User Accounts in Active Directory

Every User that needs to log into the domain will require a user account. Note that the account can be created within any container (built-in, or OU that you create), since these are all still technically ‘domain’ accounts. The user will still only need to supply the domain they wish to log into, not the container in which their account actually exists. Unlike NT 4 where the properties relating to a user account were very limited, in Active Directory user account properties are actually quite extensive. Most of these are not configured during the account creation process, but actually afterwards by accessing the properties of an account. Like NT 4, you can change the properties of multiple accounts simulataneously by selecting many accounts and then accessing their properties collectively. The property tabs found on a domain user account differ based on the services installed. For example, if Exchange 2000 is installed, a user’s mail configuration is done from the property sheets. Note that to view some tabs, you must choose Advanced Features from the View menu. The default tabs and their purposes are listed below:

  • General – contains basic information about the user including first name, last name, email address, etc.
  • Address – home address of the user
  • Account – user account details, including logon name, logon hours, account options, and account expiry.
  • Profile – user profile and logon script information, as well as home directory details.
  • Telephones – various phone numbers for the user.
  • Organization – information on title, department, and manager.
  • Environment – Terminal services startup information.
  • Sessions – settings relating to Terminal service sessions, such as idle session disconnect.
  • Remote Control – settings relating to Terminal service remote control options.
  • Terminal Services Profile – information relating to Terminal service profile, home directory, and allowing/disallowing logon to terminal server.
  • Published Certificates – listing of user’s X.509 certificates and purposes.
  • Member Of – listing of groups the user is a member of.
  • Dial-in – Dial-in settings for this user, including items such as callback settings.
  • Object – shows fully qualified name of the user object, when it was created.
  • Security – show access control list associated with this object.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.