Chapter 6. Users

6.0. Introduction

User accounts are some of the most frequently used objects in Active Directory; they create the means of authenticating and authorizing someone to access resources on your network. Because Windows 2000 and newer Windows server systems manage users primarily through Active Directory, many key issues that system administrators deal with are covered in this chapter. In particular, Active Directory manages information regarding user passwords; group membership; enabling, disabling, or expiring user accounts; and keeping track of when users have logged on to your network.

The Anatomy of a User

The default location for user objects in a domain is the cn=Users container directly off the domain root. You can, of course, create user objects in other containers and organizational units in a domain, or move them to these containers after they’ve been created. Table 6-1 contains a list of some of the interesting attributes that are available on user objects. This is by no means a complete list. There are many other informational attributes that we haven’t included.

Table 6-1. Attributes of user objects

Attribute

Description

accountExpires

Large integer representing when the user’s account is going to expire. See Recipe 6.31 for more information.

cn

Relative distinguished name of user objects. This is commonly the username or the display name of the user.

displayName

Typically the full name of a user. This attribute is used in administrative tools to display a user’s descriptive ...

Get Active Directory Cookbook, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.