-->

  • microsoft-365-l1-desktop-support-new-user-creation-setup

      

    microsoft-365-l1-desktop-support-new-user-creation-setup


     

    Microsoft-365-L1-Desktop-Support-guide


    This article is designed as a practical, User onboarding is a critical responsibility for L1 Desktop Support teams in enterprise environments. When a new employee joins, IT must ensure proper account creation, access provisioning, and mailbox setup without security gaps or permission errors. In hybrid environments (On-Prem AD + Microsoft 365), the process involves Active Directory configuration followed by synchronization to Azure AD. This guide explains the standard real-world workflow followed by service desk engineers during new user creation.

    I will write article on each topic for single single blog -


    I’ll break into real helpdesk categories:

     

    1. Unlock user
    2. Reset password
    3. Enable / Disable account
    4. Create new user
    5. Add user to group
    6. Remove user from group
    7. Check login issues
    8. Move user to correct OU
    9. Basic permission via groups

     

    Today we will see step by step Account & License Management  

     

     

    👤 SCENARIO 1 — Create new user (new user join)

     

    ✅ Step 1 — Create User in Active Directory


    User accounts are created in:

    Active Directory Users and Computers (ADUC)



    You can open it via:

    • dsa.msc


    📍 Navigate to Proper OU


    Inside ADUC:

     

    • Expand Domain Name (Example: company.local)
    • Navigate to correct OU (Organizational Unit) – e.g., Accounts / Users
    • Right-click the OU
    • Select New → User
    • Fill Required Details:
    • First Name
    • Last Name
    • Full Name
    • Username (SamAccountName)
    • User Logon Name (UPN)
    • Click Next




    Set Password & Account Options:

    ✔ User must change password at next login
    ✔ Password never expires (Company policy based)
    ✔ Account enabled


    Click Next → Finish

    User account is successfully created.




    🎯 Best Practice


    • Always create users inside the correct OU to ensure:
    • Proper Group Policy application
    • Security compliance
    • Automatic script execution (if configured)





    ✅ Step 2 — Add User to Security Groups




    After account creation, assign access based on job role.



    Most Used Method:


    • Right-click User
    • Select Properties
    • Go to Member Of tab




    You may see default group:




    Name            | Location
    -----------------------------------
    Domain Users    | test.com/Users
    To Add User to Required Groups:

    Click Add



    • Enter group name (e.g., VPN_Users, Email_Users, Finance_Share)
    • Click Check Names
    • Click OK
    • Click Apply
    • Typical Groups Assigned:
    • Email Access Group
    • VPN Access Group
    • File Server Access Group
    • Printer Access Group
    • Department Security Group



    💬 Professional Interview Answer Line



    “I will open ADUC using dsa.msc, navigate to the appropriate OU, create a new user via New → User, configure password policies, enable the account, and assign necessary security groups through the Member Of tab to provide email, VPN, file, and printer access based on the user’s role.”



    ✅ Step 3 — Inform Microsoft 365 Admin (Hybrid Environment)



    • If organization uses Hybrid AD setup:
    • User account syncs via:
    • Azure AD Connect



    Process:


    • Wait for Azure Sync cycle
    • Verify user appears in Microsoft 365 Admin Center
    • License will be assigned by M365 Admin team
    • Once license is assigned:
    • Mailbox gets provisioned
    • Teams access enabled
    • OneDrive created



    🔍 Verification Steps After Sync


    • Check user appears in Microsoft 365 portal
    • Confirm license assigned
    • Verify mailbox created in Exchange Online
    • Confirm Teams login works




    🚨 Step 4 — Escalation Criteria



    • Escalate to L2 / Cloud Admin if:
    • User not syncing to Azure AD
    • Sync errors in Azure AD Connect
    • No mailbox created after license assignment
    • Duplicate UPN conflict
    • Azure AD provisioning issue



    Before escalation, document:


    • OU location
    • Groups assigned
    • Time of account creation
    • Sync cycle time
    • Error screenshot (if any)



    📝 Real Helpdesk Documentation Format

    Request: New User Creation – Finance Department
    Action Taken:
    Created user in AD → Assigned groups → Confirmed sync → Informed M365 admin

    Pending: License assignment
    Status: Awaiting mailbox provisioning



    🔐 L1 Best Practices



    • ✔ Always verify HR approval before account creation
    • ✔ Follow naming convention standard
    • ✔ Assign minimum required permissions (Least Privilege Principle)
    • ✔ Confirm department-specific groups
    • ✔ Document everything in ticket



    ✅ Quick Checklist Summary


    • ✔ Create user in correct OU
    • ✔ Set password policy
    • ✔ Enable account
    • ✔ Add required groups
    • ✔ Wait for Azure sync
    • ✔ Inform M365 Admin
    • ✔ Verify mailbox creation






    Disclaimer



    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.






    • 0 comments:

    Post a Comment

    For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.