Category: Active Directory

Posted in Active Directory, Azure, Windows

CREATING BULK USERS IN ACTIVE DIRECTORY

Posted on by Akhil

Prerequisites :

  • A list of users in the format of .csv file as shown.
  • The user logon name or the SAM account name should be different for different users.
  • A desired OU as mentioned in the CSV file to be created in the Active Directory
  • Run > dsa.msc > Right click on the domain > New > Organizational Unit

Procedure :

The following powershell code is used to create the bulk users in the Active Directory.

Import-Module ActiveDirectory
$securePassword = ConvertTo-SecureString "123456aA#" -AsPlainText -Force
$filepath = Read-Host -Prompt "Please enter the path to your CSV file"
$users = Import-Csv $filepath
ForEach ($user in $users) {
    $name = $user.'Display Name'
    $fname = $user.'First Name'
    $lname = $user.'Last Name'
    $intials = $user.'Intials'
    $department = $user.'Department'
    $userlogonname = $user.'User Logon Name'
    $OUpath = $user.'Organizational Unit'
    $Sam = $user.'SamAccount Name'

New-ADUser -Name "$name" -GivenName "$fname" -SurName "$lname" -Initials $intials -Department "$department" -UserPrincipalName "$userlogonname" -SamAccountName "$Sam" -Path $OUpath -AccountPassword $securePassword -ChangePasswordAtLogon $True -Enabled $True

}

  • Mention the Path of the CSV file and click ENTER, which results in the creation of the users according to the CSV file.
  • For the Verification, check the mentioned Organizational Unit in the Active Directory for the Users.

Modification of any attributes of the users in bulk

The following powershell code can be used for the modification of the user attributes in bulk, for example to change the SamAccount Name and Company of the Users in Bulk using CSV file.

Import-Module ActiveDirectory $filepath = Read-Host -Prompt "Please enter the path to your CSV file" $users = Import-Csv $filepath ForEach ($user in $users) {Get-ADUser -Filter "UserPrincipalName -eq '$($user."User Logon Name")'" | Set-ADUser -SamAccountName ($user."SamAccount Name") -Company ($user."Company")}

And the sample format of the CSV file for the modification process can be as followed

Secondary Domain Controller (ADC)

Any Administrative operation can be performed in any of the domain controllers, but it is preferred to make action in the secondary domain controller
Posted in Active Directory, AWS, Patch Management, Windows

CONFIGURATION OF WSUS

Posted on by Akhil
  • After confirming with the desired language continue to select the products and the updates that are required for the servers to which the process of patch management should be done.
  • Option of synchronization is up to individual.
  • Begin with the initial synchronization as shown below.
  • Which results in a pop-up of the WSUS Console.
  • All the updates that are obtained once after the server gets in contact with the Microsoft cop. can be seen in this console.
  • Console > Updates > All Updates // Make sure the option (Unapproved and any) to be turned on as shown below.
  • As it is shown that these updates needed to be approved, select all the updates that are visible in the console and right click to approve them which will lead to a confirmation pop-up window as shown.
  • Right click on the group or the computers to which the patch management need to be done and approve for the installation.

Group policy management

Once the updates were approved by the PMS server, to push the desired updates to the client servers one need to update their group policy. This can be done in the Group Policy Management.

  • Windows Start > Server Manager > Tools > Group policy management // In the PMS server.
  • Create a GPO in this domain and Link it here.. by right clicking on the domain to which the patches need to be pushed.
  • Right click on the created group policy to edit which results in Group policy management editor.
  • Expand Computer configurations > Policies > Administrative Templates > Windows Components > Windows Updates.
  • Double click Configure Automatic Updates and set it to Enabled.
  • One has a freedom of selecting an option of how to configure the updates as shown below.
  • Click on Apply and then OK.
  • Double click Specify Intranet Microsoft Update Service Location and set it to Enabled.
  • Specify the intranet statistics server below in the format [http:Servername:8530] as shown.
  • Click on Apply and OK.
  • Proceed to the client server’s command prompt and force the server to update the group policy as shown below and wait for the servers to get appeared in the WSUS console under unassigned computers.

THE BLOG WILL BE CONTINUED

Posted in Active Directory, AWS, Patch Management, Windows

WINDOWS UPDATE CATEGORIES

Posted on by Akhil

There are various kinds of updates that are provided by Microsoft corporation. Few of them were listed below.

  • Critical Updates
  • Security Updates
  • Definition Updates
  • Update Rollup
  • Service pack
  • Tool
  • Feature pack
  • Update

Critical Updates are updates which fixes specific, non-security related, critical bug. That bug can cause for example serious execution degradation, interoperability malfunction or disturb application compatibility.

Security Updates are one of the important type of updates which makes the the complete corporation to be safe against the world of hackers.

WSUS (Windows Server Update Services)

The concept of patch management is one of the significant service that a firm need to run periodically to update themselves and be strong in every single viewpoint. WSUS is a service developed by the Microsoft, which helps in managing and distribution of the patches to multiple servers from the main server. In the point of practicality a server (Windows 2019) is launched as an instance in AWS and connected remotely

A new role Windows server update services and its features were added to the server accordingly and installed.

  • Windows start > Server manager > Add roles and features //follow the default options on the screen to add a role windows server update service and install the corresponding role.
  • Before configuring the role, Launch the post installation tasks (from the notification bar as shown below).
  • Server manager > Tools > Windows server update service > Create a folder name WSUS in the drive and mention the desired file location and click Run. \\ A dialogue box for the file confirmation appears on the screen as shown.
  • Click close to launch WSUS console.
  • Follow the on screen commands to configure the WSUS.
  • As it is the main server to which the the updates needed to be synchronized from the Microsoft, select the option of synchronize from Microsoft Update as shown.
  • Use the proxy details if needed or else continue further to start connecting with the Microsoft for updating with the details of our server.
  • Select the desired language and click Finish.

Patience is the key for success

Patience is the other important role and feature that needed to be added for success to be followed in this configuration.

CLICK TO CONTINUE THE BLOG

Posted in Active Directory, AWS, Windows

CREATING A WINDOWS DOMAIN

Posted on by Akhil

Changing the name of the server

  • Get access to a Windows 2019 server remotely on the host PC
  • Creating a domain controller with the name of of Domain_Controller_1 under windows > server manager > local server > computer name > change. After changing the name of the computer, a procedure of restart is recommended and also mandatory.

Setting up a static IP address

  • Windows > Settings > Network and Sharing Center > Ethernet > Details // Note down the IPv4 Address, IPv4 Subnet Mask, IPv4 Default Gateway.
  • In Ethernet status get down to the properties to select the option of properties of Internet Protocol Version 4 (TCP/IPv4) to enter the IP address, subnet mask and the default gateway.
  • Also set the DNS server as the IPv4 Address. // Setting the complete control on the domain. (Recommendation : Restart the server)

Assigning the Domain Controller

  • Windows > Server Manager > Dashboard > Add Roles and Features // Follow the onscreen commands> add a role of Active directory domain service in server roles which pop ups with its required default features > Install.
  • Configuring the active directory domain service Promote this server to a domain controller // In the notifications (exclamatory mark) > Add a forest // for the first time > specify the desired root domain name (something.something eg: cloudees.com) > follow the onscreen commands to install and followed by a restart procedure.
  • Confirmation of the Domain controller : Windows > Service manager > Local server (The computer name along with the Domain are changed respectively for the desired ones. ) > Tools (Top right corner of service manger)> Active directory Users and Controllers > Domain name > Domain Controllers (Where the current server should be seen as follows).

Connecting a client server

  • Get access to a Windows 2019 server remotely on the host PC .
  • Windows > Settings > Network and Sharing Center > Ethernet > Details // Note down the IPv4 Address, IPv4 Subnet Mask, IPv4 Default Gateway.
  • In Ethernet status get down to the properties to select the option of properties of Internet Protocol Version 4 (TCP/IPv4) to enter the IP address, subnet mask and the default gateway.
  • Also set the DNS server as the IPv4 Address of Domain Controller as shown. // Setting the complete control on the domain. (Recommendation : Restart the server)
  • Windows > Control panel > System (small icons) > Change settings (Computer name, domain and workgroup settings) > change from workgroup to domain (cloudees.com) > Username and password (Domain controller) // Cross the barrier of the domain by providing the details of the domain controller. Welcome to the () domain.

Confirmation of the client server in the domain : IN DOMAIN CONTROLLER Windows > Service manager >Tools (Top right corner of service manger)> Active directory Users and Controllers > Domain name > Domain Controllers (Where the domain controller should be seen as follows) > Computers (Where the all client servers should be displayed).

Posted in Active Directory, AWS, Windows

CONNECTING TO A WINDOWS SERVER FROM WINDOWS OS REMOTELY

Posted on by Akhil
  • An windows 2019 instance was created in aws and held the status to be running.
  • mstsc // Typed in the Run to get access remotely on windows server.

The public IP address of the instance was pasted accordingly as follows.

  • In AWS, get the login credentials by using the Key-pair (.ppm) starting from the Get Windows Password > Choose the Key-pair (.ppm) > Decrypt the password
  • Use the credentials to get access remotely on the virtual instance generated.
  • Enjoy the remotely accessed windows server.