VIDEO
HIGHLIGHT
Log InSign up
🚀WINDOWS SERVER 2025🛠️ USUARIOS, GRUPOS y UNIDADES ORGANIZATIVAS en ACTIVE DIRECTORY
SummaryTranscriptChat

🚀WINDOWS SERVER 2025🛠️ USUARIOS, GRUPOS y UNIDADES ORGANIZATIVAS en ACTIVE DIRECTORY

How to Manage Users and Teams in Active Directory on Windows Server 2025

Introduction to Active Directory Management

  • The video introduces the topic of managing users and teams within Active Directory on Windows Server 2025.
  • Viewers are directed to a blog for additional content related to the practice session, emphasizing the importance of understanding user and group management.

Setting Up the Environment

  • Prior setup includes creating a domain and joining a Windows 11 machine to this domain, which is essential for effective management.
  • The focus will be on organizing Active Directory through various organizational units (OUs), which serve as containers for objects like users and groups.

Understanding Organizational Units (OUs)

  • OUs help organize objects within the created domain, allowing for better management of resources such as user accounts.
  • Groups will also be created to simplify permission administration, especially when dealing with multiple users across different departments.

User Permissions and Security Measures

  • The video discusses how groups facilitate easier permission assignments compared to managing individual user permissions.
  • A key security measure involves disabling the default administrator account in favor of creating a new administrative user, "Cloud Worker," due to vulnerability concerns.

Creating Organizational Structure

  • The presenter outlines plans for establishing an organizational structure that includes main departments like IT and Sales, each with its own groups.
  • Emphasis is placed on differentiating between OUs (which act like folders for organization) and groups (which manage access permissions).

Logging into Windows Server 2025

  • The practical demonstration begins with logging into Windows Server 2025, where previous configurations are referenced.

Accessing Active Directory Tools

Navigating to User Management

  • The process begins by accessing tools within the Active Directory, specifically focusing on user management under the domain cl.lan.
  • The administrator user is identified and will be disabled; a right-click action is performed to copy this user for future reference.

Understanding User Group Membership

  • By examining group memberships, it’s noted that the administrator belongs to several critical groups, including the Domain Admins and Replication groups.
  • The strategy involves copying the existing administrator account instead of creating a new one, ensuring all necessary permissions are retained.

Creating a New User Account

  • A new user named "Cloud Worker" is created by copying the administrator's settings, allowing for seamless transition into administrative tasks.
  • The new account is configured with a password that never expires, facilitating ongoing access without frequent updates.

Logging in with New Credentials

First-Time Login Process

  • After creating the Cloud Worker account, there’s an emphasis on logging in for the first time using specific key combinations to switch users.
  • Successful login confirms that configurations are being applied correctly as per user policies during initial access.

Post-login Actions

  • Once logged in as Cloud Worker, services and server management tools begin initializing; this step is crucial for subsequent administrative actions.

Disabling Administrator Account

Steps Taken After Login

  • With successful login established, attention shifts back to disabling the original administrator account to enhance security protocols.

Creating Organizational Units

Establishing Departmental Structure

  • Following account adjustments, focus turns towards creating organizational units (OUs), starting with a department labeled "Departments."
  • Default protections against accidental deletion are highlighted when setting up OUs; this ensures structural integrity within Active Directory.

Advanced Features and Deletion Protocol

  • If deletion of an OU becomes necessary due to errors, advanced features can be accessed to modify protection settings temporarily.
  • Adjustments allow for potential deletions while maintaining control over organizational structure within Active Directory.

Creating Organizational Units and Users in a System

Setting Up Departments

  • The process begins with creating an organizational unit named "Informatics" within the system. If it doesn't appear, refreshing is necessary.
  • A second department called "Commercial" is established, confirming its creation as part of the setup.

User Creation Process

  • Two users, Bob and Alice, are created under the Informatics department. Bob's username is set up first with a generic password that he will change upon his first login for security reasons.
  • The importance of requiring users to change their passwords at the next login is emphasized as a security measure to protect user credentials.
  • Following Bob's setup, Alice's account is created similarly, ensuring she also has a temporary password that must be changed.

Additional User Accounts

  • Moving on to the Administration department, another user named Laura is created with similar steps as before.
  • Alan’s account is then established using the same procedure, completing the initial user setup across departments.

Organizing Users into Groups

  • The next step involves creating groups for each department to streamline resource sharing and permissions management.
  • By assigning permissions to groups rather than individual users (e.g., granting access to shared resources), efficiency increases significantly when managing larger teams.

Group Creation and Membership Management

  • A new group named "Informatics" (or abbreviated as "G inf") is created for better organization within the system.
  • Users Bob and Alice are added to this group by navigating through their profiles or directly from the group settings.

Establishing Permissions Across Departments

  • A similar process occurs in the Commercial department where a group called "Gcom" is formed, including members Alan and Laura.

User Management in Active Directory

User Creation and Group Membership

  • Alice is created as a user belonging to the "Informática" group while also inheriting permissions from the "Administradores" and "Administradores del dominio" groups.
  • Users Laura and Alan are established as standard domain users without administrative privileges.

User Login Process

  • Upon first login, users experience a setup process that prepares their environment, which may take several minutes.
  • If a user like Bob forgets his password, an administrator can reset it easily through the Active Directory interface.

Account Lockout Policies

  • Accounts can become locked after multiple failed login attempts; administrators can unlock accounts directly within the system.
  • If Alice no longer works for the organization, her account can be deleted promptly.

Recreating Users with Specific Policies

  • When recreating Alice's account, options such as disabling password change requirements and ensuring passwords never expire are discussed to maintain security policies.
  • The importance of regular password changes is highlighted to prevent forgetting credentials over time.

User Access Testing

  • After recreating Alice’s account, testing access with different users (e.g., Cloud Worker and Bob) confirms proper configuration of user permissions.

Moving Users Between Departments

  • The process of moving a user like Alice from one department (Informática) to another (Comercial), while maintaining group memberships, is explained.
  • It’s emphasized that organizational units do not dictate group membership; users can belong to multiple groups simultaneously.

Final Configuration Checks

  • Successful access by both Bob and Cloud Worker demonstrates effective user management practices within Active Directory.
Video description

En esta práctica aprenderás a implementar usuarios y grupos en Active Directory (AD) en Windows Server 2025, añadiendo unidades organizativas (OU) para gestionar de forma eficiente los recursos de la red. Comenzaremos instalando y configurando el rol de "Servicios de dominio de Active Directory" en el servidor. Luego, crearemos diversas unidades organizativas (OU) para organizar a los usuarios y grupos según departamentos o roles dentro de la empresa. A continuación, añadiremos usuarios y grupos, asignándolos a las OU correspondientes, configurando políticas de seguridad y permisos adecuados para cada grupo. Verificaremos que los usuarios puedan iniciar sesión y acceder a los recursos de la red según las configuraciones aplicadas, garantizando una administración centralizada y segura mediante AD. 💪APOYO CLOCKWORKER: https://www.youtube.com/channel/UC0ATzns9p48SyUFv7rUDd4A/join 🎁DONATIVO PAYPAL: https://www.paypal.com/donate/?hosted_button_id=BH2JXERZU3D2S 💡PATREON: https://www.patreon.com/ClockworkComputer 📝BLOG: https://clockworkcomputerip.blogspot.com/2024/09/ws2025-active-directory.html 🌐WEB: https://www.clockworkcomputer.com 🎬 MIS LISTAS DE REPRODUCCIÓN 🎥 https://youtube.com/playlist?list=PLHjuPxrwcdsaqp6iOimT01tpmgAqsRmx9&si=4asu67M-vrg7FuY3 https://www.youtube.com/playlist?list=PLHjuPxrwcdsYKE8tKx70KOxx2TrFzb8EL https://youtube.com/playlist?list=PLHjuPxrwcdsZuMRWmZa-BAbT-QZCOmir2&si=TPGzuiwv-bsOyRLg https://youtube.com/playlist?list=PLHjuPxrwcdsZt48pnhpd-47QmPyTMErXL&si=civxwoQiqKIaY5Z8 https://youtube.com/playlist?list=PLHjuPxrwcdsb8tf7MQIO7gYNNcJziMDrb&si=uaQ5nH4XDEIfLHmm https://www.youtube.com/playlist?list=PLHjuPxrwcdsa12OE55Z4YI6joqUn4UPdZ https://youtube.com/playlist?list=PLHjuPxrwcdsZmCSyOO3WQENZ6iIuvDzPU&si=w7iXia_ZBX3J_4FT https://youtube.com/playlist?list=PLHjuPxrwcdsaF6cZmSLvJD-wjGr6O-8XC&si=gNZ2a_P-1CSKIQvc https://youtube.com/playlist?list=PLHjuPxrwcdsaX2Lw7y8Xp90XNjy0HTVj4&si=GvPvsVBvO61xYKev