A user object in AD is used to represent a real user in an organizational network environment.
Say for example Joshua is a new employee in my organization, and I need to allow him accesses to various resources of the organization. All I have to do to achieve this is create a user object in the Active Directory users and computers console and assign access permissions to the user object representing Joshua. And depending on the permissions I assign to the user object Joshua’s access over resources might be granted, restricted or denied.
To create a user object in Active Directory
- Start -> administrative tools -> Active Directory users and computers console
- Right click on the console tree
- From the menu that pops choose the option “new”
- On choosing the option new another menu pops with a list of objects , from that choose “user”
- An object creation wizard appears as shown in the figure below, enter the value for various attributes of the user object and click next
- In the next page of the creation Wizard enter the password for the user account, in this page below the text boxes that prompt for password you will also notice a few self-explanatory options to configure password settings.
- After you have configured the password settings click finish
- On clicking finish the object will be created and can be located on the ADUC console tree in its respective container.
The pages of the user object creation Wizard
To delete a user object in AD
- Open ADUC
- Right click on the user object you intend to delete
- From the submenu that pops choose the option “delete”
- The user object will be deleted from Active Directory and will no more appear on the console tree.
To modify a user object in AD
- Open ADUC and right click on the user object you intend to modify
- From the shortcut menu that pops choose the option “properties”
- A user object properties dialogue box appears with various tabs
- Navigate through the various tabs and make the necessary changes
- Click apply and then ok
- The modifications will hence be made.
Every object has a set of mandatory and optional attributes. The values for the mandatory attributes are a mandatory requirement for the successful creation of the object. For example the mandatory attributes for a user object are cn and SAMAccountName; these attributes are unique across a domain and are used to uniquely identify the objects across the domain.
To view the mandatory attributes of the user object
- Right click on the user object in the ADUC console
- A dialogue box appears; from that choose the attribute editor tab
- In the attribute editor tab click on the filter button
- On clicking on the filter button a submenu with list of attribute types pops up
- From the menu choose mandatory
- The mandatory attributes of user object are cn, objectCategory, objectclass, SAMAccountName
There are also other attributes such as telephoneNumber, Manager Etc. which are optional; an object can be created without these attributes. These attributes are simply used for the convenience of improving object descriptions.
To understand the user object and its various attributes better, one needs to explore the user object properties dialogue box. To open the user object properties dialogue box right click on the user object and choose “properties”. The various attributes are categorized under different tabs based on their functionalities.