MCT USE ONLY.

STUDENT USE PROHIBITED

Installing and Configuring Windows Server 2012 4-25

Lab: Automating AD DS Administration by Using Windows

PowerShell
Scenario

You have been working for A. Datum Corporation for several years as a desktop support specialist. In
this role, you visited desktop computers to troubleshoot app and network problems. You have recently
accepted a promotion to the server support team. One of your first assignments is configuring the
infrastructure service for a new branch office.

As part of configuring a new branch office, you need to create user and group accounts. Creating multiple
users with graphical tools is inefficient, so, you will use Windows PowerShell.

Objectives
After completing this lab, you should be able to:

Create user accounts and groups by using Windows PowerShell.

Use Windows PowerShell to create user accounts in bulk.

Use Windows PowerShell to modify user accounts in bulk.

Lab Setup
Estimated Time: 45 minutes

Virtual machines

20410D-LON-DC1
20410D-LON-CL1

User name

Adatum\Administrator

Password

Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.

On the host computer, start Hyper-V Manager.

2.

In Hyper-V Manager, click 20410D-LON-DC1, and then in the Actions pane, click Start.

3.

In the Actions pane, click Connect.

Wait until the virtual machine starts.

4.

5.

Sign in by using the following credentials:

o

User name: Adatum\Administrator

Password: Pa$$w0rd

Repeat steps 2 and 3 for 20410D-LON-CL1. Do not sign in to LON-CL1 until directed to do so.

Exercise 1: Creating User Accounts and Groups by Using Windows

PowerShell
Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

4-26 Automating Active Directory Domain Services Administration

A. Datum Corporation has a number of scripts that it has previously to create user accounts by using
command-line tools. However, an enterprise-wide mandate specifies that all future scripting will be done
by using Windows PowerShell. As the first step in creating scripts, you need to identify the syntax required
to manage AD DS objects in Windows PowerShell.
The main tasks for this exercise are as follows:
1.

Create a user account by using Windows PowerShell.

2.

Create a group by using Windows PowerShell.

Task 1: Create a user account by using Windows PowerShell

1.

On LON-DC1, open a Windows PowerShell Command Prompt window.

2.

At the Windows PowerShell prompt, create a new OU named LondonBranch by typing the following
command:
New-ADOrganizationalUnit LondonBranch

3.

Create a new user account for Ty Carlson in the LondonBranch OU by using the following command:
New-ADUser -Name Ty -DisplayName "Ty Carlson" -GivenName Ty -Surname Carlson -Path
"ou=LondonBranch,dc=adatum,dc=com"

4.

Change the blank password for the new account to Pa$$w0rd, by using the following command:
Set-ADAccountPassword Ty

5.

Enable the new user account by using the following command:

Enable-ADAccount Ty

6.

On LON-CL1, sign in as Ty with the password Pa$$w0rd.

7.

Verify that the sign-in is successful, and then sign out of LON-CL1.

Task 2: Create a group by using Windows PowerShell

1.

On LON-DC1, at the Windows PowerShell prompt, create a new global security group for users in the
London branch office, by using the following command:
New-ADGroup LondonBranchUsers -Path "ou=LondonBranch,dc=adatum,dc=com" -GroupScope
Global -GroupCategory Security

2.

At the Windows PowerShell prompt, add Ty as a member of LondonBranchUsers, by using the

following command:
Add-ADGroupMember LondonBranchUsers -Members Ty

3.

At the Windows PowerShell prompt, confirm that Ty is now a member of LondonBranchUsers, by

using the following command:
Get-ADGroupMember LondonBranchUsers

MCT USE ONLY. STUDENT USE PROHIBITED

Installing and Configuring Windows Server 2012 4-27

Results: After completing this exercise, you will have created user accounts and groups by using Windows
PowerShell.

Exercise 2: Using Windows PowerShell to Create User Accounts in Bulk

Scenario

You have a .csv file that contains a large list of new users for the branch office. It is inefficient to create
these users individually with graphical tools, so you will use a Windows PowerShell script instead. A
colleague that has experience with scripting has given you a script that she created. You need to modify
the script to match the format of your .csv file.
The main tasks for this exercise are as follows:
1.

Prepare the .csv file.

2.

Prepare the script.

3.

Run the script.

Task 1: Prepare the .csv file

1.

On LON-DC1, read the contents in E:\Labfiles\Mod04\LabUsers.ps1 to identify the header

requirements for the .csv file.

2.

Edit the contents in E:\Labfiles\Mod04\LabUsers.csv, and then add the appropriate header.

Task 2: Prepare the script

1.

On LON-DC1, use Windows PowerShell Integrated Scripting Environment (ISE) to modify the variables
in LabUsers.ps1:
o

$csvfile: E:\Labfiles\Mod04\labUsers.csv

$OU: "ou=LondonBranch,dc=adatum,dc=com"

2.

Save the modified LabUsers.ps1.

3.

Review the contents of the script.

Task 3: Run the script

1.

On LON-DC1, open a Windows PowerShell command prompt, and then run

E:\Labfiles\Mod04\LabUsers.ps1.

2.

At the Windows PowerShell prompt, use the following command to verify that the users were created:
Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com"

3.

On LON-CL1, sign in as Luka with the password Pa$$w0rd.

Results: After completing this exercise, you will have used Windows PowerShell to create user accounts in
bulk.

Exercise 3: Using Windows PowerShell to Modify User Accounts in Bulk

Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

4-28 Automating Active Directory Domain Services Administration

You have received a request to update all user accounts in the new branch office OU with the correct
address of the new building. Additionally, you have been asked to ensure that all of the new user accounts
in the branch office are configured to force users to change their passwords the next time they sign in.
The main tasks for this exercise are as follows:
1.

Force all user accounts in LondonBranch to change their passwords at next sign in.

2.

Configure the address for user accounts in LondonBranch.

Task 1: Force all user accounts in LondonBranch to change their passwords at next
sign in
1.

On LON-DC1, open a Windows PowerShell Command Prompt window.

2.

At the Windows PowerShell prompt, create a query for user accounts in the LondonBranch OU by
using the following command:
Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com" | Format-Wide
DistinguishedName

3.

At the Windows PowerShell prompt, modify the previous command to force all users to change their
password the next time they sign in by using the following command:
Get-ADUser -Filter * -SearchBase "ou=LondonBranch,dc=adatum,dc=com" | Set-ADUser
-ChangePasswordAtLogon $true

Task 2: Configure the address for user accounts in LondonBranch

1.

On LON-DC1, open the Active Directory Administrative Center.

2.

Open the properties for all user accounts in LondonBranch.

3.

Set the address for multiple users as follows:

o

Street: Branch Office

City: London

Country/Region: United Kingdom

Results: After completing this exercise, you will have modified user accounts in bulk.

Lab Review Questions

Question: By default, are new user accounts enabled or disabled when you create them by
using the New-ADUser cmdlet?
Question: What file extension do Windows PowerShell scripts use?