Adding Students to AD

PREPARE THE CONTAINERS:

  1. AD Users and Computers -> Crossroads.local -> Crossroads -> Students

  2. Right-click and New Organizational Unit, name it GY2025

  3. AD Users and Computers -> Crossroads.local -> Crossroads -> Students -> Student Groups

  4. Right-click and New Group, name it GY2025, leave scope as Global and type as Security

CREATE THE SHARE:

  1. Go to D:\ drive -> Students, right-click, New Folder, name it GY2025

  2. Server Manager -> File and Storage Services -> Shares -> Tasks -> New Share

  3. For Profile, pPick "SMB Share Quick" and click Next

  4. For share location, select "Type a custom path" and click Browse and point it to the GY2025 folder you made AND CORRECT THE CASE!

  5. For Share Name leave as-is

  6. For settings, check box for "Enable access-based enumeration" and "Allow caching of share"

  7. For Permissions, click Customize Permissions

  8. Click Disable Inheritance

  9. Select "Convert inherited permissions into explicit permissions on this object."

  10. Click Add

  11. Click "Select a Principal"

  12. Type GY2025, make sure Type is Allow and "applies to" is "This folder, subfolders and files" "Read and execute" + "list folder contents" + "read" are checked

  13. Back in the Permission entries screen, click the line for "students" and remove it. Same for "Creator owner". Edit fileadmins and add "modify" + "read" + "write." Check against this screenshot:

FIXME WHY DOES THIS RESULT in Everyone with full control in the "Share" subtab? WTF??????????????????????

CREATE A TEMPLATE USER:

  1. Go into AD Users and Computers -> Crossroads.local -> Crossroads -> Students -> GY2024 (the PREVIOUS year)

  2. Right-click "_GY2024 Template User" and select "Copy"

  3. Change his first name to "_GY2025" and last name to "Template User" and User Logon name to "_GY2025 Template User" and let it truncate the pre-Win2k logon name, doesn't matter. Click Next

  4. Set his password to "changeme" (or whatever, I don't care) an make sure "user cannot change password" and "password never expires" are both checked.

  5. Right-click that new user and MOVE him to Crossroads -> Students -> GY2025

  6. Go to AD Users and Computers -> Crossroads.local -> Crossroads -> Students -> GY2025, right click on the template user you just moved, and go to the "Member Of" tab and remove GY2024 and add GY2025, then go to "Profile" tab and correct the home folder path

CREATE A NEW USER FROM THE TEMPLATE USER:

  1. AD Users and Computers -> Crossroads.local -> Crossroads -> Students -> GY2025

  2. Right-click and "Copy"

  3. Enter kid's name, logon name (first initial, last name), click Next

  4. Enter their student ID number as their password, click Next/Finish