Scenario
A. Datum Corporation is a global engineering and manufacturing company with a head office based in London, England. An IT office and a data center are located in London to support the London location and other locations. A. Datum has recently deployed a Windows Server 2012 infrastructure with Windows 8 clients.
You have been working for A. Datum for several years as a desktop support specialist. In this role, you visited desktop computers to troubleshoot application and network problems. You have recently accepted a promotion to the server support team. One of your first assignments is configuring the infrastructure service for a new branch office.
As part of configuring a new branch office, you need to create user and group accounts. Creating multiple users with graphical tools is inefficient, so, you will be using Windows PowerShell.
Objectives
After completing this lab, you will be able to:
• Create user accounts and groups by using Windows PowerShell.
• Use Windows PowerShell to create user accounts in bulk.
• Use Windows PowerShell to modify user accounts in bulk.
Lab Setup
Estimated Time: 45 minutes
Virtual machines 20410B-LON-DC1 20410B-LON-CL1
User name Adatum\Administrator
Password Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V® Manager, click 20410B-LON-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Sign in using the following credentials:
• User name: Adatum\Administrator
• Password: Pa$$w0rd
5. Repeat steps 2-3 for 20410B-LON-CL1. Do not sign in to LON-CL1 until directed to do so.
Exercise 1: Creating User Accounts and Groups by Using Windows PowerShell
Scenario
A. Datum Corporation has a number of scripts that have been used in the past to create user accounts by using command-line tools. It has been mandated that all future scripting will be done by using Windows PowerShell. As the first step in creating scripts, you need to identify the syntax required to manage AD DS objects in Windows PowerShell.
The main tasks for this exercise are as follows:
1. Create a user account by using Windows PowerShell.
2. Create a group by using Windows PowerShell.
Task 1: Create a user account by using Windows PowerShell
1. On LON-DC1, open a Windows PowerShell prompt.
2. At the Windows PowerShell prompt, create a new OU named LondonBranch by typing the following command:
New-ADOrganizationalUnit LondonBranch
3. Create a new user account for Ty Carlson in the LondonBranch OU using the following command:
New-ADUser -Name Ty -DisplayName "Ty Carlson" -GivenName Ty -Surname Carlson -Path
"ou=LondonBranch,dc=adatum,dc=com"
4. Change the blank password for the new account to Pa$$w0rd, using the following command:
Set-ADAccountPassword Ty
5. Enable the new user account using the following command:
Enable-ADAccount Ty
6. On LON-CL1, sign in as Ty using a password of Pa$$w0rd.
7. Verify that sign in is successful, and then sign out of LON-CL1.
Task 2: Create a group by using Windows PowerShell
1. On LON-DC1, at the Windows PowerShell prompt, create a new global security group for users in the London branch office, using the following command:
New-ADGroup LondonBranchUsers -Path "ou=LondonBranch,dc=adatum,dc=com" -GroupScope Global -GroupCategory Security
2. At the Windows PowerShell prompt, add Ty as a member of LondonBranchUsers, using the following command:
Add-ADGroupMember LondonBranchUsers -Members Ty
3. At the Windows PowerShell prompt, confirm that Ty has been added as a member of LondonBranchUsers, using the following command:
Get-ADGroupMember LondonBranchUsers
Results: After completing this exercise, you should have created user accounts and groups by using Windows PowerShell.
Exercise 2: Using Windows PowerShell to Create User Accounts in Bulk
Scenario
You have been given a .csv file that contains a large list of new users for the branch office. It would be inefficient to create these users individually with graphical tools. Instead, you will use a Windows PowerShell script to create the users. A colleague that is experienced with scripting has provided you with a script that she created. You need to modify the script to match the format of your .csv file.
The main tasks for this exercise are as follows:
1. Prepare the .csv file.
2. Prepare the script.
3. Run the script.
Task 1: Prepare the .csv file
1. On LON-DC1, read the contents in E:\Labfiles\Mod04\LabUsers.ps1 to identify the header requirements for the .csv file.
2. Edit the contents in C:\Labfiles\Mod04\LabUsers.csv, and add the appropriate header.
Task 2: Prepare the script
1. On LON-DC1, use Windows PowerShell Internet Scripting Environment (ISE) to modify the variables in LabUsers.ps1:
o $csvfile: E:\Labfiles\Mod04\labUsers.csv o $OU: "ou=LondonBranch,dc=adatum,dc=com"
2. Save the modified LabUsers.ps1.
3. Review the contents of the script.
Task 3: Run the script
1. On LON-DC1, open a Windows PowerShell prompt, and run E:\Labfiles\Mod04\LabUsers.ps1.
2. At the Windows PowerShell prompt use the following command to verify that the users were created:
Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com"
3. On LON-CL1, sign in as Luka using a password of Pa$$w0rd.
Results: After completing this exercise, you should have used Windows PowerShell to create user accounts in bulk.
Exercise 3: Using Windows PowerShell to Modify User Accounts in Bulk
Scenario
You have received a request to update all user accounts in the new branch office OU with the correct address of the new building.
You have also been asked to ensure that all of the new user accounts in the branch office are configured to force users to change their passwords at their next logon.
The main tasks for this exercise are as follows:
1. Force all user accounts in LondonBranch to change their passwords at next logon.
2. Configure the address for user accounts in LondonBranch.
Task 1: Force all user accounts in LondonBranch to change their passwords at next logon
1. On LON-DC1, open a Windows PowerShell prompt.
2. At the Windows PowerShell prompt, create a query for user accounts in the LondonBranch OU using the following command:
Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com" | Format-Wide DistinguishedName
3. At the Windows PowerShell prompt, modify the previous command to force all user accounts to change their password at the next logon using the following command:
GetADUser Filter * SearchBase "ou=LondonBranch,dc=adatum,dc=com" | SetADUser -ChangePasswordAtLogon $true
Task 2: Configure the address for user accounts in LondonBranch
1. On LON-DC1, open Active Directory Administrative Center.
2. Open the properties for all user accounts in LondonBranch.
3. Set the address for multiple users as follows:
o Street: Branch Office o City: London
o Country/Region: United Kingdom
Results: After completing this exercise, you should have modified user accounts in bulk.
To prepare for the next module
When you finish the lab, revert all virtual machines back to their initial state by performing the following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20410B-LON-CL1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 to 3 for 20410B-LON-DC1.
Module Review and Takeaways
Review Questions
Question: A colleague is creating a Windows PowerShell script that creates user accounts from data in a .csv file.
However, his script is experiencing errors when attempting to set a default password. Why might this be happening?
Question: You are an administrator for a school district that creates 20,000 new user accounts for students each year. The administration system for students can generate a list of the new students and then export it as a .csv file. After the data has been exported to a .csv file, what information do you need to work with the data in a script?
Question: The Research department in your organization has been renamed “Research and Development.” You need to update the Department property of users in the Research department to reflect this change.
You have created a query for user accounts with the department property set to Research, by using the Get-ADUser cmdlet and the -Filter parameter. What is the next step to update the department property to Research and Development?