Create user templates

A user enrollment template is a tool to help you enroll users from i5/OS™ to the Windows environment more efficiently. Rather than manually configuring many new users, each with identical settings, use a user enrollment template to automatically configure them. You can learn more about user enrollment templates at User Enrollment Templates.

Follow these steps to create a Windows template:

For a Windows 2000 Server or Windows Server 2003 domain:

1. At the integrated server console click Start —> Programs —> Administrative Tools —> Active Directory Users and Computers.
2. Click the domain name.
3. Right-click Users, then select New—>User.
4. In the Username and Logon name fields, enter a distinctive name for the template, such as stduser or admtemp. Click Next.
5. It is recommended that you also deselect the User must change password at next logon check box and select the User cannot change password, Password never expires, and Account is disabled checkboxes. This prevents anyone using the template account itself to access the integrated server.
6. Do not enter a password for a template account.
7. Click Finish.
8. To set up group memberships, double-click the template name in the list of domain users and groups that appear in the right pane. Click the Member of tab and then click Add to add the groups that you want.

For a Windows 2000 Server or Windows Server 2003 server:

1. From the integrated server console
   • In Windows 2000 Server click Start —> Programs —> Administrative Tools —> Computer Management —> Local Users and Groups.
   • In Windows Server 2003 click Start —> Programs —> Administrative Tools —> Computer Management —> System Tools —> Local Users and Groups.
2. Select System Tools —> Local Users and Groups.
3. Right-click Users and select New User.
4. In the User name field, enter a distinctive name for the template, such as stduser or admtemp.
5. It is recommended that you also deselect the User must change password at next logon check box and select the Password never expires, User cannot change password, and Account is disabled checkboxes. This prevents anyone using the template account itself to access Windows server.
6. Click Create, then Close.
7. Click Users or refresh to show the new user template.
8. To set up group memberships, double-click the template name in the list of domain users and groups that appears in the right pane. Click the Member of tab and then click Add to add the groups that you want.

You can make a user template a member of any Windows server group, whether you enrolled that group from i5/OS or not. You can enroll users with a template that is a member of a group that was not enrolled from i5/OS. If you do this you can only remove users from the group by using the User Manager program on Windows server.

If you are creating a template that will be used to enroll administrators, you may want to make the template a member of the Windows server group Administrators. Likewise, if you want to protect Windows users from accidental deletion from i5/OS, enroll the template in the AS400_Permanent_Users (or OS400_Permanent_Users) group.