- Exchange's Core Components
- Design Goals
- Architecture Similarities
- Terminology Changes
- Architecture Changes
- Directory Services
- Directory Access
- How DSProxy Is Used
- How DS Referral Is Used
- Transport Services
- IIS Integration
- Distributed Configurations
- Addressing with Exchange 2000
- Address Generation
- Directory Connectivity
- Active Directory Connector (ADC)
- Site Replication Service
- Address Lists
- Accessing Filter Rules for Address Lists
- Configuring Filter Rules for Address Lists
- Active Directory Users and Computers
- Creating Users
- Creating Groups
- Creating Contacts
- Managing Users
- Managing Groups
- Managing Contacts
- Tools
- ADSIEDIT
- NTDSUTIL
- Troubleshooting
- DS Referral
- Configuration of Diagnostic Logging
- Displaying Routing and Administrative Groups
Creating Users
In Active Directory, a user object is a security principal. This means that a user can log on to the domain and have access to resources. A user can have an email address and an Exchange mailbox, making the object mail-enabled and mailbox-enabled, respectively. For further definition of mail-enabled and mailbox-enabled objects, refer to the section in this chapter titled "Address Generation."
NOTE
A security principal is a user that can log on to a domain and access the network resources. A user object is a security principal in Active Directory. A non–security principal is an AD object without the capability to access resources within the Windows 2000 environment.
Users are not created using a standalone program, such as admin.exe from Exchange 5.x, nor are users created using the Exchange Service Manager (ESM) MMC snap-in. Users are created using the AD Users and Computers MMC snap-in. (See Figure 3.12.) This is because user information now resides in AD. If an object is mailbox-enabled, the mailbox information resides in the Exchange database on the Exchange 2000 server.
){kind=link}
Figure 3.12 After the Active Directory schema has been extended, the objects have Exchange context that can be accessed from the AD Users and Computers MMC snap-in.
admin.exe—The standalone GUI used for the administration of Exchange 4.0 and 5.x. MMC snap-ins have replaced the aging admin.exe.
CDO can be used to programmatically manipulate AD and Exchange objects. This means that user objects could be created by a custom application or Web interface. More detail about CDO and CDOEXM (CDO for Exchange Management) is in the section of this book that covers CDO in depth.
To create a new user from the AD Users and Computers interface, either select Action, New, User from the menu, or click Create a New User in the current container ("New User") icon, shown in Figure 3.13.
){kind=link}
Figure 3.13 The quickest way to create a new user is to use the "New User" icon.
Either method initiated from the AD Users and Computers MMC snap-in results in the start of the user-creation process. Four dialog boxes are presented for this process.
After initiating the new-user creation process, a series of four dialog boxes guides the administrator through the entire process.
The first dialog box of the new-user creation process contains fields for username and logon information. (See Figure 3.14.) The logon names entered here are used for access to domain resources. The first user logon name can be the same as the Internet email address, and is the User Principal Name (UPN). The second user logon name uses the same domain and username context, similar to Windows NT 4.0.
){kind=link}
Figure 3.14 An interesting fact to note is that a user can log on to a Windows 2000 system using either one of the two user logon names. The UPN can be used to simplify user logon.
UPN—User Principal Name.
A multivalued attribute of each user object that the system administrator can set.
The second dialog box of the new-user creation process has fields for the user's passwords, in addition to password-specific check boxes. A check box to disable the account is also present. (See Figure 3.15.) These check boxes have the same functionality as their ancestors in the user manager interface from Windows NT 4.0.
){kind=link}
Figure 3.15 The option to disable the account can be helpful, especially if you are creating accounts for users who might not have been through training, or who haven't started employment with the company yet.
The third dialog box of the new-user creation process contains fields for Exchange 2000-specific information. (See Figure 3.16.) The mailbox alias will be used in the user's messaging profile to provide identity. The server is the location where this user's mailbox will reside. The mailbox store is the actual store on the Exchange server in which the mailbox will be created. A check box is present that allows the administrator to skip the mailbox creation process.
){kind=link}
Figure 3.16 If the administrator decides to clear the Create an Exchange Mailbox check box, the user object will be mail-disabled. The administrator can change this user to be a mail-enabled or mailbox-enabled object at any time.
The fourth dialog box of the user creation process verifies the information that was gathered by the first three dialog boxes. (See Figure 3.17.) If this information is correct, click the Finish button.
){kind=link}
Figure 3.17 If the information presented is not what is expected, clicking Cancel will abort the user creation process.