Hi. I'm Rob Tovar, a solutions architect with Dell software. And in this short demo, I'll show you how to create user and group accounts using active ActiveRoles Server, the simple, efficient tool for protecting critical Active Directory data, eliminating unregulated access to Active Directory resources, and automating Active Directory account creation. What you're seeing here is the Quest One ActiveRoles Server console. The console is a comprehensive administrative tool used for managing Active Directory and Microsoft Exchange.
I will start by provisioning an account which will also create a mailbox in my Exchange 2010 environment. The new account's first name is Test and last name will be User. Notice the user log on name is populated automatically with pre-defined format first name.last name.
Here we can plug in a password or automatically generate one. Notice that some of the options have been automatically selected for us without giving us the option to modify the selections. This insures accounts are created according to policy. Here we can assign values to the properties made available to us based on our policy. A drop down list can be made available for the attributes included. In this case, I will select the human resources department and leave the office location alone.
According to the policy, all user accounts created in the Chicago OU will have a mailbox created. A default mailbox store has been defined, but we are given the option to select a different mailbox store if needed. There are other options available when it comes to selecting a mailbox store. We are now done provisioning our account.
Let's take a look at the properties of our new account. Here we can see the description attribute has been automatically populated. We can automatically populate any attribute, which can drastically speed up the provisioning process and ensure consistency. In the Account tab, we can see some of the options to find during our provisioning process. In the Profile tab, we can see that our Home folder has been configured and created. In the Organization tab, we can see the department we selected.
Now let's take a look at the Member Of tab. This account was automatically added to certain groups based on attributes to find. In this case, all Chicago users get added to the Selected Security and/or Distribution lists. It also added this account to the Selected Human Resources groups. In the Exchange General tab, we can see our email alias and mailbox store that was defined for us.
Now let's reprovision the account by modifying the office location and department attribute and then move the account to the New York OU. We will change the office location to New York and modify our department so it says Accounting. We will now move the account to the New York OU.
Now let's take a look at our account. Here's our Test.User. And we'll go straight to the Member Of tab. Notice that our groups have changed. We are now a member of the New York groups and a member of some of the Accounting groups. This was all modified by making those simple changes to the attributes that were defined.
Now let's say that after spending years at our company, our Test.User is leaving the company, and we want to make sure the account is deprovisioned properly. With a simple right-click, we can run a process that will walk through the deprovisioning process. Are you sure you want to deprovision the selected object? Yes.
Now let's say that after spending years at our company, it's time to deprovision our Test.User. We want to make sure the account is deprovisioned properly. With a simple right-click, we can run a process that will walk through the deprovisioning process.
Once our process is completed, we can check our settings. As you can see here from the deprovisioning results, we can see that our account was disabled, the password was reset, some of the properties were modified, the user name was modified as well, adding the deprovision date. We can also see that the group membership was removed from the Security groups as well as the Distribution groups. We can also see that our mailbox was hidden from the GAL.
For our Home folder, we can see that the user rights were removed and that the BUILTIN Administrators was assigned as the new owner. And we can also see that the folder will be deleted in a certain amount of time. We can also see that our account was moved from the original OU to its new location, the deprovisioned users OU, and it is now scheduled for deletion, in this case, a year from now.
Now let's say that this account belonged to a contractor or a summer intern that will be back next year, or maybe we made a mistake and deprovisioned the wrong account. We can actually bring the account back to its original state. Undo deprovisioning. Are you sure you want to do this? Yes.
And we have some options here. We can leave the password unchanged if the original owner of that account remembers the password. This would make sense. If not, we could reset the password and set some of the other options here. In this case, I'm going to leave the password unchanged, hit OK, and basically, it's going to walk us back through the deprovisioning process, undoing everything it did at first.
To learn more about ActiveRoles Server and download a free trial version of the product, visit Quest.com/ActiveRoles-Server. Thanks for watching.