ACTIVE DIRECTORY ADMINISTRATION - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

ACTIVE DIRECTORY ADMINISTRATION

Description:

Define the guidelines for the creation and deletion of users and groups. ... Header record must be defined using a distinguished name and schema attributes. ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 25
Provided by: facult45
Category:

less

Transcript and Presenter's Notes

Title: ACTIVE DIRECTORY ADMINISTRATION


1
ACTIVE DIRECTORY ADMINISTRATION
  • Chapter 5

2
UNDERSTANDING USER ACCOUNTS
  • Authentication
  • User account types
  • Local user accounts
  • Domain user accounts
  • Built-in user accounts
  • Administrator
  • Guest

P112-113
3
AUTHENTICATION AND ACCESS TOKEN
P112-113
4
CATEGORIES OF USER ACCOUNTS
  • Security Accounts Manager (SAM)
  • Local
  • Built-in user accounts
  • Domain user accounts (NTDS.dit)
  • Domain local
  • Built-in user accounts

P112-113
5
ADMINISTRATOR ACCOUNT
  • Full control of computer, domain, forest
  • Used to establish administrative structure and
    create other accounts
  • Should be renamed
  • Should be secured with a complex password
  • Can be disabled, but cannot be deleted

P112
6
GUEST ACCOUNT
  • Designed to allow temporary access to the network
  • Disabled by default, but cannot be deleted
  • Should be secured with a complex password if
    enabled

P113
7
GROUPS AND THEIR USES
P114
8
GROUP TYPES and SCOPES
P115
9
GROUP TYPES, SCOPES, AND CONVERTING
  • Distribution groups
  • Typically used with applications to provide a
    list of users (Microsoft Exchange)
  • Cannot be used to assign access permissions
  • Security groups
  • Primarily used to grant access
  • Can also be used like a distribution group for
    e-mail, if the group has an e-mail address
    assigned

P115
10
Group Scope 1) DOMAIN LOCAL GROUPS
  • Membership user accounts, computer accounts,
    global groups, universal groups from any domain,
    and domain local groups from the same domain.
  • Purpose Used to assign permissions to resources
    in the local domain.
  • Once you assign permissions to this group, you
    can use it to grant those permissions to other
    groups or users.

P116
11
Group Scope 2) GLOBAL GROUPS
  • Membership
  • User accounts
  • Computer accounts
  • Other global groups.
  • Purpose Used to organize users.
  • Users are typically assigned to global groups
    based on job role, task, or title.

P117
12
Group Scope 3) UNIVERSAL GROUPS
  • Membership
  • User accounts
  • Computer accounts
  • Global or universal groups.
  • Purpose Used to organize users or groups of
    users in global groups.
  • Larger organizations typically use universal
    groups to group accounts from different domains.

P117
13
GROUP NESTING WINDOWS 2000 MIXED DOMAIN
FUNCTIONAL LEVEL
P119
14
GROUP NESTING WINDOWS 2000 NATIVE OR LATER
DOMAIN FUNCTIONAL LEVEL
P119
15
DEFAULT GROUPS
  • Built-in security groups
  • Pre-defined permissions
  • Placed in Built-in and Users containers by
    default
  • Groups are sometimes added when services are
    installed
  • DHCP service adds DHCP Admins and DHCP Users
  • DNS adds DNS Admins and DNS UpdateProxy

P120
16
SPECIAL IDENTITY GROUPS (OS controlled)
  • Anonymous Logon
  • Everyone
  • Authenticated Users
  • Interactive
  • Network

P125
17
LOCAL GROUPS
  • Only on nonActive Directory databases
  • SAM database
  • Domain members local security databases
  • Typically used in peer-to-peer (workgroup)
    networks
  • Used to grant system rights and access to
    resources available on the local computer

P127
18
DEVELOPING A GROUP IMPLEMENTATION PLAN
  • Determine who has the ability to create and
    manage users and groups.
  • Determine how domain local, global, and universal
    groups should be used.
  • Define the guidelines for the creation and
    deletion of users and groups.
  • Implement a common naming scheme for users and
    groups.
  • Determine the appropriate uses of group nesting.

P127-128
19
CREATING USERS AND GROUPS
  • Batch files
  • Directory Exchange Utilities
  • CSVDE utility
  • LDIFDE utility
  • Windows Script Host (WSH)

P128-129
20
USING BATCH FILES
  • net user
  • net group
  • dsadd user
  • dsadd group

P129-130
21
USING CSVDE
  • Comma-separated values.
  • Header record must be defined using a
    distinguished name and schema attributes. Entries
    in the remainder of the file must follow the
    order of the header record.
  • Once the file is created, use csvde -i -f
    file.txt to import the users.
  • Cannot create users with passwords.
  • Cannot modify existing user accounts.

P130
22
USING LDIFDE
  • Line-separated values. Object entries are
    separated by a hyphen.
  • Once the file is created, use ldifde -i -f
    file.txt to import the users.
  • Cannot create users with passwords.
  • Can modify passwords once users are created.
  • Can be used to import, export, and modify Active
    Directory objects.

P131
23
USING WSH
  • Allows you to write scripts to create users and
    other Active Directory objects.
  • Scripts can be VBScript or Jscript.
  • Allows for highly customized solutions that
    automate the creation of user accounts.

P132
24
SUMMARY
  • What are the two group types?
  • Which type can be used to assign permissions?
  • Which one is primarily for e-mail?
  • Name three group scopes.
  • What domain functional level is required for
    creating universal groups?
  • Name methods for automating user account creation.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ACTIVE DIRECTORY ADMINISTRATION" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!