Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers

1
Lesson 5-Directory Assistance Administration
Using Active Directory Users and Computers
2
Overview

• Identify Active Directory objects.
• Create objects using the Active Directory Users
  and Computers tool.
• Manage objects using the Active Directory Users
  and Computers tool.

3
Identify Active Directory Objects

• The Active Directory objects are
• Computer
• User
• Contact
• Group
• Organizational unit (OU)
• Printer and shared folder

4
Computer

• A computer account uniquely identifies a client
  computer or a member server.
• It allows a computer to join a domain.
• It allows to remotely administer the computer
  over the network.
• It is one of the security principals in a domain.

5
User

• A user account is also a security principal.
• It allows users to log on to the network and
  becomes their network identity.
• To create a user account, the users full name,
  logon name, and the initial password are required.

6
Contact

• Contacts are created to provide contact
  information for those who are not members of the
  network.
• The contacts full name is required to create a
  contact.

7
Group

• Groups are the primary mechanism for managing
  network security.
• A group or a group account is a security
  principal that is used to collectively manage
  resource access for other security principals.

8
Group

• Groups can be referred to as distribution and
  security groups.
• The different types of security groups have
  different group scopes.
• The group scope provides access to resources at
  different levels within the overall logical
  network.

9
Group

• The three types of security groups are
• Domain local groups Can be given permissions
  for the domain in which they were created.
• Global groups Can become members of a group in
  other trusted domains.
• Universal groups Can be given permissions
  throughout all trusted domains, without having to
  join any other group.

10
Organizational Unit

• OUs
• Are used to subdivide a domain into manageable
  segments. This helps organize the network.
• Help administrators to delegate administrative
  tasks of the OU to other users.

11
Printer and Shared Folder

• An Active Directory object representing a shared
  folder or printer, enables users to search for
  resources.
• The process of creating an Active Directory
  object for a shared resource is referred to as
  publishing.
• Shared printers on a Windows Server 2003 computer
  are automatically published.

12
Create Objects Using Active Directory Users and
Computers

• The Active Directory Users and Computer
  interface.
• The initial Active Directory containers and
  objects.

13
The Active Directory Users and Computer Interface

• The consistent design of the Microsoft Management
  Console (MMC) makes it easy to work with tools
  that are otherwise unfamiliar to the
  administrator.
• The Active Directory Users and Computer interface
  displays a hierarchy of containers. These
  containers in turn contain other containers and
  various Active Directory objects.

14
The Active Directory Users and Computer Interface
The Active Directory Users and Computer Interface
15
The Active Directory Users and Computer Interface
Domain Controllers
16
The Active Directory Users and Computer Interface
Advanced Features
17
The Active Directory Users and Computer Interface
The Users Container
18
The Active Directory Users and Computer Interface
User Description
19
The Initial Active Directory Containers and
Objects

• The five default containers that form the basic
  structure of a domain are
• Builtin Contains the security groups included
  with the installation of Active Directory.
• Computers Is the default location for upgraded
  computer accounts from previous network operating
  systems such as Windows NT.
• Domain Controllers (DCs) Contains DCs for the
  domain that can be used to apply security
  policies to OUs.

20
The Initial Active Directory Containers and
Objects

• The five default containers that form the basic
  structure of a domain are (continued)
• ForeignSecurityPrincipals Holds SIDs of
  security principals from external, trusted
  domains.
• Users Is the location for upgraded user
  accounts from Windows NT and the initial
  administrator account.

21
Create Objects Using Active Directory Users and
Computers

• Computer and user accounts are the most
  frequently created Active Directory objects.
• The OUs may not be created as frequently, but
  they should be planned properly before creation.

22
Create Objects Using Active Directory Users and
Computers
New Object Computer
23
Create Objects Using Active Directory Users and
Computers
Computer Name
24
Create Objects Using Active Directory Users and
Computers
New Object User
25
Create Objects Using Active Directory Users and
Computers
User Password
26
Create Objects Using Active Directory Users and
Computers
New Object Organizational Unit
27
Manage Objects Using Active Directory Users and
Computers

• Object properties.
• Basic Active Directory Users and Computers object
  management.

28
The Object Properties Dialog Box

• The computer account properties dialog box.
• The user account properties dialog box.
• The organizational unit properties dialog box.

29
The Computer Account Properties Dialog Box
The computer account properties dialog box
30
The Computer Account Properties Dialog Box

• The various tabs available in the computer
  account properties dialog box are
• General
• Operating System
• Member Of

31
The Computer Account Properties Dialog Box

• The various tabs available in the computer
  account properties dialog box are (continued)
• Delegation
• Location
• Managed By
• Dial-in

32
The User Account Properties Dialog Box
The user account properties dialog box
33
The User Account Properties Dialog Box

• The various tabs available in the user account
  properties dialog box are
• General
• Address
• Account
• Profile

34

• The various tabs available in the user account
  properties dialog box are (continued)
• Telephones
• Organization
• Terminal Services Profile
• Sessions

35
The User Account Properties Dialog Box

• The various tabs available in the user account
  properties dialog box are (continued)
• Terminal Services Profile
• Sessions
• Environment
• Remote control
• COM

36
The Organizational Unit Properties Dialog Box
The organizational unit properties dialog box
37
The Organizational Unit Properties Dialog Box

• The various tabs available in the organizational
  unit properties dialog box are
• General
• Managed By
• Com
• Group Policy

38
Basic Active Directory Users and Computers Object
Management

• Managing the basic Active Directory Users and
  Computers involves moving and editing the
  objects.
• Windows 2003 allows to move the objects by
  dragging and dropping.

39
Basic Active Directory Users and Computers Object
Management
Active Directory Users and Computers Interface
40
Basic Active Directory Users and Computers Object
Management
The Location Tab
41
Basic Active Directory Users and Computers Object
Management
Selecting a User or Contact
42
Basic Active Directory Users and Computers Object
Management
The Managed By Tab
43
Basic Active Directory Users and Computers Object
Management
Selecting Groups
44
Summary

• Various Active Directory objects are user and
  computer accounts, group or group accounts,
  organizational units (OUs), printers, and shared
  folders.
• Active Directory objects can be created using the
  Active Directory Users and Computers interface.
• Objects within the Active Directory User and
  Computers interface can be managed using the
  object properties.
• Managing basic Active Directory users and objects
  involves moving and editing Active Directory
  objects.

45
Basic Active Directory Users and Computers Object
Management
Selecting a Group From a List of Groups
46
Basic Active Directory Users and Computers Object
Management
The Member Of Tab