Better way to enroll users in Active Directory

Active Directory
Active Directory Administration
Active Directory Users and Computers
Windows Server 2008
Windows Server 2008 R2
I have just reviewed the steps given to me by my Network Admin for enrolling a new user in A/D and I can't believe it's this complicated and requires this many steps. The summary steps are : 1. On the A/D server open the A/D users and computers 2. Add the user entering his name, username, password, and group memberships. 3. Create User shared folder on File server with MD \FileServerusers%username% 4. Select new folder properties, sharing tab. 5. Select Permissions, Everyone, Full Control. 6. Select Security Tab, then advanced button. uncheck Allow interitable permissions and copy option. 7. On Security tab, remove domain user and everyone. add the %username% with full control. 8. Select Advanced button, Owner tab and give ownership to Administrator Profile. 9. Log onto a Terminal Server, which creates Profile folder, My Documents, and other application folders. 10. Return to File Server, Select User Shared Folder Properties, Security tab, Advanced button, Ownership Tab, then take give ownership to Administrator as the ownership of the share and sub folders transferred to the user. We are running Win Server 2008 R2 A/D and Win Server 2003 file server. We are a small company with 250 users. I can't believe it's this difficult to create a profile or that larger companies have to spend this much time creating profiles. Any ideas or suggetions are appreciated.

Software/Hardware used:
Windows Server 2008 R2, Windows Server 2003

Answer Wiki

Thanks. We'll let you know when a new response is added.

They don’t. Create a single user as a template. Setup all the roaming profile setting within that user. When you need to create a new user right click on the template and select copy or copy from (or something like that). When AD creates the new user it will automatically create the roaming profile folder with the correct security permissions.

You don’t need to log into the terminal server using the users account to create the local profile. When the user logs in for the first time the local profile will be created automatically.

Usually larger companies will integrate the creating of domain accounts with their HR system so that when a new employee is created in the HR system the domain account and all the folders needed are automatically created.

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: