Chapter 2. Creating user accounts
Users are the main reason for your job, and according to some administrators, the greatest bane of their existence. You’ll spend a lot of time administering user accounts during your career as an AD administrator.
User and computer accounts
Everyone logging on to a network requires a user account. These are the objects you’ll work with the most because user accounts can be quite volatile with leavers, joiners, changes, and password resets. The volatility level relative to other AD objects is illustrated in figure 2.1.
Note
Computer accounts are a specialized form of user account, even though they’re treated separately in this book. In most organizations they’re put into separate organizational units (OUs) to make the Group Policy Object (GPO) application simpler. GPO is a way to centrally configure and manage the settings and security of computers and machine configuration made available to the user population. You’ll learn about the details of GPOs in chapters 8 and 9.
As well as general user accounts, you may have accounts for
- Group or other specialized mailboxes
- Service accounts
Chapter 3 covers the anatomy of user account objects and the techniques you can use to modify them.