Announcement

Collapse
No announcement yet.

Ad 2008

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ad 2008

    Maybe this is a strange question:
    Is there a way, when creating new users in AD 2008 that it can automatically add the users to certain Security Groups, other than just “Domain Users” ?. I know this can work with copying a user, or creating a template, run a script, etc.
    For Example:
    I have “John Doe”, when I create this user in AD, I would like for them to be added to “Domain Users” and “GS_Everyone_WestCoast”.

    If there is not away of doing this, I think my other option would to create a Scheduled Task, with a PowerShell Script , checking users if they are not part of the “GS_Everyone_WestCoast” group to add them.

    thank you

  • #2
    Re: Ad 2008

    Edit the Stanard user Template?

    Why are you not able to create a new user template for this? This is exactuly what templates are for, you acknowledge that, yet dismis them out of hand?
    As 99% of people will recommend the correct way to do this, templates, can you please at lest tell us why you are unable to us a template?

    Wofen
    Good to be back....

    Comment


    • #3
      Re: Ad 2008

      i'd go with either template, or as part of your dsadd/etc script.

      Of course, if you need to ensure that ALL user accounts belong to the GS_Everyone_WestCoast group, then you could always nest that group within the DomainUsers group? That should also achieve your aim.
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: Ad 2008

        Thank you for your reply; The reason, I do not really want to create a Template, we have serveral Sys Admin's, and not everyone follows the rules. However, If I could edit the Standard Default User Template, that would solve my issue. I don't know what the Standard Default User Template is.
        Thank you

        Comment


        • #5
          Re: Ad 2008

          So you have a PROCESS problem, rather than a technical problem.

          Don't look for extended technical solutions to solve a people problem. Set up a couple of templates. Get procedures drafted and approved by the CIO.

          come down like the wrath of satan on anyone who deviates.
          (This only works if you're using individually identified administrator accounts, which you are, right ?)
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Ad 2008

            That still doesn't answer my question, Can you edit the Standard Default User Template ? as Wofen said you could. But, where ?

            Comment


            • #7
              Re: Ad 2008

              Originally posted by tehcamel View Post
              come down like the wrath of satan on anyone who deviates.
              Well said!
              True SysAdmin words!
              MCITP: EA

              Comment


              • #8
                Re: Ad 2008

                Originally posted by Semperfi4000 View Post
                That still doesn't answer my question, Can you edit the Standard Default User Template ? as Wofen said you could. But, where ?
                I just wrote a bunch of stuff about where the template should be, and how you'd have to create one if it wasn't there, then realised you don't want to do that because people might not use it.

                So then I worked out what you actually want to do, is edit the Active Directory Schema, so when someone goes "New > user" it AUTOMATIICALY adds those groups, like the domainusers group.

                Right. This is somewhere in the schema, and the attributes of the 'user' class object. Exactly where, I',m not sure. You'd have to deep dive. If I have time at work i might try find it.

                Load the schmmgmt, then use the schema browser tool thinggy (i forget exactly what it is ottomh) and edit the appropriate classes.


                however - once you start modifying the schema, it becomes non-standard, so make sure you know very well what you're changing, and how to revert it.
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: Ad 2008

                  Modifying the Schema is tricky ... Better to script the user creation, it has NO effect on your domain environment.
                  MCITP: EA

                  Comment


                  • #10
                    Re: Ad 2008

                    Originally posted by Balkan View Post
                    Modifying the Schema is tricky ... Better to script the user creation, it has NO effect on your domain environment.
                    the current administrators don't always follow th rules now, which is why he's talkin about wanting to edit the schema.

                    there's no reason they'd use the script to create the account.

                    This is why we're trying to address a human problem with technical methods, rather than the underlying problem.
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Re: Ad 2008

                      By the sound of it, this is a human problem with two parts to the solution:
                      1) Create a user template with the correct group memberships
                      2) Train admins to use this when creating new users, and take action if they do not
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Ad 2008

                        thanks for both your help. I did go into the Active Directory Schema, and I did modify some atttributes; however, as it was stated, at the of the day, it's just best to create templates

                        Comment

                        Working...
                        X