smith so just choose add and type in Jenny Smith's name here choose check names this will check to make sure that Jenny Smith is actually valid user and it is because her name is now underlined with our login name of the company email now if you were to type in somebody's name that wasn't a actual user and I'll do this now just to demonstrate type in let's say Frank Jones we never created a Frank Jones we click check names and we come up with a name not found a box here which tells us that hey we don't have a valid user well let's go ahead and cancel that put Jenny back in here check names she's valid click OK and now you can added more names here at this point or we can move on so let's go ahead and move on since we're just going to work with Jenny but next we have a list of delegated commands here you can choose one of these boxes several these boxes all of them or you can create your own custom test to delegate to her but in this case let's just say Jenny has going to have the hat don't have to have the right to delete and create management and user account so let's go ahead and just create delete and manage user accounts choose that click Next we get a synopsis of her information and what rights she has now we'll click finish and now we have just delegated admin rights to Miss Smith for the specific task now what if we want to say take those rights away from her let's say she's moved to another another department or been demoted or something you know something drastic there how do we take those rights away or we have to go back to the oh you Human Resources here right click go down to properties and then go to the security tab here and scroll down under groups or user names and find this Smith here's Jenny Smith right here just highlight her name click remove apply and ok now to test this would go back to Human Resources back to properties back to security and now as you can see her name no longer exists under a group or usernames to summarize this tutorial we have covered how to create oh use create sub values add users and how to delegate responsibilities to those users thank you for watching and please subscribe you

Info

Channel: NetAdminWorld

Views: 8,312

Rating: undefined out of 5

Keywords: Windows Active Directory, Organization Units, Create Users, Windows Server 2012 R2, Delegate Control to Users

Id: ZeTkF2YpP9I

Channel Id: undefined

Length: 11min 10sec (670 seconds)

Published: Sat Jun 25 2016