Tuesday 7 October 2008

SBS 2008 - Kewl Wizard - Add a new user role based on user properties

One of the tougher aspects of setting up a highly customized SBS 2003 setup was working things into the wizards. KISS.

Some of the things we worked out on SBS 2003:

  • SBS domain with multiple e-mail domains had a User Template named and designated for each domain. Run the Add User Wizard and choose the DomainA.com User Template and that would be the user's UserName@DomainA.com e-mail address. This tied into custom LDAP queries via Exchange Recipient Policies, Group Policy, and Security Group membership.
  • Custom share permissions assigned via User Template and tied into Access-Based Enumeration.
  • Custom OUs for particular workstation and user setups via the Add Computer wizard.
The sky is the limit, but it was challenging developing the User Templates.

Things have changed a bit for SBS 2008:

Add a new user role based on the User's properties

The new Add a new user role based on the User's properties wizard that takes all of the customizations that we can do with a test user account and create the new User Role (SBS 2003: User Template).

How kewl is that?!? :)

Once we have our User Role created, we can go on to add any new users based on it, or run the Change user role for user accounts wizard to change existing user's profiles.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.


Anonymous said...

This is also a good video on using the Windows SBS Console to add new users through the wizard: http://video.msn.com/video.aspx/?vid=6f27d029-87e2-42eb-9a3b-4ba787585077. So is this SBS 2008 doing away with
Active Directory Users and Computers snap-in for adding and managing users, including their Exchange attributes?? I am lead to this because while using the old style snap-in, I do not see the Exchange tabs any longer or is there a way to integrate those into the AD GUI in 2008??

Philip Elder Cluster MVP said...


We use ADUC when there is a need for a restricted user with no Exchange attributes or domain access permissions.

On SBS 2003, we have built User Templates that define a user's e-mail domain automatically when they are created where our clients have multiple @mydomain.com @myseconddomain.com etc.

The ability to do so is available in SBS 2008, though the setup is slightly different to get User Roles up and running and connected to specific e-mail domains.

For us, virtually all other user management is done via the SBS Console.

That has not changed with SBS 2008.

On SBS 2008, you will find the Exchange attributes for the user in the Exchange Management snap-in. That console is in the Windows SBS Native Tools Management console.

Thanks for the comment,