ADS Active Directory Service (Farsi User Guide)
Resource: Windows Server 2003 Help  and  MCSE (Exam 70-290)


ADS > Part 2 > Active Directory Users and Computers "MMC" - Creating and Managing User Objects

Creating User Objects

برای ساختن یک User در ADS توسط AD Users and Computers می توان این کار را انجام داد .بهترین روش برای ایجاد یک User استفاده

از OU می باشد.برای دادن Policy به افراد استفاده از OU  بهترین روش می باشد .

برای ایجاد یک User جدید شما در Action Menu در قسمت New گزینه User را انتخاب می کنید .


شما باید یک Administrator باشید تا بتوانید یک Object از هر نوعی در ADS ایجاد کنید .

     Figure 1: New Object - User

     Figure 1: New Object - User (Windows 2003 Server)

بعد از انتخاب گزینه User منوی بالا ایجاد می شود برای وارد کردن مشخصات فرد مد نظر .شما می توانید نام User را در دو قسمت

User Logon Name و User Logon Name -PreWindows 2000 را یکسان وارد نکنید .


بعد از Next کردن منوی زیر ظاهر می شود .

       Figure 2: New Object - User (Password)
The default account policies in a Windows Server 2003 domain, set in the Default Domain Policy GPO, requires complex passwords that have a minimum of seven characters.
That means a password must contain three of four character types: uppercase, lower-case, numeric, and non-alphanumeric. When you use Windows Server 2003 in a test or lab environment, you should implement Therefore, in this book, you are encouraged to use complex passwords for the user accounts you create; it will be left to you to remember those passwords during exercises that require logging on as those users.
     Figure 2: New Object - User (Password)

در اینجا شما Password را که بهتر می باشد کمتر 8 کارکتر نباشد را وارد می کنید . در Figure 2 فرد مد نظر در OU بنام Users  ایجاد شده که

خود آن زیر مجموعه Winteacher OU می باشد.

User Properties in the Second Page of the New Object–User Dialog Box



Password The password that is used to authenticate the user. For security reasons, you should always assign a password. The password is masked as you type it.
Confirm Password Confirm the password by typing it a second time to make sure you typed it correctly.
User Must Change Password At Next Logon Select this check box if you want the user to change the password you have entered the first time he or she logs on. You cannot select this option if you have selected Password Never Expires. Selecting this option will automatically clear the mutually exclusive option User Cannot Change Password.
User Cannot Change Password Select this check box if you have more than one person using the same domain user account (such as Guest) or to maintain control over user account passwords. This option is commonly used to manage service account pass-words. You cannot select this option if you have selected User Must Change Password At Next Logon.
Password Never Expires Select this check box if you never want the password to expire. This option will automatically clear the User Must Change Password At Next Logon setting, as they are mutually exclusive. This option is commonly used to manage service
account passwords.
Account Is Disabled Select this check box to disable the user account, for example, when creating an object for a newly hired employee who does not yet need access to the network.
Managing User Objects

یک User دارای یک سری Property می باشد که برای مشاهده آن بر روی User می توانید Right-Click کنید و گزینه Property را انتخاب کنید

در این بخش با موارد بیشتری از Property های یک Account آشنا می شوید .

User Property

این Propery به چند Category تقسیم می شود که در زیر مشاهده می کنید .

The property pages in the Properties dialog box expose properties that fall into several broad categories:

■ Account properties: the Account tab These properties include those that are configured when you create a user object, including logon names, password and account flags.

■ Personal information: the General, Address, Telephones, and Organization tabs The General tab exposes the name properties that are configured when you create a user object.

■ User configuration management: the Profile tab Here you can configure the user’s profile path, logon script, and home folder locations.

Group membership: the Member Of tab You can add and remove user groups, and set the user’s primary group.

Terminal services: the Terminal Services Profile, Environment, Remote Control, and Sessions tabs These four tabs allow you to configure and man-age the user’s experience when they are connected to a Terminal Services session.

Remote access: the Dial-in tab Allows you to enable and configure remote access permission for a user.

Applications: the COM+ tab Assigns Active Directory COM+ partition sets to the user. This feature, new to Windows Server 2003, facilitates the management of distributed applications.

Account Tab

نام Account و ساعات اجازه فعالیت در Domain و نیز مشخص کردن نام Computer که این Account فقط از طریق آن Logon کند و...


User Account Properties - Account Tab



Logon Hours Click Logon Hours to configure the hours during which a user is allowed
Log On To Click Log On To if you want to limit the workstations to which the user can log on. This is called Computer Restrictions in other parts of the user interface. You must have NetBIOS over TCP/IP enabled for this feature to restrict users because it uses the computer name, rather than the Media Access Control (MAC) address of its network card, to restrict logon.
Store Password Using Reversible Encryption This option, which stores the password in Active Directory without usingActive Directory’s powerful, nonreversible encryption hashing algorithm,exists to support applications that require knowledge of the user pass-word. If it is not absolutely required, do not enable this option because it weakens password security significantly. Passwords stored using reversible encryption are similar to those stored as plaintext.Macintosh clients using the AppleTalk protocol require knowledge of the user password. If a user logs on using a Macintosh client, you will need to select the option to Store password using reversible encryption.
Smart Card Is Required For Interactive Logon Smart cards are portable, tamper-resistant hardware devices that store unique identification information for a user. They are attached to, or inserted into, a system and provide an additional, physical identification component to the authentication process.
Account Is Trusted For Delegation This option enables a service account to impersonate a user to access network resources on behalf of a user. This option is not typically selected, certainly not for a user object representing a human being. It is used more often for service accounts in three-tier (or multi-tier) application infrastructures.
Account Expires Use the Account Expires controls to specify when an account expires.

     Figure 3: User Properties - Account Tab
ADS Active Directory Service (Farsi User Guide)



ADS > Part 2 > Active Directory Users and Computers "MMC" - Creating and Managing User Objects