Manage users in an Active Directory infrastructure on Windows Server 2016

  • Windows Server
  • 2/2

3.6. Organization tab

In the "Organization" tab, you can specify :

  • Job Title : its function in your company. Ex : IT manager.
  • Department : the department in which he or she works. Ex : IT department.
  • Company : the company in which he or she works. Ex : the name of your company or of an external company if it's an external one who comes to you at times.
  • Manager : here, you can select the "User" object of its hierarchical manager.

If the user being modified has been defined as "Manager" on at least one user, you will see the list of these collaborators.
In other words, the "Manager" corresponds to the line manager and the collaborators correspond to the people for whom he is responsible.

3.7. Member Of tab

In the "Member Of" tab, you can choose which group this user is in and you can add them to more than one group if you wish.
Knowing that the default primary group is "Domain Users" and should not be changed unless you have Macintosh clients or are using POSIX-compliant applications.

To add this user to another additional group, click on the "Add" button and specify the name of the group in which you want to add it.

Now, this user is part of 2 groups :

  • our group : MyGroup
  • the default group : Domain Users

To add a user to a group, you can also use the "Add to a group" right-click shortcut on a user.

The desired user appears in the target group members.

3.8. Dial-in tab

In the "Dial-in" tab, you can for example, manage network access permissions :

  • Allow access : allows you, for example, to allow this user to connect to your VPN server if you have one
  • Deny access
  • Control access through NPS Network Policy

By checking the "Verify Caller-ID" box, you can restrict the connection to a specific phone number.

As the name suggests, the callback options allow the user to be called back, which is preferable for security reasons.

Finally, you can assign static IP addresses and/or static routes to this user, if you wish.

3.9. Environment tab

In the "Environment" tab, you can define the name of a program to start when this user opens a session by checking the "Start the following program at logon" box.

  • Program file name : the full path of the program to run
  • Start in : corresponds to the working directory that the program will use by default

3.10. Sessions tab

In the "Sessions" tab, you can manage the automatic disconnection or closing of sessions opened via Remote Desktop services.
For information about these settings, refer to step 1 of our tutorial : Improve RDS server performance

3.11. Remote control tab

In the "Remote control" tab, you will be able to choose to adjust the settings of the remote control of the user's session when they log in via Remote Desktop Services.

The available options are :

  • enable remote control : allows you to authorize remote control of the user's session
  • require user's permission : by default, the user must accept your remote control or viewing of their session to allow you to access it
  • level of control - View the user's session : allows you as administrator to see the user's session, but without controlling it
  • level of control - Interact with the session : allows you as administrator to control the user's session and therefore to be able, for example, to click on buttons instead of the user, ...

3.12. Remote Desktop Services Profile tab

In the "Remote Desktop Services Profile" tab, you can define :

  • the profile path : it can be a local or network path
  • the Remote Desktop Services Home Folder : which corresponds to the path where the user's personal folder for Remote Desktop Services will be stored

If you want this user to be able to connect only locally and not to one of your RDS servers which acts as "Session host", all you have to do is check the "Deny this user permissions to log on to Remote Desktop Session Host server" box.

3.13. User properties through the AD Administrative Center

If you edit a user through the Active Directory Administrative Center, you will find the same categories (in the form of blocks instead of tabs) and the same options.
Note that the categories which are not present in the form of blocks are available as tabs in the "Extensions" section.

The only new options available in this Active Directory Administrative Center are "Authentication Policies" and "Authentication Policy Silos".

To see also

Comments

No comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.