This is part of my series on building a virtual lab for use with SQL Server and Windows. You can see the entire series here: Building a Virtual Lab with Hyper-V.
After the domain was up, I needed to add users. Specifically, I didn’t want to use administrator for all actions, since that bothers me. It just seems like a poor practice. I also needed service accounts. The accounts I needed:
- sjones
- Broncos SQL – for this SQL Server
- Nuggets SQL – for this SQL Server
- Rockies SQL – for this SQL Server
- Joe – my test SQL account, without sa rights.
I’ll probably need more, but these are good for now.
Domain Users
I used the script in this post, in a variation, at the command line. I didn’t need all the fields, so this is what I used.
New-AdUser -SamAccountName "BroncosSQL" -Name "Broncos SQL" -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true -AccountPassword (ConvertTo-SecureString "MyPassword" -AsPlainText -Force)
Note: That wasn’t the password I used. I used a complex, 12 character, upper/lower case, numbers, etc. password.
I repeated this for all the users.
Domain Groups
For the most part, I don’t need, or want, to assign extra rights for these accounts. The SQL Server setup will assign local rights, and I’ll modify if needed. However I do need to grant domain admin rights to my main account to log on and run the domain at times.
I went back to basics, with TechNet documentation. I need the Add-ADGroupMember cmdlet to add someone. However, I also need the groups. I searched, and Spiceworks shows up again. I ran this:
Get-ADGroup -filter * -properties GroupCategory | ft name,groupcategory
and got this list:
I want to add sjones to the Domain Admins group. Using the Add-ADGroupMember, I ran this:
Add-ADGroupMember "Domain Admins" sjones
And it worked. I could easily log on and administer other machines with this account.