Sunday, 1 December 2013

Activating an active directory user account using CMD (Command Prompt) SERVER 2012 R2

In my previous post we looked at disabling an active directory user account via CMD: http://todaysittips.blogspot.ca/2013/12/deactivating-active-directory-user.html.

Now we will be looking at reactivating the account we disabled.

Start by opening CMD and typing net user bchan /active:yes this will activate the account.


Once you have received "the command completed successfully" you can go to the AD UC wizard and refresh the users section to see that now the arrow pointing down has disappeared. Your account has been reactivated.

Enjoy.

Deactivating an active directory user account using CMD (Command Prompt) SERVER 2012 R2


Start by accessing CMD (Command Prompt) and have AD UC open just to see it working quicker that logging in and out.


Here we can see CMD open and our AD UC open, we can see our user Brian Chan is active.

Start by navigating to CMD and type: net user bchan /active:no

This will deactivate the account called bchan.


Refresh your AD UC console and you will notice that Brian Chan now has an arrow pointing down, this means his account is now deactivated.

Enjoy!

Disjoin a domain SERVER 2012 R2

In my previous post we looked at joining a domain using your server 2012, today we will be looking at dis-joining a domain.

 This is useful for core server installations. Start with opening CMD.


Once CMD has opened type in netdom remove /d:startrun.inet server4 /ud:startrun.inet\administrator /pd:Password123 you will then receive "the command completed successfully" you may now reboot using: shutdown /r /t 0

Once your machine has rebooted you may verify by right clicking on my computer and selecting properties.


Or via CMD by opening the command prompt and typing in: netdom verify /d:startrun.inet server3


This will show you that your computer is not connected to any domain.

Enjoy!

Joining a domain using command prompt (CMD) SERVER 2012 R2

Today we will be looking at joining your network domain using CMD and Powershell.

Firstly you will want to assign a static IP address to your server. You can find detailed instructions here:  http://todaysittips.blogspot.ca/2013/11/assigning-static-ip-through-powershell.html

After you have assigned a STATIC IP and DNS server open CMD and type in the following: netdom join server4 /domain:startrun.inet /userd:administrator /passwordd:Password123 using this command you will be able to join your network domain.

Now dissecting the command: you are telling your computer: netdom join server4 this is saying join the named computer to my domain. /domain: is telling your computer to join the named domain. /userd: is defining the domain user you would like to join with. and /passwordd: is the password that you have set for domain access.

 
After you have received "the command completed successfully" message type in shutdown /r /t 0 in order to restart you machine.

Once the machine has restarted you may check that you are part of the domain by right clicking on my computer and going to properties.


Or via CMD by typing in the following command: netdom verify /d:startrun.inet server3


This command verifies your connectivity to the server and which server you are connected to.

Enjoy!

Saturday, 30 November 2013

Creating IFM media for SERVER 2012 R2

Today we will be looking at creating an install media for Server 2012 R2 this will be used when downloading and installing ADDS, this media will help speed up the process as it has all the information from the previous ADDS server.

Here is how it is done:

Firstly go to my computer and on the C drive create a folder, in my case i called the folder ifmbackup.


After we have created our backup folder on the C drive, open CMD or command prompt. Once you have opened CMD type ntdsutil. This will open the ntds shell.


Once this is complete and you you are directed to the ntdsutil: you will want to type in activate instance ntds.


Now once the ntds has been activated and is ready, type ifm, this will direct you to the ifm shell.

once the ifm shell has opened we can begin to type in the command to back up our settings.


You will want to type: create full c:\ifmbackup , this will direct out backup to the folder we have created on the C drive. hit enter and the magic will happen!


Once you have hit enter the backup process will start, once it has completed a message will be displayed on the screen: IFM media created successfully in c:\ifmbackup.

Your media is now ready, keep this media backed up to a thumb drive or a NAS for future use.

Enjoy!



Wednesday, 27 November 2013

Creating an organizational unit in active directory users and computers SERVER 2012 R2

We have previously created a USER a GROUP and successfully added out USER the our GROUP, we will now be looking at creating a new organizational unit. An OU is used for exactly what you may think, keeping things organized withing you active directory.

Lets begin.

Navigate to you SERVER MANAGER


Select AD DS and click on you server selecting active directory users and computers.

You will now be presented with the AD UC wizard.


Here you will want to right click on your domain and click NEW followed by ORGANIZATIONAL UNIT.


The window that has appeared will required your OU name, type in the appropriate name and select PROTECT CONTAINER FROM ACCIDENTAL DELETION, i recommend doing this to avoid hours of lost work depending on the size of your organization. 

When done click OK


Our OU has now been created!

Enjoy!

Creating a new organizational group SERVER 2012 R2

In the previous post we looked at creating a new user, we will now be adding our new user to a group. Groups help you delegate rights to certain users and restrict others.

For example a user that is part of the managers group will have more rights than a user that is part of the finance group.

Lets look at creating a group and adding our user to it.

Start by navigating to the AD UC option in the drop down.


Once the window has opened we can now create a new group.


Just like before select you domain and select USERS from the drop down.

Here you can right click on the open space and select NEW then GROUP.


You will then be prompted to select your options and name your group.

The DOMAIN LOCAL group is a security group that can contain accounts from any domain in the forest. You can give domain local security groups rights and permissions to resources that are only in the same domain where the domain local group is located.

The GLOBAL group can be used in its own domain, in member servers and in workstations of the domain. You can give a global group rights and permissions but a global group can only contain user accounts that are from its own domain.

The UNIVERSAL GROUP contains users, groups, and computers from any domain in its forest as members. Also you can give the universal group rights and permissions on resources in any domain in the forest.

now choose a group scope and select the group type.

SECURITY GROUPS provide an efficient way to assign access to resources on your network.

DISTRIBUTION GROUPS can be used only with e-mail applications such as MS Exchange to send e-mail to groups of users. Distribution groups do not have security-enabled. VERY IMPORTANT: If you need a group to have access to shared resources, create a security group.

Now after you have made your selections and named your group you may click ok to create it.


Our group is now created.

In order to make our user a member of this group you will want to select your user and right click on it selecting ADD TO A GROUP.


You will then be prompted to select the group you would like to add your user to from your domain. type in the name and select check names, the server will automatically find and make sure the typed group is correct.


 As soon as the group has been checked select OK.


Then OK again. we have now successfully added out user to the specialists group.

Enjoy!