Professional Documents
Culture Documents
(KPM)
Prepared by
INTEKSOFT AD DS Team
Dokumentasi dan Manual Pengguna
Document Distribution: (All persons who have a need to receive the document)
Name Role
The latest version of this document supersedes all other previous issues.
Page i
Dokumentasi dan Manual Pengguna
Table of Contents
1 Introduction ................................................................................................................................ 1
1.1 Project Overview ............................................................................................................... 1
1.2 Purpose ............................................................................................................................ 1
1.3 Assumption ....................................................................................................................... 1
3 Prerequisite for Preparing Windows Computer and Joining KPM.LOCAL Domain ..................... 5
3.1 Windows Computer Run on Certain Level of Windows Operating System Edition ............ 5
3.2 Windows Computer Reside on PCN or MyGov*Net Network ............................................ 5
3.3 Windows Computer Resolve The IP Address for Domain Controller ................................. 5
3.4 Windows Computer Able to Exchange Traffic With Domain Controller on Several Different
TCP and UDP Ports ................................................................................................................... 8
4 User Guide for Managing Windows Computer in Domain Network Environment ...................... 10
4.1 Windows Logon Concept ................................................................................................ 10
4.1.1 Domain Logon ..................................................................................................... 10
4.1.2 Local Logon ......................................................................................................... 12
4.2 Access to Join Domain Network Tool .............................................................................. 14
4.3 Checking Whether a Windows Computer is Joined to Domain ........................................ 17
4.4 Join a Windows Computer to Domain ............................................................................. 19
4.5 Grant a Domain User Become Administrator on Windows Computer .............................. 23
4.6 Unjoin a Windows Computer from Domain ..................................................................... 26
4.7 Common Technical Issue Discovered in Current Environment ........................................ 30
4.7.1 Issue on Windows Computer With Same Machine ID .......................................... 30
4.8 Common Technical Error Discovered in Current Environment ........................................ 31
4.8.1 Error on “The trust relationship between this workstation and the primary domain
failed” 31
4.8.2 Error on “The security database on the server does not have a computer account
for this workstation trust relationship” .............................................................................. 32
4.9 Rollback Step From Domain Computer to Workgroup..................................................... 34
5 User Guide for Managing Domain User and Computer with Microsoft Active Directory Users and
Computers Console ........................................................................................................................ 35
5.1 Access to Microsoft Active Directory Users and Computers Console .............................. 35
5.1.1 Install Remote Server Administration Tools (RSAT) Through Optional Feature ... 35
5.1.2 Install Remote Server Administration Tools (RSAT) Through Microsoft Websites 41
5.1.3 Create Custom View by Location using Microsoft Management Console (MMC) . 44
Page ii
Dokumentasi dan Manual Pengguna
5.1.4 Launch Custom MMC By Using Delegated Data Administrator Account .............. 49
5.2 Create Domain User Account ......................................................................................... 50
5.3 View & Update Properties of Domain User Account ........................................................ 54
5.4 Reset Password For Domain User Account .................................................................... 57
5.5 Unlock Domain User Account ......................................................................................... 59
5.5.1 Unlock Domain User Account Through Reset Password Command .................... 59
5.5.2 Unlock Domain User Account Through User Object Properties Command .......... 61
5.6 Disable & Enable Domain User Account ......................................................................... 63
5.6.1 Disable Domain User Account ............................................................................. 63
5.6.2 Enable Domain User Account .............................................................................. 65
5.7 Move Domain User Account ........................................................................................... 66
5.8 Delete Domain User Account .......................................................................................... 68
5.9 Disable & Enable Domain Computer Account ................................................................. 69
5.9.1 Disable Domain Computer Account ..................................................................... 69
5.9.2 Enable Domain Computer Account ...................................................................... 71
5.10 Reset Domain Computer Account ................................................................................. 72
6 User Guide for Managing Domain User and Computer with ManageEngine ADManager Plus . 73
6.1 System Access to ManageEngine ADManager Plus ....................................................... 73
6.2 Create Domain User Account ......................................................................................... 76
6.2.1 Create Domain User Account (Single) ................................................................. 76
6.2.2 Create Domain User Account (Bulk) .................................................................... 79
6.2.3 Create Domain User Account (Import From CSV File) ......................................... 83
6.3 View & Update Properties of Domain User Account ........................................................ 86
6.4 Reset Password For Domain User Account .................................................................... 88
6.5 Unlock Domain User Account ......................................................................................... 91
6.6 Disable & Enable Domain User Account ......................................................................... 93
6.6.1 Disable Domain User Account ............................................................................. 94
6.6.2 Enable Domain User Account .............................................................................. 96
6.7 Move Domain User Account ........................................................................................... 98
6.8 Delete Domain User Account ........................................................................................ 100
6.9 Disable & Enable Domain Computer Account ............................................................... 102
6.9.1 Disable Domain Computer Account ................................................................... 103
6.9.2 Enable Domain Computer Account.................................................................... 105
6.10 Reset Domain Computer Account ............................................................................... 107
6.11 Reports on Domain User Account ............................................................................... 111
6.12 Reports on Domain Computer Account ....................................................................... 116
7 User Guide for Domain User Account Self Service ................................................................. 119
7.1 Register Password Self-service in ADSelfService ......................................................... 119
7.2 Update User Profile Details in ADSelfService ............................................................... 122
Page iii
Dokumentasi dan Manual Pengguna
Page iv
Dokumentasi dan Manual Pengguna
1 INTRODUCTION
Contract No CT210000000009538
1.2 PURPOSE
This document describes the Dokumentasi dan Manual Pengguna in this project.
1.3 ASSUMPTION
• This information is written for experienced Windows system administrators who are familiar
with Active Directory Domain Services.
• The Manual Pengguna should be performed by a competent individual who have a good
working knowledge of the Microsoft Active Directory environment and also understand the
risk of performing the procedure.
Account Policies\Password
Policy
Enforce password history 3 passwords The number of unique new passwords that
remembered must be associated with a user account before
an old password can be reused
Maximum password age 180 days The period of time (in days) that a password
can be used before the system requires the
user to change it.
Minimum password age 0 days The period of time (in days) that a password
must be used before the user can change it.
Minimum password length 12 characters The least number of characters that can make
up a password for a user account.
Account Policies\Account
Lockout Policy
Account Lockout Threshold 5 invalid login The number of failed sign-in attempts that will
attempts cause a user account to be locked.
Reset Account Lockout 15 minutes The number of minutes that must elapse from
Counter After the time a user fails to log on before the failed
logon attempt counter is reset to 0.
• The continuous 5 of failed sign-in attempts will cause the KPM User account to be
locked.
• The locked-out account remains locked out for 15 minutes before automatically becoming
unlocked.
Screen saver timeout 1,200 Seconds Specifies how much user idle time must elapse
before the screen saver is launched.
Password protect the screen Enabled Determines whether screen savers used on
saver the computer are password protected.
• Computer screen will lock and enter screen saver mode when 20 minutes inactivity.
• KPM User will require to reenter his/her password to exit from screen saver mode.
Remarks:
Windows operating system edition that CANNOT join a domain.
▪ Windows 11 Home
▪ Windows 10 Home
▪ Windows 8.1 (Core), Windows 8.1 with Bing
▪ Windows 7 Starter, Windows 7 Home Basic, Windows 7 Home Premium
No Procedure
1. Check and ensure Windows computer is configuring and using designated DNS Server as
below.
Remarks:
▪ It is not necessary to perform this checking on each Windows computer. Just require
check once or when encountered cannot contact domain network issue.
No Procedure
Remarks:
▪ Ping command reply result could be from any IP Address of DNS & Domain
Controller.
a) 10.22.70.201
b) 10.22.70.202
c) 10.46.51.56
d) 10.46.51.58
e) 10.46.51.44
f) 10.46.51.46
g) 10.46.51.48
h) 10.46.51.49
i) 10.46.51.135
j) 10.46.51.136
k) 10.46.51.138
l) 10.46.51.139
▪ If ping command result failed to resolve KPM.LOCAL to any IP Address of DNS &
Domain Controller, kindly double check and make sure update the Windows
computer's IP configuration to use the designated DNS server.
No Procedure
1. INTEKSOFT will notify BPM to request activate the firewall rules for a particular site. Then
will notify IT person in charge from respective site to perform network communication and
connectivity testing between client computer with KPM.LOCAL domain controller.
ii. Supply valid user credential to authenticate with KPM.LOCAL domain controller.
iii. Sample result will as below if authentication success. When user authentication
success, that mean the necessary network communication ports connectivity
requirements are in place between network client Windows computer and DNS &
Domain Controller.
No Procedure
Remarks:
▪ It is not necessary to perform this checking on each Windows computer. Just require
check once or when encountered cannot contact domain network issue.
Domain User
Account’s User
Logon Name
No Procedure
By default, after a Windows computer has been joined to Domain, Windows computer will
accept any User Logon Name enter and treat as Domain User Account.
Any valid domain user may login to Windows by clicking on Other user. The logon screen
will display Sign in to: KPM domain.
Local User
Logon into Account’s User
Logon Name
Local Computer
(“Computer Host
Name”)
• Sample login Windows with Local User Account without Typing Computer Name
Example:
[ .\User Logon Name ]
.\administrator
Local User
Logon into Account’s User
Logon Name
Local Computer
(“Computer Host
Name”)
No Procedure
1. Sample login Windows with Local User Account without Typing Computer Name
By default, after a Windows computer has been joined to Domain, Windows computer will
accept any User Logon Name enter and treat as Domain User Account.
To login with Local User Account, user will have to add “.\” before User Logon Name.
Windows will display computer hostname at Sign in to: field.
No Procedure
1. INTEKSOFT team will provide the username and password to access the Join Domain
Network Tool application. Kindly email to moe.adjoin@inteksoft.com.my to get access the
application.
No Procedure
3. This tool will simply the join domain activity. It will perform computer rename according to
newly define computer naming convention standard. Then place the newly join Domain
Computer object into designed Organization Unit for easy of management and monitoring.
No Procedure
4. Extract file starter_kit_lite.zip. Make sure name for the text file is same with agency to join
domain.
No Procedure
1. Click on Windows icon > search “This PC” > Right click and select Properties
No Procedure
By default, the newly fresh install Windows computer is configured in Workgroup network.
In Workgroup network environment, it only supports Local User Account to logon into
Windows operating system.
Next, the IT admin can manually join the Windows computer to a Domain network. It will
result a Domain Computer Account is created in Active Directory Domain Services (AD
DS) database. In Domain network environment, it supports both Local User Account and
Domain User Account to logon into Windows operating system.
No Procedure
1. The tool will need to perform computer rename and computer join domain tasks. Please
make sure the user account use for logon into the computer must has local administrative
privilege.
No Procedure
No Procedure
5. The tool will generate the next unique Computer Name from database according to
Installation Site and Location Name. It will perform computer rename and then join the
computer’s operating system into KPM.LOCAL Active Directory Domain Network.
No Procedure
The System Code: 0 is indicating the computer successfully joined into KPM.LOCAL Active
Directory Domain Network.
No Procedure
1. Please make sure the user account use for logon into the computer must has local
administrative privilege.
No Procedure
3. Expand on Local Users and Groups > Expand Groups > Choose Administrators and click
Add button
4. Enter the right username, then click “Check Names” to make sure the name exists in
KPM.local. Click OK
No Procedure
5. Check account usernames that have been added in the Administrators Properties. Then,
click OK. The changes will be made when the user logon into the domain account on that
computer.
No Procedure
1. The tool will need to perform computer unjoin domain tasks. Please make sure the user
account use for logon into the computer must has local administrative privilege.
No Procedure
4. Click Next.
No Procedure
No Procedure
The System Code: 0 is indicating the computer successfully unjoined from KPM.LOCAL
Active Directory Domain Network. The computer will be leaving Domain network and join
back to default Workgroup network.
Cause:
Windows computer with same Machine ID as a result of disk duplication of Windows
installations.
Suggested Action:
• MOE technical team require to review and analyze back the existing practice for
disk cloning or disk duplication of Windows operating system installation.
• MOE technical team require to learn the technics supported by Microsoft principal
on disk cloning or disk duplication e.g., System Preparation (Sysprep).
• MOE technical team need a soft-landing plan to stop the existing practice which
cause the computer with same Machine ID issue.
• MOE technical team need to make awareness and education to JPN, PPD & other
agency to adopt the best practice supported by Microsoft principal.
• MOE technical team should consider to adopt enterprise desktop management
solution in order to manage this kind of huge computer environment.
4.8.1 ERROR ON “THE TRUST RELATIONSHIP BETWEEN THIS WORKSTATION AND THE PRIMARY
DOMAIN FAILED”
When you log on to a computer that is running Windows operating system in a domain
environment, you receive the following error message:
The trust relationship between this workstation and the primary domain failed.
Cause:
Possible root causes of the symptom are very broad but not limited as below:
• The computer changes the AD computer account password but unable to change
the local machine account password.
• The computer encountered abnormal network interruption when perform
computer account authentication to Domain Controller or changes AD computer
account password cycle.
• The computer Windows installation is reimaged without running Sysprep.
Suggested Action:
• A consistent and reliable network infrastructure (DNS, Firewall and Network
Connectivity requirements) are very important for operating Active Directory Domain
Network. It is because Domain User and Domain Computer are required to
process logon and authentication with Domain Controller on network.
• Windows operating system has been designed with smart enough to bail-out if it
can’t find/talk to a Domain Controller. But there are still will scenario that failure do
happen. Sometime, a reboot of computer will resolve because of the smart enough
design.
• Technically, Active Directory Domain User and Domain Computer are required
proper management and maintenance. The maintenance areas consist of in
Domain Controller and Domain Member (Workstation or Member Server Level).
• Pertaining to this error, Microsoft has provided workaround solutions but not limited
as below.
4.8.2 ERROR ON “THE SECURITY DATABASE ON THE SERVER DOES NOT HAVE A COMPUTER
ACCOUNT FOR THIS WORKSTATION TRUST RELATIONSHIP”
When you log on to a computer that is running Windows operating system in a domain
environment, you receive the following error message:
The security database on the server does not have a computer account for this workstation
trust relationship
Cause:
Possible root causes of the symptom are very broad but not limited as below:
• Domain Computer Account has been disabled or deleted from Active Directory
Domain Services (AD DS) database.
• Domain Computer’s date time settings are misconfigured and not align with current
date time defined in Active Directory Domain Services (AD DS) infrastructure.
• Unexpected network DNS service, network communication traffic failure or network
connection intermittent which result to timed out between Domain Computer and
Domain Controller.
Suggested Action:
• Pertaining to this error, Microsoft has provided workaround solutions but not limited
as below.
Sometimes you need to rollback domain computer to workgroup when Windows operating
system have problem inside domain environment.
Cause:
Possible root causes of the symptom are very broad but not limited as below:
• Windows update is not latest patches.
• Windows operating system is corrupted.
• Profile user in the operating system is corrupted.
Suggested Action:
• Pertaining to this error, Microsoft has provided workaround solutions but not limited
as below.
5.1.1 INSTALL REMOTE SERVER ADMINISTRATION TOOLS (RSAT) THROUGH OPTIONAL FEATURE
No Procedure
1. Open Windows Start Menu > Find and open Manage optional features on search taskbar
No Procedure
No Procedure
3. Find RSAT on search bar. Click on RSAT: Active Directory Domain Services and
Lightweight Directory Services Tools and click Install (1)
No Procedure
No Procedure
5. Go to Windows Start Menu and find Active Directory Users and Computers. > Right Click
> Click Open file location
No Procedure
6. Press Shift and Right Click on Active Directory Users and Computers so option for Run
as different user will come out
7. Run the management console under Domain User Account with admin privileges.
2. There will be two (2) download options displayed. If PC is running on 64-bit, choose
“WindowsTH-KB2693643-x64.msu”. If PC is running on 32-bit, choose “WindowsTH-
KB2693643x86.msu”
No Procedure
3. After finishing the download, open the downloaded package at the bottom left screen (if
using Google Chrome). Then, double click the package to start the installation.
5. On the wizard RSAT installation, choose I Accept and wait until installation done
No Procedure
5.1.3 CREATE CUSTOM VIEW BY LOCATION USING MICROSOFT MANAGEMENT CONSOLE (MMC)
No Procedure
1. On Windows Start Menu, type and click Run. Then, type “mmc.exe” and click OK
No Procedure
No Procedure
4. Click on Active Directory Users and Computers > Expand KPM.Local > Expand Clients >
Choose appropriate location, then right click, and choose New Window from Here
5. Click on View > Customize... > Just tick on console tree only, other than that must untick
No Procedure
6. Click on File > Options... > under Console mode, choose User mode – limited access
single window and tick Do not save changes to this console and untick Allow the user
to customize views as diagram below. Then, click OK
No Procedure
7. Click File > “Save As...”. Naming the file that indicated the location > Click Save
No Procedure
1. Press Shift and Right Click, then click on Run as different user
2. Run the management console under Domain User Account with admin privileges.
No Procedure
1. Open Active Directory Users and Computers > Select the right OU for the user > Right click
the OU > Select New > Select User
No Procedure
No Procedure
4. On New Object – User password prompt | Fill in the password based on domain
requirement. Optionally, we may check user must change password at next logon.
Click Next.
5. Select Finish.
No Procedure
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the User > Select Properties.
No Procedure
2. Under General > Review and make changes for user details (if any).
No Procedure
3. Diagram shows make changes at Organization Tab > Click Apply, then click OK
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the User > Select Reset Password
2. Fill in the default password based on domain requirement. We may check user must change
password at next logon for user to change to their own password.
Click Next.
No Procedure
3. Pop out message will appear after success reset password. Click OK
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the user > Select Reset Password
No Procedure
2. Menu Reset Password will appear with message Account Lockout Status on this
Domain Controller: Locked Out.
3. Fill the new and confirm password, untick at User must change password at next logon,
tick at Unlock the user’s account and click OK
5.5.2 UNLOCK DOMAIN USER ACCOUNT THROUGH USER OBJECT PROPERTIES COMMAND
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the User > Select Properties.
No Procedure
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the User > Select Disable Account
No Procedure
2. Message “Object user has been disabled” will appear and user icon will change to
disable. Click OK
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the user > Select Enable Account
2. Message “Object user has been enabled” will appear and user icon will change to enable.
Click OK
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the User > Select Move.
No Procedure
2. Select the new Organizational Unit for the user and select OK.
No Procedure
1. Open Active Directory Users and Computers > Expand User Organizational Unit > Right
click the User > Select Delete.
No Procedure
1. Open Active Directory Users and Computers > Expand Computer Organizational Unit >
Right click the computer > Select Disable Account
No Procedure
2. Prompt confirmation message to disable computer domain. Click Yes and message
“Object Computer has been disabled.” will pop out. Click OK
No Procedure
1. Open Active Directory Users and Computers > Expand Computer Organizational Unit >
choose disable computer status > Right click the Computer > Select Enable Account
2. Message “Object computer has been enabled.” will pop out after enable computer
domain. Click OK
No Procedure
1. Open Active Directory Users and Computers > Expand Computer Organizational Unit >
Right click the Computer > Select Reset Account
2. Confirmation message to reset computer domain will pop out. Click Yes and message
“Account Computer was successfully reset.” Will pop out. Click OK
No Procedure
No Procedure
2. Each department or agency will be given with a dedicated Data Administrator Account for
managing user and computer objects residing in their respective Organization Unit (OU).
Enter user logon name and password for Data Administrator Account, make sure selecting
log on to KPM and click Login.
No Procedure
No Procedure
1. Go to Management tab > User Management > Find and click Create Single User
2. Choose User Creation with basic Attributes on Selected Template and click OK.
Administrator can still use default option of System Template. The manual will show
example on creation using template User Creation with basic Attributes
No Procedure
3. Fill in new user details. Columns that are highlighted with red font are mandatory to fill which
are Logon Name, Logon name(pre-Windows 2000) and Full name. Ensure user’s location
according to the Organizational Unit (OU) code on column Select Container. Location choices
are only limited to the location(s) that had been set to administrator’s ID
No Procedure
4. Go to Account tab > select Type a password > enter default Password and Confirm
Password > Untick on selection User must change password at next logon > Click Create
to create domain user
No Procedure
2. Select User Creation with basic Attributes on Selected Template and click OK. Then
click Add Users
No Procedure
3. Fill in user details. Column(s) that are highlighted with red font are mandatory which are
Logon Name, Logon name(pre-Windows 2000) dan Full name
No Procedure
4. Select Type a password on Password selection > Enter Password and Confirm Password
> Untick selection User must change password at next logon > Click OK
5. Users that have been created will be displayed in the form of a list. Figure below shows an
example of two new users to be created. Administrator can add the next new user until finish.
Upon completing the list, click Next>>
No Procedure
6. Select the appropriate location. Location selection is limited to locations assigned the the
administrator’s ID. Then click Create Users
7. Administrator can check the user generation status at the far right of the user list
No Procedure
1. Go to Management tab > Select User Creation with basic attributes on selection Selected
Template > Click Import and click Browse
No Procedure
Click OK
No Procedure
3. Users that will be generated will be listed as in figure below. Review the user details then click
Next>>
No Procedure
No Procedure
3. The screen will display a new menu to modify user details. Make any changes to the user
details if necessary. Click Update User after making changes
4. The screen will display message Successfully updated the user properties after the
details have been successfully updated
No Procedure
No Procedure
2. Select Type a password and enter the Password along with Confirm Password. In the
Password options section, select No for all three options. Then select the appropriate OU
and click the Search button to perform a user search. Administrator can perform custom
searches by filling in the username in the Find the users field
3. A list of users will be displayed, click on the checkbox of the user who wants to reset the
password and click Apply
No Procedure
4. Administrators can check the password reset status at the far right of the user list
No Procedure
2. In the Find the users field, type username that want to be unlocked. Then click on Search
No Procedure
3. Select user that is locked on the user’s checkbox > Click Apply
4. Administrators can check the status of unlocked users on the far right of the user list
No Procedure
No Procedure
1. Select Disable on selection Enable/disable the account > Type name / username > Click
Search
No Procedure
2. The screen will display a list of users according to search. Select the user and tick the
checkbox to disable the user and click Apply. Administrators can also select two (2) or more
accounts at once
3. Administrator can review the status of disabled users at the far right of the listi
No Procedure
1. Select Enable on selection Enable/disable the account > Type name / username > Click
Search
No Procedure
2. The screen will display a list of users according to search. Select the user and tick the
checkbox to enable the user and click Apply. Administrators can also select two (2) or more
accounts at once
3. Administrator can review the status of enabled users at the far right of the list
No Procedure
2. At the selection Select Container, select the OU destination to move. Then in the Find the
users field, type the username that want to be moved. Then click Search
No Procedure
3. Select the user to be transferred and tick the checkbox> Click Apply
4. Administrators can check the status of moved users at the far right of the user list
No Procedure
No Procedure
3. The screen will display a list of users according to search. Select user and tick the checkbox
to delete the user. Administrators can also select two (2) or more accounts at once. Click
Apply
4. Administrators can review the status of deleted users at the far right of the list
No Procedure
No Procedure
1. Select Disable on selection Enable/disable the Account. Type computer name on Find the
computers column in Show Computers List field, then click Search. Administrators can
leave the Find the computers field blank to search for all computers
2. List of computer searches will be displayed, click on the computer checkbox and click
Apply
No Procedure
3. Administrator can review status of disabled computer at the far right of the list
No Procedure
1. Select Enable on selection Enable/disable the Account. Type computer name on Find the
computers column in Show Computers List field, then click Search. Administrators can
leave the Find the computers field blank to search for all computers
2. List of computer searches will be displayed, click on the computer checkbox and click
Apply
No Procedure
3. Administrator can review status of enabled computer at the far right of the list
No Procedure
No Procedure
No Procedure
3. Type computer name in the Find the computers column and click Search. Administrator can
leave the search column empty to perform searching for all computers in the selected OU
4. Screen will display a list of computers based on search result. Select the appropriate computer
by ticking the checkbox and click Apply. Administrator can select multiple computers at once
from the search list
No Procedure
5. Administrator can review status of reset computer at the far right of the list
No Procedure
No Procedure
7. Click Add-OUs
No Procedure
9. The All Users report for the selected OU will be generated. Administrator has the option to
export out reports if necessary, click on Export as and select the desired file format to
download
No Procedure
10. The downloaded file will be saved. Normally by default, browser will display the file at the
bottom left as shown in figure below
No Procedure
11. Figure below shows an example of a downloaded .xlsx file. The first sheet displays a summary
of total user account
No Procedure
2. Click Add OUs and select appropriate OU. Then click on Generate to generate all
computers report based on selected OU
No Procedure
3. The All Computers report for the selected OU will be generated. Administrator has the option
to export out the report if necessary, click on Export as and select the desired file format to
download
No Procedure
4. Figure below shows an example of a downloaded .xlxs file. The first sheet displays a summary
of total computers
No Procedure
iii. Enter password provided for Domain User Account and click Login.
No Procedure
6. Register up two (2) security questions and answers. User must make sure able to
remember and recall the secret answer. Then click Next.
No Procedure
No Procedure
iii. Enter password provided for Domain User Account and click Login.
No Procedure
2. Click on Profile tab to view the current Domain User Account details.
No Procedure
4. Update the Domain User Account details and click on Update button to save the changes.
No Procedure
No Procedure
iii. Enter password provided for Domain User Account and click Login.
No Procedure
2. Click on Change Password tab. Proceed to fill up the old password and new password by
follow the password requirements defined. Then click Change Password.
No Procedure
1. Once you are successfully logged onto your computer using Domain User Account, press
Ctrl-Alt-Del on your keyboard. Click on “Change a password”
2. Make sure that the top field shows “KPM\” before your username, and then fill out the “Old
Password”, “New Password”, and “Confirm New Password” fields.
Then click on the arrow pointing right or alternative hit enter key.
No Procedure
3. You should then receive a message stating that you have successfully changed your
password. Click “OK” to continue.
No Procedure
No Procedure
2. KPM User needs to provide the correct answer for their security questions. Then enter the
correct answer in captcha validation and click Continue.
No Procedure
3. KPM User needs to enter the new password and confirm new password. Then enter the
correct answer in captcha validation and click Reset Password.
7.6 ACCOUNT UNLOCK IN ADSELFSERVICE WHEN YOUR USER ACCOUNT GET LOCKED
OUT
No Procedure
1. How to account unlock when his/her user account get locked out.
Access to ADSelfService application:
i. Open browser and enter URL: https://reset.moe.gov.my/
(This URL only can be access within PCN and MyGov*Net network)
ii. Click Account locked out?
iii. Enter user logon name for Domain User Account.
iv. Enter the correct answer in captcha validation and click Continue.
No Procedure
2. KPM User needs to provide the correct answer for their security questions. Then enter the
correct answer in captcha validation and click Continue.
3. Enter the correct answer in captcha validation and click Unlock Account.
No Procedure
No Procedure
1. If a user signs in to their account and gets “We can't sign into your account message
and You've been signed in with a temporary profile” notification message below, then
that user has been signed in to a temporary profile (ex: C:\Users\TEMP ) instead of the
profile from their C:\Users\<user name> profile folder. Any changes that the user makes to
the temporary profile are lost after signing.
2. While signed into the account with the temporary profile, open a Command Prompt > Type
whoami /user > Click Enter
Make note of the SID (Security Identifier) for this current account. You will need to know
the SID (ex: S-1-5-21-....-1001) for your account.
No Procedure
3. Click Windows logo > Search Registry Editor > Select Run as administrator
Remarks:
▪ Make sure that you have been logged to the temporary profile
No Procedure
No Procedure
No Procedure
No Procedure
No Procedure
No Procedure
3. Make sure the original user profile path (before becoming a temporary profile)
No Procedure
5. Select Name and Profile Path for the user. This profile can be confirmed with Step 3.
No Procedure
7. Wait the Setting profile ACL to migrate. This procedure takes around 5 – 30 minutes depends
on data user.
WARNING: Don’t terminate this process or restart the computer if this process takes
longer than expected because it will corrupt the user profile.
No Procedure
9. Select Name and Profile Path for the user. This profile can be confirmed with Step 3.
10. Enter same domain username (user who is a temporary profile) > Click Next
No Procedure
11. Wait the Setting profile ACL to migrate. This procedure takes around 5 – 30 minutes depends
on data user.
WARNING: Don’t terminate this process or restart the computer if this process takes
longer than expected because it will corrupt the user profile.
No Procedure
12. Lastly, please do cleaning on the affected computer such as deleting temporary folder and
duplicate SID name in Registry Editor.
9 STATEMENT OF ACCEPTANCE
The Dokumentasi dan Manual Pengguna above have been deployed and tested successfully.
This statement is to acknowledge that the Dokumentasi dan Manual Pengguna has been
completed and the results will be accepted by KPM.
----------------------------------------------------- -----------------------------------------------------
Name: Muhammad Habibullah Ismayuddin Name: Tong Fuh Shuang
Title: System Engineer Title: System Consultant
Date: Date:
----------------------------------------------------- -----------------------------------------------------
Name: Name:
Title: Title:
Date: Date: