How To Create A User On The ARID Domain

            This document will walk you thru the process of setting up a user account for the ARID domain.  Be sure to read each step carefully before proceeding to ensure all permissions and settings are correct.

1. Load up “Active Directory Users and Computers”.  This icon will be on the desktop and start menu on the domain controller.  

2.  Click the “Add User” button that is located along the top of the toolbar.

3.  You will get the initial user information window.

    4.  Fill in the information.  For the “User logon name” use either their UofA email name (“whatever”@u.arizona.edu), or if they do not have one, use their last name, or combination of initials, whichever is convenient.  Note that their user name (“whatever”@arid.arizona.edu) is NOT a new email address!  This name is just used by the domain controller to keep track of the users.

    5.  Your window should look something like this.

    6.  Next you will come to the password screen.  It is best to give the user a generic password, (we have been using “magic123”) and then check the box to force them to change the password upon logon.  This ensures that not even the administrators have the password to the users account.  The other options stay blank, except in specific circumstances.

    7.  After clicking “Next” on the password window, you will be shown a window that has the users information listed.  Make sure it is correct, and then press “Finish”.  You will be returned to the “Active Directory Users and Computers” list.

    8.  Minimize this window and open up My Computer, then open up the C: drive.  There will be a folder called “User Profiles”.  Go in there, and make a new folder, and name it the same as the user’s name.  You can then close that window.

    9.  Go back to the “AD U&C” window.  Sort the list and find your user.  You will right click on their name, and choose “Properties” from the menu.

    10.  You will get the “User Properties” window up.  There are many ways to manipulate a user account, as seen by the many tabs in this window.  We are only going to concern ourselves with the necessary items we need to create our user.  The “General” tab just contains real-world addressing information for the user, it is not necessary to input this data; it is for organizational purposes only.

    11.  Go to the “Profile” tab.  For the “Profile Path” enter “\tanami\profiles$\%username%”.  Use the exact wording, or the profiles will not work correctly.  For the “Login Script” just enter “login.bat”, and for “Home Folder”, set the drive letter to “U:” and set the path to “\tanami\users\%username%”.  You may see the %username% portion turn to the users actual username.  Don’t worry, this is normal.

    12.  You had to create a folder for the user’s profile, but the users home directory will be created automatically.  Use the article http://support.microsoft.com/default.aspx?scid=kb;en-us;243420 and follow the steps included.  The user to use as the template is called “Profile Template”.

    13.  We will look at the “Account” tab because it has some important information.  For a normal user we don’t need to change anything here, but it is good to know what options are available here.

    14.  The “Member Of” tab is important, because it is used to control which groups the user belongs to.  Normally most users are just “Domain Users”, but they may be added to special maintenance groups such as “Account Operators” or different project groups.

    15.  Click “OK” at the bottom, because that is all we need to do in there.  Close “AD U&C” because we are done in their also.  Now just a few things to make sure the permission on their profile folder is set correctly.  Open up “My Computer”, go to the “C: Drive”, and open up “User Profiles”.  Right-click on the folder that corresponds with the users name, and choose “Properties”.  Go to the “Security” tab and remove the check mark from the bottom of the window.  A window will pop up asking what do you want to do with the inherited permissions, click the “Remove” button.  Then click the “Add” button, and find the username in the list.  Add only the user, and then once they are added, make sure they have “Full Control”.

    16.  Click “OK” and close down the windows.  Open “My Computer”, open the “D: Drive” and open the “Users” folder.  Find the folder that matches the username and right-click it, then choose “Properties”.  Go to the “Security” tab in this window.  If this user folder is to be seen by the rest of the Domain Users, you must give the “Domain Users” group the “Read & Execute” permission.

    17.  Click “OK” and close down any other open windows.  You have created a new user!

    18.  Just in case, if the user ever forgets their password, you can reset it by right-click the user in “AD U&C” and choosing “Reset Password”.  Again, give them a generic password, and check the box so that they will be prompted to change it to something new when they log on again.