Active Directory User Management: Practical solved Tickets
As an IT professional deeply embedded in the world of infrastructure and identity management, I’ve come to appreciate just how central Active Directory (AD) user management is to the day-to-day responsibilities of a systems administrator. Whether you’re running a small test domain in a home lab or managing an enterprise-grade environment with thousands of users, the principles remain the same.
In this guide, I’m offering something valuable and completely free: a breakdown of 4 essential, real-world Active Directory user management tasks, presented with step-by-step instructions and best practices that I’ve learned through hands-on experience.
Ticket 1. Create a New User in Active Directory
Use case: Onboarding a new employee.
To perform this task, you will need administrator privilege, also can access this from Open Active Directory Users and Computers from the workstation that RSAT installed, this case- RSAT is running on the windows 11 machine or Web portal like ADmanager Plus ( Third party ).
Steps:
- Open Active Directory Users and Computers
- Navigate to the correct Organizational Unit (OU), Called Staff
- Right-click the OU > New > User.
- Enter the following:
- First name, last name
- User logon name
- Title Business Analyst
- Department -staff
- Office 445
- Set a strong temporary password (admin@123)
- Click Finish
In the real world, you need to check the user must change password at the next logon, but for this we don’t want to change the password.
Now we have created the user but how can we add the additional information that was asked in STEP 4?
Navigate user account properties.
Click the organization and fill up the box you need!
To put office information, use the General tab.
Guestwhat! We don’t have an Organizational Unit called Staff yet. Most of the time, you will find the department is already created so you don’t have to worry about it. if you get a ticket asking you to do so, no problem. This is our next task.
Ticket 2. Create a New Organizational Unit in Active Directory
Right click on the domain or white space >New >Organizational Unit and give a name and ok.
Now, let us move the user we created earlier to the staff department.
Find the user>Right click >Move and select staff and ok.
Now User will be added to the staff container and let us confirm that.
Key takeaway:
You created a user with required details in the Active directory and added to the right department closed tickets.
Ticket 3. Reset a User Password in Active Directory
Use case: A user forgets their password and needs a reset. Click here.
Ticket 4: Disable a User Account (Soft Offboarding)
Use case: A user goes on leave or departs the organization, and you want to lock the account temporarily without deleting it.
In the i.T Department, we have a user called Dave Johnson and he is no longer with the company. As helpdesk, you got an email requesting the following task.
Subject: Request to Disable AD Account for Departing Employee
Description:
Please disable the Active Directory account for the following employee who is leaving the company:
- Priority : High
- Employee Name: Dave Johnson
- Department: i.T
- Job Title: System Analyst
- Last Working Day: April 24, 2025
- Remove from all distribution and security groups
- Disable VPN access and revoke Office 365 license
- Archive mailbox (retain for 90 days as per policy)
Ensure that disabling is done end of day on the last working day to prevent premature access issues.
Right click the user account name and select disable and click ok.
Hope you learned something new and valuable. If you found this helpful, feel free to share it with your network!
Written by Muhidin Warsame