Active Directory: User Lifecycle Management

This lab focuses on managing the lifecycle of a user account within an Active Directory environment. I configured logon hour restrictions to control when a user can access the domain, disabled the account to temporarily revoke access, and then fully deleted the account to complete the deprovisioning process. This lab demonstrates essential identity and access management skills used in real-world IT administration, including access restriction, account deactivation, and user removal.

---

Environments and Technologies Used

• Microsoft Azure
• Azure Virtual Network
• Active Directory Users and Computers
• Remote Desktop Protocol (RDP)

---

Lab Objectives

• Configure account logon hour restrictions to limit when a user can authenticate to the domain
• Disable a user account to temporarily revoke access while preserving the account’s data
• Delete a user account to fully remove access and deprovision the identity from Active Directory
• Verify each change to ensure logon restrictions, account deactivation, and account removal functioned as intended
• Strengthen understanding of user lifecycle management and access control within a Windows Server domain environment

---

Step-by-Step Walkthrough

Lab Environment

• Platform: Microsoft Azure
• Domain Controller: Windows Server 2022 Datacenter
• Client Machine: Windows 10 Pro
• Required Active Directory Setup:
  • Active Directory: Domain Setup
  • Active Directory: User Creation & Access Control

---

1) Set Account Logon Hours

1. On the Domain Controller open Active Directory Users and Computers
2. Right-click the user and select Properties

3. Navigate to the Account tab and click Logon Hours
4. Select Logon Denied to clear the hours
5. Apply the changes

6. Attempt to log into the Client Virtual Machine using the User's Credentials to observe the change

7. On the Logon Hours page highlight all the hours and select Logon Permitted and apply the changes to reenable sign on

---

2) Deactivating User Accounts

1. In Active Directory Users and Computers right-click the user
2. Select Disable Account

3. Attempt to log into the Client Virtual Machine using the User's Credentials to observe the change

4. In Active Directory Users and Computers right-click the user
5. Select Enable Account to reactive the user account

---

3) Deprovisioning User Accounts

1. In Active Directory Users and Computers right-click the user
2. Select Delete
3. Confirm you want to delete the user

4. Attempt to log into the Client Virtual Machine using the User's Credentials to observe the change

---

Outcome

• Successfully configured account logon hour restrictions to limit when a user can authenticate to the domain
• Disabled the user account to prevent access while retaining the account and its associated data
• Deleted the user account to fully remove access and deprovision the identity from Active Directory
• Demonstrated practical understanding of user lifecycle management, including access restriction, deactivation, and account removal within a Windows Server domain environment

---

Skills Demonstrated

• Configuring logon hour restrictions to control when users can authenticate to the domain
• Disabling user accounts to temporarily revoke access while preserving user data
• Deleting user accounts to fully deprovision identities from Active Directory
• Applying real-world user lifecycle management practices within a Windows Server domain
• Strengthening understanding of access control, account restriction, and user deactivation procedures in Active Directory