Archives For Active Directory


SharePoint 2013: Create 2000 Domain Accounts with Profile Photos for a Development Environment

Table of Contents

It can be important to have a development environment that is as close to a production environment as possible. Having realistic development (or staging) environment helps business users visualise what an end product (or solution) will look like when deployed.

The following PowerShell (and accompanying name files) demonstrates creating 2000 unique Active Directory domain accounts, including setting different locations, departments, phone numbers and gender (male or female). Each domain account has a photo uploaded to Active Directory. Finally, SharePoint User Profile synchronization is configured, to import the users and their photos


How to install and configure Active Directory Domain Services in Windows 2008 R2?

Install Active Directory Domain Services (AD DS) on a member server that runs Windows Server 2008 or Windows Server 2008 R2 by using the Active Directory Domain Services Installation Wizard (Dcpromo.exe). The member server should be located in the forest root domain. After you install AD DS successfully, the member server will become a domain controller. You can install AD DS on any member server that meets the domain controller hardware requirements.

For more information: Install Active Directory Domain Services on the Member Server That Runs Windows Server 2008 or Windows Server 2008 R2

1. In server manager | Roles | Add Active Directory Domain Services


installing_active_directory_in_windo

2. Once the installation complete close the wizard and launch the active directory domain services installation wizard (dcpromo.exe)

active_directory_Installation_comple[2]

3. Run dcpromo.exe

run_dcpromo_thumb[2]

4. Welcome to the Active Directory Domain Services Installation Wizard

active_directory_installation_wizard_thumb[3]

5. Operating System Compatibility

active_directory_operating_system_compatibility_thumb[3]

6. Choose a Deployment Configuration

active_directory_create_a_new_domain_thumb[4]

If you get administrator password error click the link below for the solution

Administrator Password required error in dcpromo.exe

7. Name the Forest Root Domain

active_directory_forest_root_domain_thumb[2]

8.  Set the forest functional level

active_directory_forest_functional_level_thumb[2]

9. Set the domain functional level

active_directory_domain_functional_level_thumb[1]

10. Additional Domain controllers Option

active_directory_domain_controller_options_thumb[2]

A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it dose not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to his DNS server in the parent zone to ensure reliable name resolution from outside the doman. Otherwise, no actions is required.

Do you want to continue?  Click yes

active_directory_delegation_for_dns_thumb[1]

11. Location for Database, Log Files, and SYSVOL
       Specify the folders that will contain the active directory domain controller database log files, and SYSVOL

active_directory_database_logFiles_thumb[2]

12. Directory Services Restore Mode Administrators Password
 
The directory services restore mode administrator account is different from the domain administrator account.
Assign a password for the administrator account that will be used when this domain controller is started in directory services restore mode.
we recommend that you choose a strong password.

active_directory_directory_services_restore_mode_thumb[3]

13. Active Directory Installation Summary

active_directory_summary_thumb[2]

14. The wizard is configuring active directory domain services. This process can take from a few minutes to several hours, depending on your environment and the
options that you selected.

completing_active_directory_domain_services_installation_thumb[5]

15. Completing the active directory domain services installation wizard
Active directory domain services is now installed on this computer for the domain.  Click on Finish and restart the server.


The local administrator account becomes the domain administrator account when you create a new domain. The new domain cannot be created because
the local administrators account password does not meet requirements.

Currently, a password is not required for the local administrator account. We recommend that you use the net user comand-line
tool with the /passwordreq:yes option to require a password for this account before you create the new domain; otherwise, a password will not be required for the domain administrator account.

Unable to complete DCPROMO

To resolve the problem:

The password for your local account needs to meet the minimum password complexity:
The password is at least six characters long.
The password contains characters from three of the following four categories:

English uppercase characters (from A through Z)
English lowercase characters (from a through z)
Base 10 digits (from 0 through 9)
Non-alphanumeric characters (for example: !, $, #, or %)

If your still having a problem, this is what you have to do to bypass dcpromo.exe Administrator Password required error 

Open your command prompt and enter the following command
net user Administrator <YourPassword> /passwordreq:yes command

dcpromo.exe Administrator Password required error


Updating Active Directory ‘Manager’ field using code snippet

Here is the code snippet to set the user manager field in AD.

let say we want to create a new user with loginname test1 and set the manager field of user "test2" to "test1"

//Creating the user test1

DirectoryEntry myLdapConnection= new DirectoryEntry(LDAPPath, LDAPUser, LDAPPassword, AuthenticationTypes.Secure);
DirectoryEntry test1 = myLdapConnection.Children.Add("CN=" + "test1", "user");

//now get the user with loginname test2
DirectorySearcher directorySearch = new DirectorySearcher(myLdapConnection);
directorySearch.Filter = "(&(objectClass=user)(SAMAccountName=test2*))";
SearchResult   results = directorySearch.FindOne();
if (results != null)
{
DirectoryEntry test2= new DirectoryEntry(results.Path, LDAPUser, LDAPPassword);
}
string distinguishedName=test2.Properties["distinguishedName"][0].ToString();

//to set the manager field for a user in AD we need to assign it the distinguishedName of the user.
test1.Properties["manager"] =distinguishedName;
test1.CommitChanges();

 

By Arfan Baig
How to update Active Directory Manager Filed


How to add Employee Number to Active Directory Users properties? 

Please see my previous post about how you can add Employee ID filed for user profile.

In this blog, I am going to show you how you can add employee ID field in Active Directory user Properties.

1. Login to your domain controller and open ADSI Edit

adding-employee-id-in-active-directory-step-1

2.  Right click on ADSI Edit and Connect To

adding-employee-id-in-active-directory-step-2

3. Once you in the connection settings, select configuration from the drop down list where it says “Select a well known naming context”

adding-employee-id-in-active-directory-step-3

4. Open CN=DisplaySpecifiers

adding-employee-id-in-active-directory-step-4

5. Open CN=409, CN=DisplaySpecifiers, CN=Configuration

adding-employee-id-in-active-directory-step-5

6. Look for CN=Default Display and double click on default-display

image

7. In Default Display Properties, open extraColumns

Default Display Properties,  extraColumns

8. Add employeeNumber,Employee Number,0,100,0 in the value filed and Click ADD. 
Click OK and OK exit from Default Display


image

9. Now open Active Directory Users and Computers and open Saved Queries

ADUC Saved Queries

10. Expand "Saved Queries"

11. Right Click "Saved Queries" select "New > Query"

image

12. In the "Name:" field type "All Users" and select "Define Query…"

image

13. On the "Users" tab next to the "Name:" field click on the drop down and select "Has a value"
14. Now Click "OK" and "OK" again
15. Expand "Saved Queries" and select "All Users"
16. Now you will have a list of all your users in the right pane.

 

SNAGHTML1b099e6

17. With the query selected click View > Add/Remove Columns

ADUC Add Remove Columns

18. Select Employee Number and Add to Displayed Columns

Select Employee Number and Add to Displayed Columns

19.  Now Click on View and Select Advanced Features

image

20. Double click on a user profile and now you will see Attribute Editor

Enable Active Directory Attribute Editor

 

Scroll down and look for Employee Number or press E in your keyboard to locate all the attributes which starts with E.
If you want to edit employee number, just double click or click on the edit button

Employee Number Attribute in Active Directory

21. Now you can edit Employee Number in Active Directory by going to User Profile properties.

Enable Employee Number in Active Directory

To enable Employee Number in Active Directory and perform all these steps, you should have enterprise admin/Schema Admins rights.


Adding employee ID filed to Active Directory users in Windows 2008 Server.  In this blog you can view step by step instruction about how you can go head
and add Employee ID filed in Active directory using VBScript. 

1. Login to your domain controller and open ADSI Edit

adding-employee-id-in-active-directory-step-1

2.  Right click on ADSI Edit and Connect To

adding-employee-id-in-active-directory-step-2

3. Once you in the connection settings, select configuration from the drop down list where it says Select a well known naming context

adding-employee-id-in-active-directory-step-3

4. Open CN=DisplaySpecifiers

adding-employee-id-in-active-directory-step-4

5. Open CN=409, CN=DisplaySpecifiers, CN=Configuration

adding-employee-id-in-active-directory-step-5

 

6. Look for CN=User-Display and double click on this

adding-employee-id-in-active-directory-step-6

7.  Click on AdminContextMenu and Edit.

adding-employee-id-in-active-directory-step-7

If you don’t see the edit button, your account is not having enough rights.
Make sure your member of Enterprise Admins

Add MY Employee ID in Active directory

8. Add to the attribute the value "2, Employee &ID, c:\scripts\employeeid.vbs" (without quotes).
Do not remove the existing values, and if number 2 is already in use, select a free number.

I am using a VBScript and I saved the script in following location c:\scripts\employeeid.vbs
Copy script from: Adding Employee ID in Active Directory Script  and past it in NotePad and save as EmployeeID.Vbs

adding-employee-id-in-active-directory-step-8-1

adding-employee-id-in-active-directory-step-8

Click OK and OK for the next Windows.

9. Open your Active Directory Users and Computers and right click on any account. You will see Employee ID

adding-employee-id-in-active-directory-step-9

Using VBScript and ADSI Edit, You can enable Employee ID Filed in Active Directory.  In my next blog, I will show you how you can Attribute Editor tab to enable Employee ID Filed in Active Directory.