What you will learn:
In an Active Directory (AD) network, each object is defined by a set of properties, which are called AD object attributes. These object attributes give information about the particular object. The attributes can be viewed and edited as necessary. In this article, we will be taking a look at the attributes of a user object that are present in the profile tab. We touch on what AD user objects are, and then dive into what information these attributes give about the user object, and how you can edit the attributes using Active Directory Users and Computers snap-in and Command Prompt.
AD User Object
An AD user object references a person who is part of the AD network. In an organization, a user would be an employee, and the user object’s properties would depend on the employee’s designation and privileges. People who are associated with the organization but are not employees, such as vendors, will not be referenced using a user object. Instead, such people will be referenced using a contact object. This is because a user object can be given privileges to access resources in the AD network while a contact object will only contain the contact information of the associate like their name, phone number, and email address. To know more about the various objects in an AD network, take a look at this article.
AD User Profile Properties Explained
When you click on a user object’s properties, you will find multiple tabs such as General, Address, Account, Member Of, Sessions, Telephone, Organization, and more. These tabs logically group similar sets of object attributes. One such tab is the profile tab. The profile tab consists of attributes that are related to the user object’s location in the directory information tree (DIT).
The profile tab of the user properties window allows you to configure the user profile, logon scripts, and home folder details for the user object. It is beneficial when you have to allow your user to access the same environment and data irrespective of the machine he/she logs in from. The details of the various properties in the profile tab are as given below:
User Profile: The user profile carries a record of user-specific information such as environment settings, installed software, user rights, and other data that are specific to the user. This user profile stored in the AD network can allow the user to retain his/her settings regardless of the computer that he/she logs in. If the user profile is stored locally in the machine, it will only be applied when the associated user logs in to the machine, and the user’s settings will not be applied to any other computer. The user profile contains the following sections:
- Profile path: The profile path is the address where the user profile is located.
- Logon scripts: Using these scripts, an administrator can configure what tasks will be executed when the user logs on. The administrator can use logon scripts perform various tasks such as mapping network drives, installing and setting a user’s default printer, updating virus signatures, updating software and much more.
Home folder: A home folder is a user’s personal space that contains the user’s personal files. Home folders are stored in the AD network, so the user can access his/her personal files on any computer that he/she logs in.
How to edit AD User Profile Properties
To access and edit the user properties, you can use three ways. They are as follows:
Using the Microsoft Management Console snap-in
- Go to Start -> Administrative Tools, and click on Active Directory Users and Computers.
- In the left pane, right-click on the domain where the user is located, and click Find.
- Select the appropriate domain in the In field.
- In the Name field, type the name of the user, and then click Find Now.
- In the Search Results, double-click on the user who’s properties you want to change.
- Click the Profile tab.
- You can now modify the various profile settings as necessary.
- After making the changes, click OK.
Using Command prompt
To access the command prompt and edit the user’s properties, use the following steps:
- Go to Start and click Command Prompt. If it not available in the Start menu, you type command prompt in the search box and click on the result.
- In the cmd window, use the following script:
dsmod user “<UserDN>” -loscr <ScriptPath> -profile <ProfilePath> -hmdir[RETURN]
<HomeDir> -hmdrv <DriveLetter>
Where,
UserDn: Distinguished name of the user
ScriptPath: Path to the logon script
ProfilePath: Path to the user profile’s directory
HomeDir: Path to the user’s home folder directory
DriveLetter: The name of the drive location to map the home directory