How To - Create New User For Newly Hired Staff Member
Instructions For Creating A New User – Horizon Office
- Open the ADUC MMC and determine if the new hire is replacing an existing staff member or if the new hire is net new
- If replacing, open the user that is leaving and record the security groups they belong to in "Member Of" in a Notepad
- If net new, then record the security groups of another user in the same department that has similar duties in a Notepad
- Login to the on-premise Exchange EAC and verify that you are on the "Enterprise" tab and looking at Recipients and then Mailboxes
- Click the plus sign and create a new O365 Mailbox
- Fill in first and last name and choose which OU the new hire needs to go into because the EAC will create the AD account in addition to the mailbox
- For "User logon name" be sure to choose horizondistributors.com as the domain, do not use horizon.com
- Checkmark to create an archive mailbox and put the username in the "Remote Routing Address"
- Click Save
- Refresh the specified OU in AD that the new hire was put into and verify that the AD account has the correct Description and other metadata
- Add in the security groups that were recorded on Notepad into the "Member Of" tab
- Wait for AD to sync with O365
-
***New*** Temporality change the ADUC tool to show Advanced Features from the VIEW menu. Then open the new user’s AD account, you should see new tabs including one that is labeled as Attribute Editor. Go to that tab and scroll down until you see “extensionAttribute1”, double click and change the text to grocery facility then change “extensionAttribute15” to 2floor both are all in lower case letters. These 2 changes allow the new user to be part of the email groups that HR uses to send out announcements or changes in company policy.
- When new hire's AD account has synced with O365, assign a license, either Business Premium or Business Basic
- Update the License Tracking spreadsheet by adding the new person’s name and what O365 license they are using IT Team - General\Admin SYS Office 365\0. O365 Licenses.xlsx
- Open the Azure Cloud admin page and add the new hire to the VeeamO365 backup jobs only if they were assigned a Business Premium license (Darren usually does this step)
- Log into DC6 and go to %systemroot%\sysvol\sysvol\horizon.com\scripts to copy an existing .bat file named with the new hire's username - the bat file handles mapped drivers and printers - verify that the new bat file is also input into the script field in the AD user account so that it matches what other users have - this step may require that you make your domainadmin account have permission to read/write for sysvol
- When the bat file is ready for the new user, logout of DC6
- Go to Filesvr2 in VMware and login. Create a new folder for the user in D:\Horizon\Husers Edit the folder permissions so that the new user has full control over the newly created folder
- Log into a green screen
- The command to copy an existing user is WRKUSRPRF OLDUSER then choose option 3 to copy
- Put the NEWUSER name in the top field and a new password in the field below it
- Change the old user’s name at the bottom in the text field
- Remember to have a lower case h in front of the username and that passwords on the IBMi are shorter than in AD
- When the new user is copied from an old user correctly, press F12 to back out and then 90 to logoff
- Open the Iptor client and create a new signature for the new hire's user account and copy an existing user for the new hire's own user profile and make sure the inquiry menus are also copied from an existing person. If the new hire is net new, then use someone with similar access in Iptor to copy from. Also copy the Enquiries menu by right clicking on the source user and copy to the new user.
-
***NEW*** Verify and check that the enquiries are not blank by pressing Enter, if they are, copy the individual enquiries from another user in the same department
- Open the SonicWall admin page and go to the "Manage" tab then Users/Local Users & Groups on the left side menu
- Click the Add button
- Checkmark "This represents a domain user"
- Put in the username and horizon.com into the Domain field and press enter
- Verify that the new hire is listed as HORIZON\newperson
- Log out of the SonicWall admin page
- Update the HR spreadsheet with username and password
\\w2k16fsvr\HorizonGroups\HORIZON\DepartmentShares\HR_RestrictedShares\Human Resources\Horizon Staff
- Liz Mahoney is responsible for doing any desk phone setup for a new hire
- Dawna Moon is responsible for creating a customer account in Iptor for the new hire
- Shawn Wang is responsible for doing any Qlikview setup if the new hire needs it
- Gillian Wilson is responsible for getting the new hire a door FOB and any needed keys
- Once all the IT related new user setup is done, determine if a workstation needs to be imaged or if the new hire is going to directly replace a staff member that is leaving and therefore just needs to login to that existing workstation
- Test that the AD login works, Outlook autodiscovers correctly and that Iptor can login and select a company
-
***NEW*** On the workstation that the new user is going to use, verify and make sure that the “Domain Users” are included in the local security group called “Remote Desktop Users” This can be found in Computer Management in the Control Panel – this is required for the user to work from home. In the future this step will be part of Group Policy
-
***NEW*** Verify that the Power settings for the workstation are set so that it never goes to sleep or hibernate because that will prevent a user from connecting from home. In the future this step will part of Group Policy
-
***NEW*** Verify and make sure that in Excel and Word, the Trust Center Settings include the on-premise file server. In the future, this step will be part of Group Policy
-
***NEW*** Verify that O365 2FA is initially using the office number of 604-524-6610 so that the user can reset their password if needed – the new user needs to be shown how to submit their own cell number as additional 2FA for their O365 account
- If the new hire needs to use Creative Cloud, verify that the apps are downloaded and the correct shared credentials are used to login to CC
- Complete onboarding by helping the user get the MS Authentication app on their phone, do 2FA for O365 and the SonicWall VPN
-
***NEW*** Check with the new person’s manager to see if they need to use any special shared Excel spreadsheets. If yes, then the new user needs the “Legacy Sharing” button added to their Excel and they need to be shown how to add their name to the spreadsheets they need to edit and save ***Note*** this step should no longer be needed after March 2022