1.1 Create user objects from the Active Directory Users and Computers console

In the previous article, we have already discussedADthe installation andADBasics. In this article, let's start using ADobjects (such as user objects, computer objects, group objects, network shares, etc.) to fill ADenvironment, and how computers join the domain.

1. Add user objects

You can useGUI,cmd,PowerShellCreate a new user, or you can also create batch users using scripts.

1.1 Create user objects from the Active Directory Users and Computers console

Open the console from the Server Manager panel - Tools - Active Directory Users and Computers (or enter in Run)dsa.mscOpen it ()

Click on the corresponding domain, inUsersRight-click on the container and selectNew-User

Fill in the user's surname, given name, and login name

Then click Next, and set the user's password

Click Next, and then click Finish after confirming that everything is correct.

1.2 Create user objects using CMD or Powershell

Using the command prompt, we can use net userUtility to create users.

C:\Users\Administrator>net user aduser2 Pass@123 /add /domain

UsePowerhellWe can useNew-ADUser cmdletCreate a user.

PS C:\> New-ADUser -Name "aduser3" -GivenName AD -Surname User -SamAccountName aduser3 -UserPrincipalName aduser3@pentest.com -AccountPassword (ConvertTo-SecureString Password@123 -AsPlainText -Force) -PassThru

Now that the user account has been created, useEnable-ADAccount cmdletEnable it.

PS C:\> Enable-ADAccount aduser3

UsePowershellBatch create user objects.

Create an array of users with random names. Obtain the list of random names here and create a small array of random names.

The UserNames array contains the following names: Michael, Christopher, Jessica, Matthew, Ashley, Jennifer, Joshua, Amanda, Daniel, David, James, Robert, John, Joseph, Andrew, Ryan, Brandon, Jason, Justin, Sarah, William, Jonathan, Stephanie, Brian, Nicole, Nicholas, Anthony, Heather, Eric, Elizabeth, Adam, Megan, Melissa, Kevin, Steven, Thomas, Timothy, Christina, Kyle, Rachel, Laura, Lauren, Amber, Brittany, Danielle, Richard, Kimberly, Jeffrey, Amy, Crystal, Michelle, Tiffany, Jeremy, Benjamin, Mark, Emily, Aaron, Charles, Rebecca, Jacob, Stephen, Patrick, Sean, Erin, Zachary, Jamie, Kelly, Samantha, Nathan, Sara, Dustin, Paul, Angela, Tyler, Scott, Katherine, Andrea, Gregory, Erica, Mary, Travis, Lisa, Kenneth, Bryan, Lindsey, Kristen, Jose, Alexander, Jesse, Katie, Lindsay, Shannon, Vanessa, Courtney, Christine, Alicia, 'Cody', 'Allison', 'Bradley', 'Samuel', 'Shawn', 'April', 'Derek', 'Kathryn', 'Kristin', 'Chad', 'Jenna', 'Tara', 'Maria', 'Krystal', 'Jared', 'Anna', 'Edward', 'Julie', 'Peter', 'Holly', 'Marcus', 'Kristina', 'Natalie', 'Jordan', 'Victoria', 'Jacqueline', 'Corey', 'Keith', 'Monica', 'Juan', 'Donald', 'Cassandra', 'Meghan', 'Joel', 'Shane', 'Phillip', 'Patricia', 'Brett', 'Ronald', 'Catherine', 'George', 'Antonio', 'Cynthia', 'Stacy', 'Kathleen', 'Raymond', 'Carlos', 'Brandi', 'Douglas', 'Nathaniel', 'Ian', 'Craig', 'Brandy', 'Alex', 'Valerie', 'Veronica', 'Cory', 'Whitney', 'Gary', 'Derrick', 'Philip', 'Luis', 'Diana', 'Chelsea', 'Leslie', 'Caitlin', 'Leah', 'Natasha', 'Erika', 'Casey', 'Latoya', 'Erik', 'Dana', 'Victor', 'Brent', 'Dominique', 'Frank', 'Brittney', 'Evan', 'Gabriel', 'Julia', 'Candice', 'Karen', 'Melanie', 'Adrian', 'Stacey', 'Margaret', 'Sheena', 'Wesley', 'Vincent', 'Alexandra', 'Katrina', 'Bethany', 'Nichole', 'Larry', 'Jeffery', 'Curtis', 'Carrie', 'Todd');

Then create a small function that accepts the limit of the user accounts to be created and loops through these usernames using}}New-ADUser cmdletCreate random users by passing additional parameters from global variables (such as domain, password, etc.) to it.

for ($i=1; $i -le $UsersLimit; $i=$i+1 ) {
        $firstname = (Get-Random -InputObject $UserNames);
        $lastname = (Get-Random -InputObject $UserNames);
        $fullname = "{0} {1}" -f ($firstname , $lastname);
        $SamAccountName = ( "{0}.{1}" -f ($firstname, $lastname)).ToLower();
        $principalname = "{0}.{1}" -f ($firstname, $lastname);
        if($SamAccountName.Length -le 20){
            try { 
                Write-Host "Creating user object: $SamAccountName" -ForegroundColor 'Gray'; 
                New-ADUser -Name "$firstname $lastname" -GivenName $firstname -Surname $lastname -SamAccountName $SamAccountName -UserPrincipalName $principalname@$Global:Domain -AccountPassword (ConvertTo-SecureString $Global:default_password -AsPlainText -Force) -PassThru | Enable-ADAccount
            } 
                Write-Host "Error creating user object: $SamAccountName" -ForegroundColor 'Red'
            }
        }
    }

由于Active Directory中用户名的最大长度限制为20因此，我们需要检查用户名的长度if($SamAccountName.Length -le 20)然后尝试创建用户，以避免创建用户时出错。

然后就可以批量创建用户了，你也可以通过向New-ADUser cmdlet传递额外的参数来设置标题、部门等属性，使用户账户看起来更真实。

PS C:\Scripts> Invoke-LoadADObjects -DomainName rootdse.org -LimitUsers 15

[+] 在rootdse.org中创建批量域用户
创建用户对象：katie.courtney
创建用户对象：danielle.latoya
创建用户对象：craig.laura
创建用户对象：aaron.anna
创建用户对象：rebecca.julia
创建用户对象：catherine.candice
创建用户对象：jesse.todd
创建用户对象：william.jessica
创建用户对象：nicholas.april
创建用户对象：christopher.meghan
创建用户对象：whitney.ronald
创建用户对象：derek.jennifer
Creating user object: charles.carlos
Creating user object: catherine.joel
Creating user object: sarah.cassandra
[+] Bulk user object creation completed.

2. Add computer objects

To ADWe can use New-ADComputer cmdlet:

New-ADComputer -Name testPC01 -SamAccountName testPC01 -DNSHostName testPC01.pentest.com

To create multiple computer accounts in bulk, similar to creating user objects in bulk, first create a number

$CompNames = @('APPSRV01', 'APPSRV02', 'APPSRV03', 'APPSRV04', 'APPSRV05', 'SQLSRV01', 'SQLSRV02', 'SQLSRV03', 'SQLSRV04', 'SQLSRV05', 'VNCSRV01', 'VNCSRV02', 'VNCSRV03', 'VNCSRV04', 'VNCSRV05', 'WEBSRV01', 'WEBSRV02', 'WEBSRV03', 'WEBSRV04', 'WEBSRV05', 'BCKUPSRV01', 'BCKUPSRV02', 'BCKUPSRV03', 'BCKUPSRV04', 'BCKUPSRV05');

then runNew-ADComputer cmdlet:

foreach($computer in $CompNames){
    $SamAccountName = "$computer"
    try { 
        Write-Host "Creating computer object: $($computer + "." + $Global:domainname)" -ForegroundColor 'Gray'; 
        New-ADComputer -Name $computer -SamAccountName $computer -Instance $Global:templateComp -DNSHostName $($computer + "." + $Global:domainname);
    } 
        Write-Host "Error creating computer object" -ForegroundColor 'Red'
        }
}

3. Add group object

We can use New-ADGroup cmdletCreate group object

New-ADGroup -name "DB Administrators" -GroupScope Global

To create groups in bulk, we can follow the same process.

The related scripts can be downloaded here:https://github.com/ScarredMonk/PopulateActiveDirectory

Use scripts to fill in data:

4. Description

This article is compiled from the original text by the author, please indicate the original source when转载.

Original Source:Active Directory Lab Setup (Part 2)- Add data to AD domain