How to create AD users and groups in our new Windows Server 2016 machine.
Here we briefly review my best practice for setting up AD (Active Directory) Users and Groups for Server 2016.
There isn’t really a right or wrong way to setting up users and groups within Active Directory, but over the years I found some methods that work pretty well. Every environment will be different, but the best thing you can do is plan plan plan. Plan as much as you can, keeping the future and expansion in mind.
As you build your Active Directory structure up, you will find some things that need to be added, removed, and tweaked. That’s OK, it’s part of the process.
Create AD Users and Groups on Server 2016
Creating AD Users and Groups – Domain Admin Account
Let’s start off by creating our own Domain Admin account. I always have two accounts setup:
- Standard user account: cdavis
- Domain Admin account: cdavis.admin
I do this so I never have to log in as my Domain Admin account. Instead, I just elevate whatever process I want/need to do.
One important note: Use the Copy feature as much as possible when setting up new users.
- Navigate to the default Users container (the one the system setup automatically).
- Right click on the Administrator account, then select Copy.
- Fill in the information (note: I add ” – Admin” to the Full name and add “.admin” to the logon name)
- Type in a password and leave the Password never expires enabled
- Drag-n-drop the newly created account to the proper OU.
Creating AD Users and Groups – Standard User Accounts
Go through and setup all of the remaining user accounts for the environment and place them in the proper OUs. Remember, use the Copy feature as much as possible after setting up one user.
- Navigate to Group Policy OU | IT | Helpdesk | Users
- Right-click Users and select New | User
- Fill in the information
- Type a password twice.
- Leave the User must change password at next logon enabled
- Finish creating the users and placing them into the proper OUs.
Creating AD Users and Groups – Groups
Finally, let’s create some groups and assign the associated people to them.
- Here is an overview of what the end result will be for our groups:
- Navigate to Group Policy OU | Groups – Security
- Right-click Groups – Security
- Select New | Group
- Fill in the information. For this one, I am calling this group IT Techs
- Now that the group is created, let’s add a member to it.
- Right-click the IS Techs group and select Properties.
- In the Members tab, select Add.
- Type the username and select Check Names.
- When the system finds the account, you will see the full account details. Select OK.
- Select OK when finished adding users to the group.
- When finished, let’s nest a couple of groups within another group.
- This example, we have two Managers groups: Sales and Service Managers. We want to add those groups to a Management group.
- Right-click the Management group and select Properties.
- In the Members tab, click Add, type the names of the groups, and add them to the group.
- It should look like this:
That’s it for this one! We have a foundation for our environment! Stay tuned for our next tutorial in the series!
Server Basics 2016 Series Navigati0n
- Tutorial #1: Downloading Windows Server 2016
- Tutorial #2: Installing Windows Server 2016
- Tutorial #3: Setup Active Directory on Windows Server 2016
- Tutorial #4: OU Structure on Server 2016
- Tutorial #5: Create AD Users and Groups (this article)
- Tutorial #6: Setup DHCP Role on Server 2016
- Tutorial #7: Join Windows 10 to Domain – Server 2016
- Tutorial #8: (coming soon)