Best Practice Ezine #21 Template Users

Best Practice Ezine.  Computer Performance. Advertise

Guy’s Best Practice & Litmus Tests Ezine #21 -Create Template Users

While this week’s tips are designed for Windows Server 2003, most will also apply to Windows 2000. To put my suggestions into practice, you really need Active Directory Users and Computers (ADUC).

Contents for Ezine #21

Introduction to Template User

My theme is to invest time up front, which later pays back with interest when you are under pressure. The first strategy is to create a series of template users each with their property sheets filled in. For example, Office = Manchester, or Manager = Jo Smith. The idea is when you need to create a new user, just copy a template user in the same department, the result will be a new user with most of the property fields already filled in. What I want is to save you time, and to avoid you repeating boring information individually for each new user.

My tactics involve choosing the best fields in the property sheets so that you or other administrators can find a group of similar users. For example, to retrieve a list of all users with a Manager by the name of Jo Smith, or to find all users in the Manchester Office.

Guy Recommends: The Free IP Address Tracker (IPAT) IP Tracker

Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets.  IPAT cracks this problem of allocating IP addresses in networks in two ways:

For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges. 

For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker

Action Points

Check through a user’s property sheet; identify which fields you could pre-populate within the template user. Create a template user for each department, e.g. _Sales, _Tech Support.

Suggested Fields.

General Tab – Office.

Address – City, State, Country Region.

Organization – Department, Company, Manager.

Member of – Which groups should this user be join? Probably the Tab to give the most thought.

Note: In the Profile tab I would assign their Home directory and logon script via a Group Policy, Logon Script. However if you need a roaming profile, then set it here using the UNC path to the server plus the famous %username% variable.

Other fields – Each domain is different, so check the rest of the user’s tabs with your organization in mind.

As I mentioned earlier, create one template for each department and begin each template with an underscore so that it come to the top of the list.

To test your template

Once you have created a few templates and several test users, now comes the exciting part, testing your fields.

Note: Do not use the Search on the start menu, instead navigate to Active Directory Users and Computers, right-click your domain, Find, Users, Contacts Groups, Advanced (Tab), Field.

Apply this Property tip to Groups.

As with all tips and new skills, the greatest satisfaction comes from applying what you have learnt to a fresh situation. In Windows Server 2003, Global, Domain Local and Universal Groups also have a ‘Managed By’ tab. The idea is that if you assign a manager to each group, then that person can add or remove individual members to their team (group).  For the manager, there is control and exercise of their authority, for you, there is less tedious work.  I love these win-win situations.

See more on Groups here


See more interesting permissions and Active Directory articles

E 63 Catalog  • E 60 ADModify  • E 59 ADSIEdit  • E 58 FSMO  •Free CSV Import Utility

E 52 Wins  • E 46 Logs   •E 45 LDAP Tips  •E 26 MMC  • E 21 Users Template  • E 17 CACLS  • Ezines

E 12 SQL  • E 8 Security Permissions  •Review of Solarwinds Permissions Monitor for AD