IMPORTANT GENERAL INFORMATION

• IMPORTANT: There is no need to create a Provisioning ticket, Nalu completes bulk provisions behind the scenes with the VITM and Provisioning.

• IMPORTANT: Note the Laptop completion date Nalu has provided, that will be the latest we can complete the new user creation and user account setup on the laptop.

1.      Login to “NALUS1 - DC, DFA, ADFS, Printer Server” through Screenconnect/NCentral

2.      Open Active Directory while on the DC, you will be creating your new user based on their employment status provided on the New User Spec Form. Interns are traditionally in the EMPLOYEES OU, unless specified.

Basic OU Path:

Standard Employees: NALU.local > PEOPLE > EMPLOYEES

Consultants (or Contractors): NALU.local > PEOPLE > CONSULTANTS

3.      Right click the requested OU, hover New, and select User.

4.      Fill out the provided fields with the user’s information provided on the New User Ticket/Form. Usernames for NALU follow the [First Initial][Last Name] format. Adjust the domain to @nalumed.com. Hit next once complete.

5.      If the user is a Consultant (or Contractor), please add (C) after their name

Example:

 

6.      Create the user’s password using a super complex password for the user:

a.      12 characters

b.      Letters, numbers, symbols

EX: SzR:RuNQ&qG:

Select user must change password at next login option, hit Next once complete. Then Finish.

7.      For Remote Users, you will NOT select “User must change password”, instead you will need to create a super complex password for the user

a.     a.      12 characters

b.      Letters, numbers, symbols

EX: SzR:RuNQ&qG:

*Note* You can use a random password generator for this step.

8.      Locate your newly created user then right click and select “properties”.

9.      Start With the user’s General Tab. Fill in the provided information for Description, Phone number, and email if provided on the New User Spec Form.  If information was not provided on the New User Ticket/Form, leave blank.

Email should reflect the user’s username, then followed by @nalumed.com

Description will be the user’s job title – location (location is only if user is remote)

The following example is if the user was located in Texas.

Hit Apply once complete.

10.  Select the Organization Tab and fill out each of the categories per the New User Spec Ticket/Form. Hit Apply once complete.

11.  Go to Member Of Tab, add all requested security groups per the New User Spec Form, hit apply once filled out.

Most users will be requested to be added into the OOO Calendar, 5 Conference Rooms, and All Staff, these are their associated Security Group names:

-         OOO Calendar – FS_OOO_Calendar_RW

-         4 Conference Rooms – SG_ConfRoom_RW

-         All Staff – All Staff (All new users need this added)

IF user’s Location is HQ (Carlsbad, CA), then add to following DL:

-         HQ Staff

IF a Consultant or Contractor, then add to following DL:

-         Consultants

12.  Go to the “Attribute Editor” tab. Locate “mailNickname” and open it. Update the value to the New User’s username. Hit OK then Apply. Then OK again to close out of Active Directory.

13.  Open up Powershell as Admin, run AD Sync Command.

Start-ADSyncSyncCycle -PolicyType Delta

If erroring out, wait the 30 minute sync time for 365 .

14.  Go to portal.office.com and log in as the M365 Admin: ctac@nalumed.com

15.  Open the Admin Portal on the left-hand side of the page. Then go to Users>Active Users and search for your newly created account.

16.  Open their profile and assign a Business Premium license unless specified differently. If one is not available, reach out to Michael Sanchez or Sedric Blanco.

17.  Once added/applied, hit save changes. Ensure all requested Groups and mailboxes are added within 365, based on the New User Spec Form / Ticket.

18.  Next, the user needs to be added to MFA. To do this, login to Azure Active Directory.

IF NOT BUSINESS PREMIUM, Please follow these steps:

19.  A new window will open and bring you into the Azure Active Directory Admin Center. From here click the User tab.

20.  Then click Per-User MFA

21.  Another window will open and here you can select the user you need to add MFA. Click the user and select “enable”.

22.  A pop up will appear asking you to enable multi-factor auth, select the button.

23.  Once the MFA is successful, you can click close.

24.  If the user is set up with a Business Premium License, they will be automatically added to MFA per Conditional Access policies in place for Nalu

-Please take note of the Department listed in the onboarding request

In this example, it is being requested that the user be added to the Sales SW DL

26.. Add user to the correct Sales DL according to the request by going to Active teams & groups > Distribution Lists > search Sales to pull up all of the DLs under the Sales Dept

*The example above is for the user (Jackson Schoubloom) so that is why there is an arrow going to Sales Southwest (SW)

27.. Click on the Sales DL that is being requested and go to Members > View all and manage members > Add Members and add the user being requested

28.  Open an incognito tab on your computer and go to portal.office.com

29.  Log in as the new user, then test mailflow by sending an email to yourself, and replying to the email. Ensure you delete the emails from the user’s account once tested.

30.  Send Creds to the POC and Kevin NeSmith via an encrypted email, confirm POC/Kevin have received the credentials through the ticket.

knesmith@nalumed.com

31.  Most new user’s will need to be “set up” remotely (This is not a provision, just ensuring their desktop profile is set up). Work with the POC to get the New User’s device connected through a ScreenConnect session, you may have to schedule yourself a time slot later to work on this device.

32.  Once you have connected to the new device. Ensure the following has been completed

a.      Login as User

b.      Verify the localuser has been added onto the device

c.      Verify NCentral connection

d.      Run Windows Updates

e.      Run Lenovo Vantage Updates (hardware updates)

f.       Login to Microsoft Office (64 bit)

g.      Login to Microsoft Teams

h.      Set-up Outlook Profile

i.        Verify user has the Anyconnect VPN pinned to taskbar, with the NALU VPN URL saved for future connection. anyconnect.nalumed.com

j.      Set default printer based on New User Spec Form / Ticket

k.        Set default apps, Mail – Outlook, Internet Browser – Chrome, PDF – Adobe Reader

l.    Ensure Slack and Zoom are installed

m.    Ensure Arctic Wolf Network agents are installed

                                         i.  

n. Ensure Crowdstrike is also installed

Referenced KB00039516 [retired] for computer setup.

Reference Remote-User Add WI: KB00045856

44.  Close ticket once confirmed with End User.