Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

The Voice of the DBA

Steve Jones is the editor of SQLServerCentral.com and visits a wide variety of data related topics in his daily editorial. Steve has spent years working as a DBA and general purpose Windows administrator, primarily working with SQL Server since it was ported from Sybase in 1990. You can follow Steve on Twitter at twitter.com/way0utwest

Virtual Lab – New Domain User

This is part of my series on building a virtual lab for use with SQL Server and Windows. You can see the entire series here: Building a Virtual Lab with Hyper-V.

After the domain was up, I needed to add users. Specifically, I didn’t want to use administrator for all actions, since that bothers me. It just seems like a poor practice. I also needed service accounts. The accounts I needed:

  • sjones
  • Broncos SQL – for this SQL Server
  • Nuggets SQL – for this SQL Server
  • Rockies SQL – for this SQL Server
  • Joe – my test SQL account, without sa rights.

I’ll probably need more, but these are good for now.

Domain Users

I used the script in this post, in a variation, at the command line. I didn’t need all the fields, so this is what I used.

New-AdUser -SamAccountName "BroncosSQL" -Name "Broncos SQL" -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true -AccountPassword (ConvertTo-SecureString "MyPassword" -AsPlainText -Force)

Note: That wasn’t the password I used. I used a complex, 12 character, upper/lower case, numbers, etc. password.

I repeated this for all the users.

Domain Groups

For the most part, I don’t need, or want, to assign extra rights for these accounts. The SQL Server setup will assign local rights, and I’ll modify if needed. However I do need to grant domain admin rights to my main account to log on and run the domain at times.

I went back to basics, with TechNet documentation. I need the Add-ADGroupMember cmdlet to add someone. However, I also need the groups. I searched, and Spiceworks shows up again. I ran this:

Get-ADGroup -filter * -properties GroupCategory | ft name,groupcategory

and got this list:

groups1

I want to add sjones to the Domain Admins group. Using the Add-ADGroupMember, I ran this:

Add-ADGroupMember "Domain Admins" sjones

And it worked. I could easily log on and administer other machines with this account.


Filed under: Blog Tagged: hyper-v, powershell, syndicated, virtualization, windows

Comments

Leave a comment on the original post [voiceofthedba.wordpress.com, opens in a new window]

Loading comments...