Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Windows Server 2003 R2
ADAM is used most often to store information about users and the organizations and other groups they belong to. In these exercises, you create an organizational unit (OU) called “ADAM users” in the o=Microsoft,c=US application directory partition and add a group in ADAM called “ADAM testers,” and you create an ADAM user named Mary Baker with one of the user object classes that you imported earlier. Using ADAM ADSI Edit, you:
Step 1: Create an OU.
Step 2: Create a group in the new OU.
Step 3: Create an ADAM user.
Step 4: Add an ADAM user to the ADAM users group.
In addition you learn how to enable and disable ADAM user accounts.
In this exercise, you create an OU.
If it is not open already, open ADAM ADSI Edit, and then connect to the o=Microsoft,c=US application directory partition, as described in the procedure “To bind to, view, and browse an ADAM instance using ADAM ADSI Edit” in Using the ADAM Administration Tools.
In the console tree, right-click O=Microsoft,c=US, point to New, and then click Object. The Create Object dialog box looks like the following:
.gif "ADAM create OU")
In the Select a class list, click organizationalUnit, and then click Next.
In Value, type ADAM users, and then click Next.
On the next page, you can click More attributes to edit additional attributes on the object that you are creating. For this exercise, simply click Finish.
In the console tree, double-click O=Microsoft,c=US. The ADAM ADSI Edit snap-in looks like the following:
.gif "ADAM, viewing OU")
In this exercise, you create a group in the OU.
In the console tree, right-click OU=ADAM Users, point to New, and then click Object.
In Select a class, click group, and then click Next.
In Value, type ADAM testers, and then click Next.
In Value, type 2147483650 (equivalent to 0x80000002 hexadecimal, which signifies an account group), click Next, and then click Finish.
Note
For more information about the groupType attribute, see "Group-Type" on the Microsoft Web site (https://go.microsoft.com/fwlink?linkid=51093).
The ADAM ADSI Edit snap-in looks like the following:
.gif "ADAM, creating a group")
In this exercise, you create an ADAM user in the ADAM Users OU, and then you add the user to the ADAM Testers group.
Note
The new user account is disabled by default because it has no associated password.
If it is not already open, open ADAM ADSI Edit.
Connect and bind to your ADAM instance, as described in the procedure “To bind to, view, and browse an ADAM instance using ADAM ADSI Edit” in Using the ADAM Administration Tools. Then, in the console tree, double-click the ADAM instance.
Double-click the O=Microsoft,c=US application directory partition.
Right-click the OU=ADAM Users container that you created previously, point to New, and then click Object.
In Select a class, click user, and then click Next.
Note
If you did not close ADAM ADSI Edit before importing the Adamuser.ldf user class object definitions, you may receive the following warning message during this step: “An invalid directory pathname was passed.”
In Value, type Mary Baker as the common name (cn) for the new user, as shown below, and then click Next.
.gif "ADAM, creating a user")
Click Finish. The ADAM ADSI Edit snap-in looks like the following:
.gif "ADAM ADSI Edit, viewing a user")
You can add both ADAM users and Windows users to ADAM groups, as described in this exercise. First, you add Mary Baker, the user that you just created, to the ADAM testers group.
In the details pane of ADAM ADSI Edit, right-click CN=ADAM testers, and then click Properties. The CN=ADAM testers Properties dialog box looks like the following:
.gif "ADAM, editing group membership")
In Attributes, click Member, and then click Edit.
Click Add ADAM Account, type the following as the distinguished name, and then click OK:
CN=Mary Baker,OU=ADAM users,O=Microsoft,C=US
The Multi-valued Distinguished Name with Security Principal Editor dialog box looks like the following:
.gif "ADAM ADSI Edit security principal editor")
You can also add Windows users to an ADAM group. In the Multi-valued Distinguished Name With Security Principal Editor dialog box, click Add Windows Account. The Select Users, Computers, or Groups dialog box looks like the following:
.gif "ADAM ADSI Edit Select Users or Groups")
In the Select Users, Computers, or Groups dialog box, add a Windows user from your computer or domain to the ADAM testers group. In Enter the object names to select (examples), type an account name using the computer\account or domain\account format.
Click OK. The new user name appears in the Multi-valued Distinguished Name With Security Principal Editor dialog box as a member of the group.
Click OK twice to return to ADAM ADSI Edit.
You can disable and enable ADAM user accounts by using the ADAM ADSI Edit snap-in. In this exercise, you disable the Mary Baker account and then enable it again.
In ADAM ADSI Edit, connect and bind to an ADAM instance as described in the procedure “To bind to, view, and browse an ADAM instance using ADAM ADSI Edit” in Using the ADAM Administration Tools.
In the console tree, double-click the O=Microsoft,c=US application directory partition.
In the console tree, click the OU=ADAM Users container.
In the details pane, right-click CN=Mary Baker, and then click Properties.
In Attributes, click msDS-UserAccountDisabled, and then click Edit.
Click True, and then click OK. The Mary Baker account is now disabled.
To enable the Mary Baker account, edit msDS-UserAccountDisabled again, and this time set the attribute to False.