IT: Helpdesk (Understanding Active Directory)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

do hey guys we're doing skeptic here bringing another video on information technology i hope you're having a good day uh happy saturday and today i want to go over active directory for help desk obviously if you're new to my channel do it videos that stuff supporters talk about how to get into it so as always rate comment subscribe hit the notification bell that way you know when i go live greatly appreciated all right so today i'm gonna go over um active directory for help desk that's basically what i'm gonna do today so i'm gonna show you uh what you should be focusing on if you're doing active directory for help desk so i don't know if you watched my other video from last week basically i had server 2016 uh i installed server 2016 i actually installed windows 10 on the vm i installed server 2016 and the vm i joined i joined the the vm windows 10 onto the domain which talked to that kevtech.com domain so i want to show you what you should be doing if you're doing help desk or you're doing active directory and stuff like that so it's very important by the way so if you're not listening to this this is super duper important you need to understand how to do this uh because in a job environment these are things you probably will encounter in a job environment uh happy saturday guys i hope you guys are doing really really well all right so let me share my screen with you this is not gonna be a long session by the way it's not gonna be a really long session today it's all about active directory i'm actually in the process of fixing my room as well i'm changing some stuff from your room i'm re-decorating my whole room but it's all about active directory today so let me share my screen with you give me a second okay so we're gonna go here i'm gonna turn on my chat i am going to move my my chat somewhere else just bear with me give me a second and i am going to share my screen so then do share screen it's your screen to your screen i'm gonna do uh hide and you should be able to see my screen and i'm gonna make this smaller just so you guys could see everything you know and make it too big there we go perfect all right so um what are we going over today so today we're going over uh active directory on the server so i'm going to show you some some cool tricks you could do on active directory things that you should know if you're doing active directory and i'm going to go over a little by little i want to go too fast today but also i don't want to be live here for 100 years because i i need a i want to take a walk i want to enjoy the weather today there's a reason why you guys see me wearing like a nike nike uh polo shirt is because i'm gonna go out for a walk and you know just hang out later on in the park anyway so uh what i'm gonna do is i'm gonna go and log into uh server 2016. so by the way this is what you should be doing on your server if you're not doing this then you're not going to learn anything so you need to need to know how to do how to do how to do certain things you know that makes sense so i'm going to log into kept.kevtech domain right so basically what i'm doing right now then the next thing i'm going to do is i am going to i'm going to create an account so like if you're doing active directory and if you're brand new to it if you're if you're if you're a guy that's brand new or girl whoever it is right you're brand new you're starting out active directory is your best friend for help desk you cannot avoid active directory that's something that you'll be doing if you're doing help desk if you if if you don't understand help desk you need to understand how that works you need to understand how active directory works because that's something you'll be doing every single day in your job you may have access to do uh like a password reset you may not have access to a password recess i'm going to show you a lot of things on active directory today that i recommend you practice if you're doing this in your lab environment so first thing i'm going to go over is group policies i'm going to open that up real quick and immediately it opens up this thing called forest you click on this click on domains click on this and click on your domain controller right here and i'm going to do not show again so for someone that's brand new you may have access to this you may not have access to this so that's really really important hey guys how you doing guys i see you guys in chat i'm looking at chat don't worry so um you guys could ask me questions while i'm doing this this is for help desk guys it's not for sysadmin or server admin but this will help us i'm going to make more of it more advanced videos later on this year but today we're just going to help that stuff okay so what you want to do is you want to go into settings right uh we're gonna hit add we're gonna add we're gonna hit close and then we're gonna go into show all and this is very important right here by the way so if you guys if you guys don't know how to do this this is super duper important look at my screen right now so this is very important what i'm sharing with you and it looks it looks wonky because i actually install a special application for this that's the reason why it looks wonky so what you want to all you care about here uh is password history you care about uh maximum password age uh max minimum password age minimum pass or length uh account local threshold so what what does this mean right here so this is how many times you could log in on a on a computer before you get locked out of the computer it has zero zero attempts so that means you could log in as many times as you want it's like unlimited amount of times you could log in so that this doesn't make any sense i have to enable something for this so i'm going to change that right now actually uh if you scroll all the way down it says enforce user login restriction enable maximum lifetime for service tickets 600 minutes maximum lifetime for user tickets 10 hours maximum lifetime for user ticket renewal 7 days maximum tolerance for computer clock synchronization 5 minutes you have all this other stuff on the bottom so one of the things i want to stress out in it is that you need to understand how domain controllers work how group policy works even if you're brand new to it you should at least know what this is you shouldn't at least know understand like how many times you could log in how many times you could you know how many times you can you can log in before you get locked out and stuff like that so it's very very important by the way hey uh keep it techy how you doing man give attention thank you man thank you i appreciate it so random thank you appreciate it greatly appreciate it man yeah so um all right so all right so uh anyway so this is this is what you need to know is just understand how these things work and group policy is very important like how do you edit it you basically right click edit and if you go to preferences you go to administration you go to windows settings you go to security you go to account policies so you go up count policies you have your minimum password age which is right over here it's not set minimum password age is right over here you have your your password account lock all through so it's not defined so maybe you want to set it for 30 minutes and enable it to hit okay you hit okay enabled it so maybe that's what you want to do so then when you go back here right i'm going to go here and just re let me just double check everything set up correctly so basically what i'm doing is i mean i'm enabling account lock out russell on the on this thing on a group policy that's what i'm doing right now by the way if you guys are wondering what is he doing this doesn't make any sense you know that's what i'm doing right now so password policy you need to understand how these things work uh account not called thrusters is not on right now i'm turning it on right now so you need you need to log in again so basically what this does is if we go all the way over here uh micro threshold is set to nothing right so we're gonna go we're gonna close out of this right i'm gonna reopen it again it's group policy management right i'm gonna go back over here i'm going to go back over here i'm going to show all and it should be enabled now so account call crossover is 30 minutes uh lockout also has five minute invalid login attempts in 30 minutes i just enable that in group policy so that's how you would enable it in group policy by the way so this is very important to understand how this works uh you won't you would not be you would not do this in in help desk but you should at least understand how group policy works at least a little bit that's the important thing about active directory just understand how your policies are set up in your job and your environment obviously if you don't if you don't know how your policy is set up you could open up your your um cmd command line and you have you have gp result right you have gp result you type that in you the gp result you do slash you do r and it will tell you like what policies are in place of that company right over here so i'm i literally just i like using the word literally right so i i just i just put the policy in place and it tells you all about your policy about your company policy and stuff like that so that's really really important by the way so you need to understand how this works obviously if you have access to do this you will do this you just run the command gp result it gives you the results of the policy that's set for your company it's set for your your you know wherever you work if that makes sense so this is super duper important this is the reason why i talk about this i stress the living hell out of group policy you may not have access to it but you may may have you may not so you should understand at least a little bit of group policy and just you could implement it in your job so you like you just click edit right over here and you just you can start by playing around with this you can start by blocking task manager you can start blocking a bunch of things over here and i'm going to go over that today because that this video will be too long if i go over that today so next thing i want to go over is i want to go over active directory today's gonna be a short video by the way i want to be on too long um all right so you need a you need to go in here so what i'm going to do is i'm going to show you a bunch of tricks you could do an active directory uh active directory using computers is basically what i'm gonna go over today i'm gonna show you a bunch of things that i've gone over before and i have not gone over before so one of the most important things in it when you're searching for a client or a user you hit the find button so if you right click you do fine right and i'm searching for help that's right over here see i hope this is all the way over here um and it's under users right so if you if you type help desk right you double click on him you found him right the thing is is that peop sometimes when you're when you're working in a in an it environment when you're working in a company right you're working like for it help desk or desktop support sometimes they're not located on their users you want to know where they're located right so the important thing is this of this video for today understand about entire directory because sometimes you you search kef tech and he might be somewhere else you don't know so you do active directory entire directory and he should be right there another thing you want to you want to figure out or you actually want to understand if you're doing help desk this is super duper important it's the view setting so we have this view settings right over here right i i actually quiz people on this just so you guys know you guys don't if you guys don't know my internship i actually quiz people on this if you don't know about this you should understand how this works um in my job it's enabled by default in my job we we we enabled it in my job and your job i'm not sure if you guys are allowed to do this but basically i click view settings i click advanced features so you click advanced features it gives you all these other options right over here why is this important this is very important because when you do that it gives you the the the object the object tab on active directory so what does that mean so if i go to help desk i double click on him it gives me this tab called the object tab it gives me the object tab right over here so you click advanced features right over like i just clicked advanced view so you go to view advanced features right if i if i uncheck it look i'm going to show you right now if i uncheck it right click on help desk it's not here you see it's not here look object is not here objects missing an attribute editor is missing those two things are not here at all so if i go back to it and i enable it it actually gives you those options there so this is very important by the way in it so you double click on help desk now it's there see the attribute editor is there an object is there so what is object so basically what object does object allows you it tells you where the location of that person is whether it's a group whether it's a it's a security group rather it's a person in the in the company it tells you where to locate it so that's the important thing of object so the object tells you where the person is located at so basically what i do is you could just right click here you hit find you do entire directory uh you do help desk right and you double click on help desk and you do object it tells you where you're located and also the other important thing that some companies might do um they might block this for you so they might they might do this might be a great offer they might check this mark check mark this protected object for accidental deletion so what that means is you cannot delete help desk at all so what i'm gonna do is i'm gonna hit apply i'm gonna hit okay i'm gonna go into users again i'm gonna right click on users i'm gonna hit delete i'm gonna hit yes and it's not gonna let me delete him because i just enable uh not you cannot delete that object it's just not gonna let you do it so i did that you know in some jobs they might have that enable that's very very important which people don't talk about uh the other thing you want to you want to learn about active directory if you're brand new to it is accidental deletion on on how to enable the recycle bin which is i have spoke about this before so uh active directory has their own recycle bin so if you go in here and if you go to administration tools and you go to active directory and you go to active directory administration center you click on this right you open it up you click on kevin right and then you have this thing called enable recycle bin right over here on the right hand side so people p people probably don't talk about this but there's a recycle bin for active directory you gotta enable this you just enable that you hit okay and it says that it's gonna refresh the whole domain center basically so you just leave it alone i click ok again it takes a bit of time it's going to replicate across the domain controller so what that does is if someone deletes an account on active directory by accident it actually you're able to uh retrieve it or you're able to restore that account on active directory which is something that you may see in your job you may not see in your job so you have this thing called recycle bin on active directory so what you do is you go back in here you go back to active directory administration right over here you go to kevin you see it's enabled now right over here see it's able now it's just crazy now that it's on right and if you go right over here you have you have authentication you have kev tag you have deleted objects right here if you see it there's something called deleted objects right over here on the right hand side or the middle of my screen basically uh there's deleted objects which which it wasn't there before i just enabled it with a recycle bin so what happens is when you do this i'll show you what happens right you right click on help desk right i can't delete it because it's the leader from you know the object right so i'm gonna go here i'm gonna double click on him i'm gonna go into object i'm gonna uncheck this i'm gonna hit okay and then i'm gonna right click on him i'm gonna delete him i'm gonna hit yes so now he's completely gone right over here right okay he just deleted help desk oh no what are you gonna do no you could just you could restore him so you go back over here right uh you go back into administration tools you go into administration center you go into kev tech you go into deleted objects he's right there look at that he's right here he hit restore too you could you could do restore restore to and then you could put him back on the user's folder or you could put it back anywhere else on you want on the domain controller on the ou so that's something very important that you need to understand you know something very very important uh and it tells you right over here and you go to properties it tells you about deleted objects you could open it up uh you hit the question mark it gives you more information about it you know you could do all that i don't i don't know when it when it expires to answer your question jay that's a very good question but this is very important by the way so you just you just do properties tells you about the object it tells you a little bit more information you hit restore right i'm gonna close out of this and he's not here right i'm gonna i'm gonna do refresh so you could you could right click here and you could do refresh and help this to show up again look it's right there now see look at that easy right easy money so basically helpdesk is right there again so that's very important by the way if you guys don't know that this is super duper important that's one functionality that you you will encounter in your job you may not if you're doing help desk so another thing i want to show you guys is the the attribute or editor so actually this is an interview question by the way i'm just letting you know this could easily be turned into an interview question so if someone asks you about active directory and someone gives you like like this this domain controller they just randomly throw domain controller at you and they tell you oh when was when was the last time the person logged in and was the last time the person changed their password right so you basically you would do okay i'm going to cmd i'm going to type net use a net user uh help desk slash domain right it tells you right there password last set password is expire last login it tells you all this information right over here right so where can i get a free copy of server 2016 it's on the evaluation center you have to go to the valuation center it's free it's 180 days it's free so basically you you go in here and it tells you that right but the thing is is like what if what if you what if you open up cmd right and and cmd is blocked by group policy and you you only have access to active directory like how do you check everything right you want to go into here right you want to go into help desk you want to double click on help desk you want to go to attribute or editor right over here if you scroll all the way down look it tells you right here when the password was last changed you see it you hit view look at this wind change look at this you see all this information last change look at this last change when created it tells you all that information you scroll all the way up tells you about the principal name you scroll all the way up it tells you information about password last set three six look at this three six pacific time so this stuff that you should understand if you're doing it support or help this is very important by the way so i'm going over this today too because i have not gone over active directory in depth right i have not done that so this is something you need to understand the other function now that it tells you right here home directory because i i created a share drive for them remember remember i tell you about i created a share drive last week right this he's mapped to the z drive look at this home directory help desk because i created a help desk z drive remember i created this this folder right over here shares help desk remember you guys i hope you guys remember right so look right here so it's actually talking to this look at this this is very important right over here by the way this is super important so help desk is right here the name of the person they're mapped to the z drive do that look at all this information you get out of this uh propagation time when it propagated distinguished name uh cn name all this stuff right over here is important for someone that's new to it i'm not gonna i'm not gonna tell you that it's not it's important it's very important these things are important uh for someone that's new like if you have no access to cmd like i just did right over you could just go over here and check right over here all you gotta do is enable advanced features that's all you got to do easy easy for you guys like right here look right here super super important the other the other functionality that i love in it or the function i love in active directory is the copy functionality so you guys don't know you could copy an account so say for example you have you have someone starting on monday morning right and they they they're like they helped us right they helped us great and um helpdesk is very helpdesk has a lot of features like you you do a lot and help this right if you have access to it like me i nerd out with active directory so if you right click on help this you could copy him so you could create a clone of help desk so say for example we have someone starting monday morning and he's going to be helped us too right so instead of copying all these groups see how you have all these groups you you imagine me copying all these groups one by one or then i just copy him so i do copy i'm gonna do help desk 2 help desk 2 and then i'm just going i'm going to change this i'm going to just put a password over here right and we'll put welcome one one there we go see so it's helped us too right so if i right click on them and go to properties when i click on help does go to properties member of these are all the groups he's part of remember these are all the groups he's followed i just literally save save less than two minutes of time doing this instead of me copying all the people all the groups and everything one by one i would be wasting so much time doing them and you could do it with a power shell too but why why would i why would i add someone like one by one on these tabs that doesn't make any sense right you gotta work work smarter not harder right that's what i tell people that's the thing i stressed out in i.t is when you work it for the first time it's gonna be very stressful but when you figure out ways to make it smarter and make it easier for yourself then you're you're living you're living life after that you actually enjoy your job after that so figure out ways to make your life a lot easier in your job that's basically what i'm trying to say so this is the copy feature right very important by the way you have all these other things right over here you have account you know you can unlock an account so obviously if you're doing it you should know how to unlock an account you should know what what user must change the password next login you should know when a user cannot change password you know when a password expires you know when an account is disabled you know about kerberos and all this other stuff right you could change the expiration date right over here right see all the sealer days like if you want that the account to expire you could do that right over here these are things you need to know if you're doing it the iphone number is right over here right so that this is like if you have a cisco phone by the way this is what i do in my job every day if you have a cisco phone you'll add it right over here so if it's like 722 whatever that that what happens is active directory it replicates over to cisco call manager if you have cisco call manager with ad connections right it actually puts the number on ad and then it syncs over to your call manager or your or your or your cisco phone so all you got to do is log into cisco call manager and assign them a number from active directory you pull it over and then you give them cisco jabber basically what cisco driver is is an application it's a cell phone it's an app that allows you to make phone calls on your laptop so that's what i do in my job i actually assign the number right over here you can put other all right i put 755 whatever and then the number goes over to active directory from active directory to cisco call manager i log into cisco call manager i i go into uh jabra settings and i import the number from ad and then i give them a phone number so basically this is what this is what this is what the purpose of this is for by the way so this is if you have a voice over iphone you add it in here that's what that's for so obviously you have your job title your department uh departments are very important on on in my job and my other my other jobs same thing in my previous job same thing department is very important because if your company has active directory for the internet so what does the internet mean that's the company website right the company web page right if the department isn't set up correctly right over here then when it's not set up correctly the user cannot log into that intranet page so they need to have the right department the right title otherwise they can log into their to the company website this is very important right over here the apartment company manager all this actually talks to the internet all this talks to the internet so you need to understand how that works because some companies have it set up that way they have everything set up with with sso or or single sign-in you know so that's the thing why i tell people like make sure you have the right department the right job title the right company uh make sure they're reporting to the right manager all that like this part right over here manager right it's probably right over here manager and i'm not making this up so as it called active directory active directory uh manager calendar right so what happens is when you let me see if i can open one up right i'll show you real quick so you see right here where it says let me close that let me minimize it see where it says manager right here when you when you add someone to a reporting manager on active directory what it does is it creates an outlook i don't know if you guys know that but let me scroll over here right let's zoom in right over here real quick see where it says teams teams hoku hoku whatever hokuhoku whatever right on active directory if this is not set up correctly right this is not set up the manager is not set up they cannot get the team's calendar so in some companies they're set up this way so if you have a manager and you have a reporting manager and you add them right over here then you have access to the team's calendar on outlook so some companies have it set up that way my current job is set up that way my job before that was set up that way so this is why i tell people just make sure you understand how active directory works because this here from here to here it actually affects office 365. it actually affects uh your your outlook on the calendar i'll look if that makes sense so just make sure you know what that is it's very very important and i'm going to stress that out like crazy because it is very important in 90 by the way so all right so anyway i don't know if you guys didn't know that but yeah that's a real thing by the way so telephone profile this is the home directory if you want to give someone access to the home directory um address you know you put the person what state they're from what region they're from what country they're from general is just like the general information um here you will put the office you put the email address if they if they have it on prem just so you guys know um you guys probably don't know this if you have an on-prem company that has on-prem office 365 or exchange if you put the email right over here it replicates on office 365. so if your company's using on-prem they might have it set up where you put the email address right over here and it replicates over to exchange center basically so you have pub you have uh published certificates members password replication dial in if you want to you want to deny network access permission do phone calls right here assign a static ip you have object you have remote remote desktop services you have com you have attribute editor which is what i went over uh do not apply changes uh you have general all this stuff over here security is important so those are the things you need to understand an active directory there's a lot of stuff in active directory um very important by the way uh what else what else do you care about you have to understand how to do password reset so you do reset password right here you reset the password you understand how to move uh move an object to a different ou so you could either move it right over here or you could drag it you could literally drag it to another another ou it gives you this option to drag them up but no um you have delete we obviously we're not deleting anything you have your name mappings right over here um you have your add to group if you want to add this help desk person to a group you can add them to a group um you have your domain controller right over here you have change domain controller race domain controller um this is very important for someone that's brand new by the way so i'm going to show you something else have you guys ever wonder in your job have you guys ever wondered your job how do how am i help desk right how come i'm help desk and everything's great out for me everything's great off me i can't reset passwords i can i could only i could only unlock accounts and i cannot add someone to a group how do i how does a sysadmin or server admin change all that for you right you know how they do that i'll show you right now so if you go to if you go to help desk right over here right see this has helped us too what i'm gonna do is i'm gonna remove i'm gonna remove him from admin group i'm gonna remember from administrator i'm gonna show you right now right so what they do is you you right click on the domain controller right you hit uh delegate control so if you guys ever heard of this you probably maybe maybe have not heard of this but you could delegate control on someone so you you could give someone access only to active directory if you want you could give someone access only to a certain thing an active directory this is where you do it from by the way you click next you hit add you had uh you just have helped us too for example right you hit next see how it says custom custom right here they can control create delete users reset force uses the next logos i'm gonna click on that one i'm gonna hit next i'm hit finish so what happens is what you do is you close this one right i'm gonna log into this one i'm gonna change user i'm gonna type helpdesk2 i'm gonna put welcome one i'm gonna log into welcome one right you're about to see right now what happens i just gave him delegation control to only do password reset so if you're if you're in a job environment and everything's grayed out for you for some odd reason that's probably why you're you can't do anything because the admin probably went over here right he probably went over here and he probably went to server manager uh he probably went to active director using computers and he probably only gave you access to to do delegation control so delegation control only gives you access to a certain thing you can't do any anything else that's basically what i just did just now what helped us too so i'm logging in with helped us too now and i'm going to show you what happens when i log in and helped us too because he only has access to only do password reset that's helped us level one by the way hope that's level one is password reset so like in some companies they do they only do password reset some companies don't do password reset you know it depends where you where you work obviously so let me show you that real quick i'm just trying to log in right i'm waiting for this thing to log in all right so what i'm going to do is i'm going to go into active directory active directory users and computers right just let that open i'm gonna go here i'm gonna go here i'm gonna go here just let it open right so i'm logged in as help that's two right now so i'm not holding this helped us too right now right if i double click on help desk everything is grayed out look at that see that's what delegation control is look at that you see that you guys just saw my screen look it's grayed out helped us too has helped us too i just like them without this too it's greyed out because i did delegation control so we do delegation control they only have access for password reset everything else is grayed out everything else is great out by the way look at that so if i right click on him reset password i could reset password but i cannot i cannot change password next login so that's basically what i did as basically i only gave him access to do password reset so that's how you would do it in level one by that's basically what a system will do to you you bet you know what i'm only going to give him access to do password reset so i'm only gonna delegate control so i'm gonna go back to i'm gonna go back to the server and i'm gonna show you what i just did okay so what i did was i'm gonna go here i'm gonna right click that i get control next i went to us too right i added him here i had next i only gave him reset password only that's what i did that's basically what i did just now so i did that i logged in as helped us too right over here how do you know you're logged in as help desktop you go to task manager you right click on task manager right uh you go to users i'm logged in as help desk too right it's right here so that's the reason why it's grayed out i only gave him access to do password reset by the way so if you saw that look if everything is grayed out you could you could type over here so like if i try to do something it's not gonna let me do it look screw it up it's great i can't do anything i give it access look i can't even change the folder path directory it's probably not gonna let me do it look i'm i'm deleting i'm trying to delete this it's not letting me do it because i'm logged in as help that's too i only gave him access to do password reset so that that's that's what your server admin or your system it might do to you by the way they'd be like you know what i'm only gonna give him access to to just do password reset that's how you do it on active directory so anyone that asked me a question kevin how do you give someone limited access to active directory you do delegate control i just did it right here look see i could do create manage users i could do modify um if you want to really customize the living hell out of it you just go to the one on the bottom right here you hit next right you hit next right over here and then you just change it so you give them access to computer objects this is like ntfs or share drive permissioning for active directory so basically you you only give them access to a certain thing on active directory next do this read and write access full control of the domain controller uh they could they could only they could only change something on the domain controller the koni ikoni unexpired passwords it's basically what you would do to him or her whoever that is right so that's basically how they do it that's how you do it in it world and helped us by the way that's what a server admin will do to you so going back to this i could only reset the password if i go here does it let me move him let me try moving him access denied it doesn't let me do it it's completely blocked for me because i only give him access to password reset all right let's try something else can i delete him let's see you did not have sufficient rights to delete the help desk object yeah so you saw what i just did right yeah so he only has password reset like i it's grayed out everything is great so this is very important for you guys by the way so i i this is the other the other important thing for you guys is understanding about um computers on a domain controller so like if i delete this computer right over here i'm gonna delete it right now purposely i'm gonna delete it i'm gonna grab here i'm gonna go here all right i'm gonna restart it i'm going to restart and and and first i should not be able to log in because i just removed that computer from the ou you know it's just desktop one is longer there anymore so let's see what happens when i do this it might work because the password the password is still there but we'll see what happens so i'm gonna do help desk for this one i'm gonna do help desk and try to log in look at this the security database on the server does not have a computer for this workstation trust relationship is broken so this is very common and helped us by the way so in helpdesk this is very very common you have an issue like this where you can log in because you just lost trust to that domain controller right so how do you fix that are you being vm said in lan no it's not said static ipj watched my other video i made a video on this last week um so you do is you have to log in as admin as your administrator right so what you do is how do you assign to another domain controller or how do you sign to a local account how to log into a local account so i'm gonna do dot slash and let's see if it lets me log in uh let's see administrator this is the account has been disabled right so and it land now i'm going to show you something different now you'll be like kevin you can't log in you can't do anything how do you fix this what what just just relax just relax watch this which i'm gonna fix this i'm gonna shut down the whole computer and i'm gonna teach you something different now i'm going to use something brand new that you have never seen in your life before right i'm gonna go to my vm i am going to do start while it's starting up why should i show you well i was starting up i'm going to right click on i'm going to choose disk and i'm going to choose hiring boot boot iso right i'm going to do a machine i'm going to reset i'm going to reset watch just just watch what i'm going to do right now and see it's in hiring boot cd i could fix this now so i'm going to do is i'm going to choose the other cd so i'm going to go here i'm using 15.2 right let me go to my documents i think i have it right over here somewhere downloads see if i could find it this is 15.2 we have document uh we have downloads this one this is the one i'm looking for so i'm gonna i'm gonna reset it again watch what i'm gonna do because you can't log into the computer anymore right but you still have access to the bios right so i'm going to do is i'm going to reset the password on this account so i'm going to hit cd i'm going to click on this i'm not hit the space button on it i can't log in with any account right now right i can't do anything so it's a local account i don't know the password for the local account by the way i i purposely forgot the password so i'm gonna do is i'm gonna log into hiringbootcd i'm gonna reset the password right now i'm gonna make a brand new account over here watch so now i'm logged into this like kevin what the hell is this you're about to see right now so i'm gonna open this up i am going to close this i'm gonna go to utilities i'm gonna go to security passwords i'm gonna open up password editor i'm gonna hit this right over here i'm gonna look for sam i'm gonna open up sam see i have two accounts right here i'm gonna i'm gonna go to i'm gonna go to this one i'm gonna change the password on this one i'm gonna actually see if i can't enable this account it's not gonna let me do it okay fine so i'm gonna go to admin i'm gonna change the password admin i'm gonna put welcome one for this one welcome one so then i'm gonna do is i'm gonna exit out of this uh let me see if it lets me do it sorry about that just give me a second change password welcome one welcome one i'm gonna hit okay save changes exit i'm gonna rest i'm going to restart the computer right restart i'm going to right click on the cd i'm going to remove it just let it let it do its thing so basically i don't know the password i just reset the password by the way like wait what you could do that yeah i just did that with hiring bootsie you just saw what i just did so i'm waiting for the computer to come back on right uh i don't know i can't log in because the trust relationship is gone so if i so you guys don't know what i'm talking about right so i'm logging in as password one right here doesn't work right i need to log in as the admin account i just reset the admin because i'm gonna type admin i'm gonna put welcome one right and it should let me in you should let me log into it i just reset the password there we go and that's how you log in whatever in boot cd i just reset the whole password i hacked it with hiring boot cd all right so what i'm going to do is i'm going to go over here i'm going to right click this pc i'm going to go to properties i'm going to change settings i'm going to go to change i'm going to take it off the domain i'm going to put work group right over here uh yes so it's just it's just opening right now help desk i'm putting the password for my domain for my admin account which is help desk and i'm putting the password for it i'm taking it off the domain because it fell off the domain right it just fell off the domain uh it's gonna make you restart that's fine i'm gonna restart now uh restart anyway so you see it's not here anymore i just removed it there's nothing here right now so i'm logging in right now right now again so let that let that do its thing right i'm gonna i'm gonna log in welcome one again should let me in i just changed the password to welcome one we're using hybrid boot cd you guys just saw that you guys what the hell you could do that yep i'm gonna go here this pc and go to properties change settings change i'm gonna go back into the domain capture.com which is the one i just fell off the domain i'm gonna do help desk i'm gonna do password one two three i'm gonna welcome it i'm gonna welcome it back to the domain controller all right welcome back to captive.com okay close restart now desktop one is there desktop two is there there we go fix it problem solve so that's something you will do every day by the way i just removed it from the domain and re-added again i didn't know the password for the admin account i reset the admin account using hybrid boot cd you guys just saw what i just did right that was crazy right so now it's uh turning back on let that turn back on it's not gonna it doesn't work most of the time it doesn't work most of the time because kisses attack so i'm gonna go back in here i'm gonna do help desk two the welcome one i should be able to log in back to the domain controller because i just added it back to the domain controller so it should work i just did that brandon i reset the admin account using hiring boot cd uh earlier like few minutes ago before you join so it's just logging him back in he's back in um it should still be the same as before you can't do anything yeah it's great out all right cool yeah so that's it that's pretty much it that's pretty much what i just did right now so i added it back to the domain that's something you would do and help desk sometimes you have to like unjoin and rejoin a computer if it falls off the domain other times if you uh yeah i know it confuses people it's a lot of information um other times you could just re you can reset the account right over here on the computer if you want to like try to talk to it you know talk to the computer that's joined you know you can do that uh you can disable the account you have properties right over here you have members members of object password replication this has the same thing as the other one by the way look less logged in when the pc was last logged in just scroll all the way down has all this information right over here so password was a password last set let's tell you all the information about this workstation desktop one tells you information about it tells you all the information about it desktop one yeah so that's it that's pretty much it as i wanted to show you guys i didn't want to show you too much today because there's a lot of information so i'm going to shut that down um i'm going to stop sharing for a second so let me stop let me stop sharing there we go all right does that help you guys out let me know guys that that helps you out for someone that's brand new to it yes you gotta understand password reset account creation account lockout um adding a computer to a domain rejoining it to a domain stuff like that that's basically what it is so i'm using 64 64 gigs of ram to answer your question but basically that's stuff that you will do in it you you just your help that's what you'll be doing resetting account adding someone to a group security groups um understand about trivia editor which is what i just showed you today understand about um password reset account creation uh understand about delegation control which is what i just showed you i just grayed out password reset for someone uh group policy a little bit i just understand what that how that works so it's all got a lot of information i just changed the password using hybrid boot tv don't worry about that but you may do that in your job if the bios isn't blocked in your job then you can just reset the password so that's it that's pretty much it for me for today uh if you guys have any questions let me know uh you can just you can just ping me on discord i'm on discord to just just message me on discord i'm happy to help just i'm happy to help people people in like in in i.t that are new or not new they're on discord so if you want to ask for help come on come on discord we help people so yeah we do it for free it's not like i charge anyone anything just so you guys know i can i don't charge people i don't ask you for money i don't sell anything i'm just trying to help people anyway uh with that being said uh since no one has anything for me i hope you guys have a good day uh as always rate comment subscribe give me a thumbs up really appreciate it not sure who gave me that dislike i hate you and i'm just kidding oh love over here i love over here i mean um yeah we do accept coffee um and that's it that's pretty much it for me for today i hope you guys have a great day i hope you guys have a great saturday and um that's it that's pretty much it i have a video rando i have a video on a hiring booth cd by the way go look at my videos let me let me let me highlight him i have a video on hyrumbu cd by the way so if you didn't watch that video but watch that video it's on my playlist somewhere in my youtube channel go go watch that video so hiring busy hiring booster allows you to change the password okay welcome let me answer your question too real quick it's a good question actually uh what caused the computer to be taken off the domain it hasn't checked in in a really long time um it's not talking to the domain controller um it could be a lot of reasons that net network connectivity uh could be a lot of reasons why that's happening so the only way to fix that is by unjoining rejoining the computer sometimes that fixes it sometimes it may not fix it it depends on the company but for the most part unjoining rejoining fixes that problem okay all right guys you guys have a good day i'm gonna i'm gonna get out over here i'm gonna go take a walk and this is so nice outside you guys have no idea it's beautiful outside today so i'm gonna take advantage of that and i'm gonna go for a nice walk all right if anything you guys can ping me on discord i'm on discord i'm a little busy today but i'm on discord just just email me or whatever ping me message me on discord all right you guys have a good day and you guys have a good saturday and you guys take care and stay safe all right bye-bye peace

Info

Channel: Kevtech IT Support

Views: 13,322

Rating: undefined out of 5

Keywords: kevtech it support, desktop support, helpdesk, technical support, it support specialist, tech support, information technology, it support, service desk, IT, active directory, password reset, account creation, delegate control, group policy, gpo, server 2016, rsat tools, groups, passwords, account expiration, pc offline, pc off domain, domain controller, server 2012, server 2019, gpresults, recycle bin, attribute editor, last login, kevtech, help desk support

Id: Dm5zqejLaoM

Channel Id: undefined

Length: 49min 8sec (2948 seconds)

Published: Sat Mar 13 2021