This is part of my series on building a virtual lab for use with SQL Server and Windows. You can see the entire series here: Building a Virtual Lab with Hyper-V.

After the domain was up, I needed to add users. Specifically, I didn’t want to use administrator for all actions, since that bothers me. It just seems like a poor practice. I also needed service accounts. The accounts I needed:

• sjones
• Broncos SQL – for this SQL Server
• Nuggets SQL – for this SQL Server
• Rockies SQL – for this SQL Server
• Joe – my test SQL account, without sa rights.

I’ll probably need more, but these are good for now.

Domain Users

I used the script in this post, in a variation, at the command line. I didn’t need all the fields, so this is what I used.

New-AdUser -SamAccountName "BroncosSQL" -Name "Broncos SQL" -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true -AccountPassword (ConvertTo-SecureString "MyPassword" -AsPlainText -Force)

Note: That wasn’t the password I used. I used a complex, 12 character, upper/lower case, numbers, etc. password.

I repeated this for all the users.

Domain Groups

For the most part, I don’t need, or want, to assign extra rights for these accounts. The SQL Server setup will assign local rights, and I’ll modify if needed. However I do need to grant domain admin rights to my main account to log on and run the domain at times.

I went back to basics, with TechNet documentation. I need the Add-ADGroupMember cmdlet to add someone. However, I also need the groups. I searched, and Spiceworks shows up again. I ran this:

Get-ADGroup -filter * -properties GroupCategory | ft name,groupcategory

and got this list:

I want to add sjones to the Domain Admins group. Using the Add-ADGroupMember, I ran this:

Add-ADGroupMember "Domain Admins" sjones

And it worked. I could easily log on and administer other machines with this account.