Planning for the 1.4 OU
A particularly useful directory object type that is contained in a domain is an organizational unit (OU). An organizational unit is an Active Directory container in which users, groups, computers, and other organizational units can be placed, but cannot accommodate objects from other domains. An organizational unit can assign Group Policy settings, or delegate administrative permissions. The organizational unit represents the logical hierarchy of domains to manage the configuration and use of accounts and resources based on the model of the Organization. However, creating a user and user group in the Users container is not recommended, but instead creates an organizational unit in the domain and adds users.
1.4.1 Creating an OU
Open the Active Directory Users and Computers window, select the current domain, 1-30, right-click, choose new → organizational unit from the shortcut menu, display the New Organizational Unit dialog box, 1-31. Enter the organizational unit name (in this case, "Information Technology Academy") and click the "OK" button to complete the creation.
650) this.width=650; "height=" 445 "title=" clip_image001 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image001 "src=" http://s3.51cto.com/wyfs02/ M02/83/70/wkiom1dzcergh6-faaeahsp68s8036.jpg "border=" 0 "/>
650) this.width=650; "height=" 446 "title=" clip_image003 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image003 "src=" http://s3.51cto.com/wyfs02/ M01/83/6f/wkiol1dzcfszbzwvaab8rj2ssyu173.jpg "border=" 0 "/>
Figure 1-30 new OU figure 1-31 setting ou name
Select the new organizational unit, right-click in the Blank pane on the right, and continue to create child organizational units in the organizational unit, as shown in Figure 1-32 and 1-33.
650) this.width=650; "height=" 445 "title=" clip_image004 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/ M00/83/6f/wkiol1dzcfwtqur0aaek8qtcaza491.jpg "border=" 0 "/>
650) this.width=650; "height=" 422 "title=" clip_image006 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/ M01/83/6f/wkiol1dzcfatgfk3aacja5disxg969.jpg "border=" 0 "/>
Figure 1-32 New OU figure 1-33 Creating a child OU
After you have created organizational units by enterprise structure, you can "move" the previously created users to their respective organizational units for management. Windows Server 2008 relies on organizational units and Group policies to implement many of the advanced management features of automation.
1.4.2 ways to create a large number of users
As an administrator, a basic task is to "create a user." Although the steps to create a user are simple, it can be a hassle if you need to create dozens of, hundreds of, or even thousands of users. In this section, you will describe how to create a user in bulk. NET is a very common network command, you can create a large number of users using the net user command. The syntax for the net USER command is as follows:
NET USER
[Username [Password | *] [options]] [/domain]
Username {password | *}/add [options] [/domain]
username [/delete] [/domain]
The meanings of the parameters are as follows.
L NET User: Used to create and modify user accounts on the computer. When you use this command without an option, it lists the user accounts on the computer.
L Username: refers to the name of the user account that needs to be added, deleted, modified, or browsed. The name of the user account cannot exceed 20 characters.
L Password: Assign or change the password of the user account. The password must meet the requirements for the minimum length specified by the/minpwlen option of the NET ACCOUNTS command. It can have a maximum of 14 characters. * Indicates a prompt to enter a password. The password is not displayed when the user enters it at the password prompt.
L/domain: The operation is performed on the primary domain controller of the current domain.
L/add: Add the user account to the user account database.
L/delete: Delete the user account from the user account database.
The options option is as follows.
? /active:{yes | NO}: Activate or deactivate an account. If the account is deactivated, the user cannot access the server. The default value for this option is yes.
? /comment: "Text": Provides a descriptive comment about the user account. You need to enclose the text in quotation marks.
? /COUNTRYCODE:NNN: A language-specific file that implements user Help and error messages using the operating system's country/region code. 0 indicates the default country/region code.
? /expires:{date | Never}: If the date is set, it will cause the account to expire. Set never, there is no time limit on the account. Depending on the country code, the effective date can be in the form of a month/day/year or day/month/year. The month can be a number, a complete spelling, or a 3-letter abbreviation. The year can be two-bit or four-digit numbers. Use a slash (/, no space) to separate parts of the date.
? /fullname: "Name": is the full name of a user (not the user name). You need to enclose the name in quotation marks.
? /homedir:pathname: Sets the path to the user's home directory. The path must already exist.
? /passwordchg:{yes | NO}: Specifies whether the user can change his or her password. Its default value is yes.
? /passwordreq:{yes | NO}: Specifies whether the user's account must have a password. Its default value is yes.
? /profilepath[:p Ath]: Sets the path for the user's login profile.
? /scriptpath:pathname: Refers to the location where the user's login file is located.
? /times:{times | All}: Refers to the time at which a user can log on. Times are expressed in Day[-day][,day[-day]], Time[-time][,time[-time], and the increments are limited to 1 hours. Days can be all spelled or abbreviated. The hour can be either a 12-hour or 24-hour system. For a 12-hour system, you can use AM, PM. All means that users can always log on. A null value indicates that the user can never log on. You can use commas to separate days and time items, and separate multiple days and time items with semicolons.
? /usercomment: "Text": Let the manager Add or change user comments for the account. /workstations: {computername[, ...] | *} lists up to 8 users who can log on to a computer on the network. If/workstations does not have a list or a list of *, users can log on from any computer.
? NET Help Command | MORE: For display-by-screen help.
"Note" The command must be aware of the use of spaces. Each parameter (username is also a parameter) should have a space, the same argument cannot be separated by a space, unless the space in quotation marks.
If you want to create 3 users in Windows Server 2008, Windows 7, Windows Server 2003, Windows XP without upgrading to a domain controller, the simplest method is to create the following batch file:
NET user W11/add
NET user Ab2/add
NET user Ce3/add
Then run the batch file and create 3 users.
If you want to create a user with the net user command on a domain controller, you need to specify a password for the user. For example, create Ws11~ws13 a total of 3 users, set the user password to A1B2C3D4, the code is as follows:
NET user Ws11 A1b2c3d4/add/domain
NET user ws12 A1b2c3d4/add/domain
NET user Ws13 A1b2c3d4/add/domain
The result of executing the command is shown in 1-34.
650) this.width=650; "height=" 273 "title=" clip_image008 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/ M02/83/6f/wkiol1dzcfusbremaacbddqhtyg805.jpg "border=" 0 "/>
Figure 1-34 Creating a user with net user
After using the net user Creation command, return to the Active directory Users and Computers window, select the created user in the Users organizational unit, and "move" to the appropriate OU, as shown in 1-35.
650) this.width=650; "height=" 445 "title=" clip_image009 "style=" border:0px;padding-top:0px;padding-right:0px; Padding-left:0px;background-image:none, "alt=" clip_image009 "src=" http://s3.51cto.com/wyfs02/M00/83/6F/ Wkiol1dzcfyc5wvmaafsyxnz4no540.jpg "border=" 0 "/>
Figure 1-35 Mobile Users
After reading the article, please vote for my vote (Wang Chunhai), thank you
Http://edu.51cto.com/activityvote/voteRanking
This article from "Wang Chunhai blog" blog, declined reprint!
Virtualization infrastructure planning for the 3-ou of Windows 2008