Creating a Single User


 

A user account is essential for any user to be able to log in to Active Directory and to access the resources in the domain. Using ADManager Plus, you can create a new user account in Active Directory with all the relevant attributes, in a single step. Besides creating a user account in Active Directory, ADManager Plus also allows you to simultaneously provision accounts for the user in Office 365, Exchange, G Suite, LCS/ OCS, and Skype for Business/ Lync. You can also configure remote mailboxes for the user accounts being created.

 

 

 

Procedure:

You have to enter the values for various user attributes based on your requirement and finally click the Create User button. User attributes are grouped under different categories and present as "Tabs" like User Profile, Account Details, Contact details, Exchange Attributes . Choose the required "tab" and enter the appropriate values for the user. Use the copy user attributes option if you wish to configure the attributes of the new user account with the settings of an existing user account.

 

 

 

Steps:

  1. Click AD Mgmt tab

  2. Click 'Create Single User' link under 'Create Users'. This opens the Create Single User screen.

  3. If you wish to populate the attributes with the values from an existing user account, click the Copy User Attributes button. You can also key in the values for all the necessary attributes using the following steps.

  4. Specify the values for User Profile attributes.

  5. Select a valid container. To select the desired container, click on edit icon placed beside the 'select container' field.

  6. You can also create a new container by selecting the tab 'Create New OU' which you find after attempting to 'change' the container. Select the location to create the and name it.

  7. Click on the Account Details tab and specify the account properties.

  8. - There are different options available for password settings. You can choose any one from 'Randomly generate password', 'Type a password' etc. You can even customize the password settings to your organizational objectives, by clicking on the 'Configure password complexity' link.
    - Member of:All groups cannot be set as primary group to users for security reasons. So before applying primary group for users check the authorization. Only Security Global and Security Universal Groups can be set as Primary Groups. You can also import a CSV file to specify values for this field.
    - Set the appropriate account expiry date, using the Account Expires option.
    - Use the 'logon restriction' option to specify the computers from which users can logon.
    - Specify the hours during which the users can have access to the domain using the 'logon hours' option. Click here to know how to configure the logon hours.

  9. Click on Contact tab to specify the contact information about the user.

  10. Select the Exchange tab to create a external mail enabled user or mailbox enabled user or with no mail.

  11. - Choose mail server and mailbox store while creating mailbox enabled user.

    - Choose Admin groups and give Target SMTP address (Example:"SMTP:user@mail1.com)  while creating external mail enabled users.

  12. Click the Remote Mailbox tab to create a remote mailbox for the user.

    - Select the 'enable remote mailbox' option.

    - Specify the remote routing address in the field provided.

  13. Select the Terminal tab and specify the terminal services attributes.

  14. Click OCS/Lync/Skype tab and specify the appropriate values for the required OCS/Lync/Skype for Business attributes.

  15. Click the Custom Attributes tab and enter the appropriate values for the custom attributes. To execute a custom script on successful creation of the user account, the custom script option and enter the script in the script command window .

    Note: Before attempting to add values to custom attributes via CSV import, you have to configure the custom attributes in the admin tab of ADManager Plus.

  16. To create an account in Office 365 for this user,

    - Select the Office 365 option located just above the tabs.

    - Click the Office 365 tab.

    - Select a method for creating the user account.

    - Using the options in Assign Licenses, select the desired license and the services that you wish to assign to this user.

    - In group membership field, select the groups to which you wish to add this user.

    - If the user has been assigned an Exchange Online mailbox, you can also enter the desired email alias* and also enable the litigation hold* and in-place archive* for the user's mailbox.

    Important: - Office 365 tab will be available only if the Office 365 settings are configured in ADManager Plus.

    - Also, ensure that Windows Azure module is installed on same the machine where ADManager Plus is installed.

    - The country attribute is mandatory to apply O365 license.

    Note: If there is a match between the UPN suffix and any of the O365 domains, that domain will be used for account creation. Else, the default domain in O365 will be used.


  17. To create a G Suite account for this user,

    - Select the G Suite option located just above the tabs.

    - Click the G Suite tab.

    - Click the edit icon located next to the field G Suite group, and select the relevant groups.
    - Click the edit icon located next to G Suite organizational unit, and select the desired container from the list.

    Note: 'G Suite' option will be available only if the G Suite settings are configured in Admin tab.

  18.  After specifying the required details, click on Create to add this new user account to your Active Directory.

 

 

* These tasks that might not be executed immediately, but with a delay, as it might take some time to create the user's mailbox. These tasks will be executed as soon as the mailbox is created. Until then, these operations will be listed under Delayed Management Tasks. Click here to know how to view, and manage all such Delayed Management Tasks.

 

 

User creation using 'templates':

    1. A user can be created by selecting the predefined templates available in the option "selected Template"

    2. By selecting a template, all the properties of the template will be applied to the users being created.

    3. By clicking in 'change' you can change the template from mail enabled users to mailbox enabled users etc.

    4. A set of users with common properties can be created by using the specific template. Link to template creation

Ex: If your intention is to create user accounts with mailbox for permanent employees, you can select the template 'MailBox Enabled Users' and start creating accounts. All the users created eventually will bear the same properties.

 

Note: If the selected template has creation rules configured, the fields included in the rules will be automatically updated with the specified values. Also, these rules will not be visible to the technicians during the user creation process.

 

For details on the user attributes, refer to the Microsoft Documentation here and here.

 

   

Note:

 

  1. To create Mailbox Enabled Users in Exchange 2007, you would require the Exchange Management Console, failing which the legacy Mailbox will be created.

  2. The mandatory parameters for creating a user are the Logon Name, SAMaccount Name and the FullName. When the attribute is left blank, the user account will be created with the default values.

  3. Changing domain in middle of things will reset all domain specific attributes.

  4. OWA  - 2 DC Replication. If Mailbox is created in one Domain controller, Out look Web Access contacts other Domain Controller to confirm the mapping,  but do not authenticate.

    The Real Scenario for this is:

    1. A Domain may have more than one domain controllers.
    2. Users will be created  in the first available domain controller in ADManager Plus.
    3. The OWA authenticates a DC for login; if the DC is not the one in which user is created, it will not be recognised until it is replicated.

 

 

 

Steps to configure Logon Hours

To specify the allowed or restricted logon hours for a user,

  • Click on the grid located beside the 'Logon Hours' option.
  • Click on 'Select hours'.
  • Enter the logon time frame in the 'from' and 'to' field.
  • Check specific days or all days of the week to apply the chosen logon timings.
  • Click 'Allow' to grant users permission to logon to the network in the chosen time frame.
  • Click 'Deny' to restrict users from logging on to the network in the chosen time frame.

  • Note: Alternatively you can also set logon hours by,

    1. Selecting each hour manually from the grid.
    2. Clicking the 'Allowed' option to provide round the clock logon privilege from Sunday through Saturday. To block out a user on all the days of the week simply click 'Deny'