Create AD Users and Groups – Server Basics 2016 #05

How to create users and groups in Windows Server 2016 Active Directory. Part of the Active Directory / Domain foundation is setting up users and groups, nesting groups when needed as well.
Screenshots and details at:

Complete Video Series:

Best practice setting up AD (Active Directory) Users and Groups for Server 2016.
Check out the previous blog post articles for getting up to this point if you are wanting to follow along.

There isn’t really a right or wrong way to setting up users and groups within Active Directory, but over the years I found some methods that work pretty well. Every environment will be different, but the best thing you can do is plan plan plan. Plan as much as you can, keeping the future and expansion in mind.

As you build your Active Directory structure up, you will find some things that need to be added, removed, and tweaked. That’s OK, it’s part of the process.

Creating AD Users and Groups – Domain Admin Account

Let’s start off by creating our own Domain Admin account. I always have two accounts setup:

Standard user account: cdavis
Domain Admin account: cdavis.admin
I do this so I never have to log in as my Domain Admin account. Instead, I just elevate whatever process I want/need to do.

One important note: Use the Copy feature as much as possible when setting up new users.

Navigate to the default Users container (the one the system setup automatically).
Right click on the Administrator account, then select Copy.

Fill in the information (note: I add ” – Admin” to the Full name and add “.admin” to the logon name)

Type in a password and leave the Password never expires enabled

Drag-n-drop the newly created account to the proper OU.

Creating AD Users and Groups – Standard User Accounts

Go through and setup all of the remaining user accounts for the environment and place them in the proper OUs. Remember, use the Copy feature as much as possible after setting up one user.

Navigate to Group Policy OU | IT | Helpdesk | Users
Right-click Users and select New | User

Fill in the information

Type a password twice.
Leave the User must change password at next logon enabled

Finish creating the users and placing them into the proper OUs.
Creating AD Users and Groups – Groups

Finally, let’s create some groups and assign the associated people to them.

Here is an overview of what the end result will be for our groups:

Navigate to Group Policy OU | Groups – Security
Right-click Groups – Security
Select New | Group

Fill in the information. For this one, I am calling this group IT Techs

Now that the group is created, let’s add a member to it.
Right-click the IS Techs group and select Properties.

In the Members tab, select Add.

Type the username and select Check Names.

When the system finds the account, you will see the full account details. Select OK.

Select OK when finished adding users to the group.

When finished, let’s nest a couple of groups within another group.
This example, we have two Managers groups: Sales and Service Managers. We want to add those groups to a Management group.
Right-click the Management group and select Properties.
In the Members tab, click Add, type the names of the groups, and add them to the group.
It should look like this:

Subscribe for more videos:

PC-Addicts Website:

PC-Addicts FaceBook Page:

PC-Addicts Twitter:

PC-Addicts Google+ Community Page:

PC-Addicts on Pinterest:


You might be interested in