11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

Slides:



Advertisements
Similar presentations
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
Module 4: Implementing User, Group, and Computer Accounts
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Lesson 14: Creating and Managing Active Directory Users and Computers
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 3: Creating and Managing User Accounts.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.
Chapter 7 Managing OUs and Active Directory Accounts
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Guide to MCSE , Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Working with Workgroups and Domains
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
1 Week 3 Secure and Efficient Administration of Act. Dir. Work with Active Directory Snap-Ins Custom Consoles and Least Privilege Find Objects in Active.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
8.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 8: Introducing Computer Accounts.
Managing Active Directory Domain Services Objects
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Chapter 7: WORKING WITH GROUPS
Designing Active Directory for Security
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Module 9: Preparing to Administer a Server. Overview Introduction to Administering a Server Configuring Remote Desktop to Administer a Server Managing.
Module 2: Managing User and Computer Accounts. Overview Creating User Accounts Creating Computer Accounts Modifying User and Computer Account Properties.
Microsoft ® Official Course Module 3 Managing Active Directory Domain Services Objects.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
MIS Chapter 41 Chapter 4 – Implementing and Managing Group and Computer Accounts MIS 431 – Created Spring 2006.
1 Chapter Overview Using Group Objects Understanding Default Groups Creating Group Objects Managing Administrative Access.
6/19/2016 أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 4.
ACTIVE DIRECTORY ADMINISTRATION
ACTIVE DIRECTORY ADMINISTRATION
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Implementing and Managing Group and Computer Accounts
Presentation transcript:

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8

Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to an Active Directory domain Create and manage computer objects Troubleshoot computer accounts Describe the process of adding a computer to an Active Directory domain Create and manage computer objects Troubleshoot computer accounts

Chapter 8: WORKING WITH COMPUTER ACCOUNTS3 UNDERSTANDING COMPUTER OBJECTS Logical representation in Active Directory of the physical computer object A mean to track computers belonging to the domain User cannot log on to the domain from a computer without a computer account in Active Directory Can be granted permissions to other objects Inherit group policy settings from domains, sites, and OUs Can be made a member of a security and distribution group and inherit group permissions Logical representation in Active Directory of the physical computer object A mean to track computers belonging to the domain User cannot log on to the domain from a computer without a computer account in Active Directory Can be granted permissions to other objects Inherit group policy settings from domains, sites, and OUs Can be made a member of a security and distribution group and inherit group permissions

Chapter 8: WORKING WITH COMPUTER ACCOUNTS4 CREATING COMPUTER OBJECTS Computer object must exist in Active Directory before computer can be joined to the domain. Computer object can be created using Active Directory Users and Computers or a command-line tool such as Dsadd. Computer account can also be created during the domain joining process. Computer account SID is stored in Active Directory computer account object Prevent a rogue computer from accessing the network Computer object must exist in Active Directory before computer can be joined to the domain. Computer object can be created using Active Directory Users and Computers or a command-line tool such as Dsadd. Computer account can also be created during the domain joining process. Computer account SID is stored in Active Directory computer account object Prevent a rogue computer from accessing the network

Chapter 8: WORKING WITH COMPUTER ACCOUNTS5 COMPUTER ACCOUNT AUTHENTICATION Computer authenticate before user account is authenticated Client computer and Domain Controller mutual authentication Authenticate using computer account and password Account name Up to 63 characters Pre-Windows 2000 the first 15 characters Password is generated automatically and kept hidden Account name up to 63 characters Pre-Windows 2000 the first 15 characters Computer authenticate before user account is authenticated Client computer and Domain Controller mutual authentication Authenticate using computer account and password Account name Up to 63 characters Pre-Windows 2000 the first 15 characters Password is generated automatically and kept hidden Account name up to 63 characters Pre-Windows 2000 the first 15 characters

Chapter 8: WORKING WITH COMPUTER ACCOUNTS6 CREATING COMPUTER OBJECTS USING ACTIVE DIRECTORY USERS AND COMPUTERS Permission Requirements: Administrators Account Operators Delegated control

Chapter 8: WORKING WITH COMPUTER ACCOUNTS7 CREATING COMPUTER OBJECTS USING DSADD.EXE Allows computer account creation to be scripted Provides a mechanism to create large amounts of computer accounts at one time Allows computer account creation to be scripted Provides a mechanism to create large amounts of computer accounts at one time Example: DSAdd computer “CN=MyComputer,CN=Computers,DC=MyCompany,DC=Com”

Chapter 8: WORKING WITH COMPUTER ACCOUNTS8 CREATING COMPUTER OBJECTS USING NETDOM.EXE Command-line utility Simpler to use than Dsadd Must be extracted from the support.cab archive in the \Support\Tools folder on the Windows Server 2003 installation CD or install by running suptools.msi Command-line utility Simpler to use than Dsadd Must be extracted from the support.cab archive in the \Support\Tools folder on the Windows Server 2003 installation CD or install by running suptools.msi Example: Netdom add MyComputer /Domain:Contoso.com /UserD:Admin /PasswordD:Secret /OU:Organization

Chapter 8: WORKING WITH COMPUTER ACCOUNTS9 JOINING COMPUTERS TO A DOMAIN

Chapter 8: WORKING WITH COMPUTER ACCOUNTS10 JOINING A DOMAIN USING NETDOM.EXE Allows computers to be joined to the domain from a command line Allows scripts to be developed to streamline the process of joining a computer to a domain Netdom join ….. Allows computers to be joined to the domain from a command line Allows scripts to be developed to streamline the process of joining a computer to a domain Netdom join …..

Chapter 8: WORKING WITH COMPUTER ACCOUNTS11 CREATING COMPUTER OBJECTS WHILE JOINING THE DOMAIN

Chapter 8: WORKING WITH COMPUTER ACCOUNTS12 JOINING A DOMAIN DURING OPERATING SYSTEM INSTALLATION

Chapter 8: WORKING WITH COMPUTER ACCOUNTS13 LOCATING COMPUTER OBJECTS The Computers container The Domain Controllers OU The Computers container The Domain Controllers OU

Chapter 8: WORKING WITH COMPUTER ACCOUNTS14 LOCATING DC COMPUTER OBJECTS Computer accounts for domain controllers are placed in the system-created domain controllers OU by default. The Default Domain Controllers Policy GPO is applied to the container. Computer accounts for domain controllers are placed in the system-created domain controllers OU by default. The Default Domain Controllers Policy GPO is applied to the container.

Chapter 8: WORKING WITH COMPUTER ACCOUNTS15 LOCATING OTHER COMPUTER OBJECTS Non–domain-controller computer accounts are placed in the Computers system-created container by default. Computer container does not support group policy Non–domain-controller computer accounts are placed in the Computers system-created container by default. Computer container does not support group policy

Chapter 8: WORKING WITH COMPUTER ACCOUNTS16 REDIRECTING COMPUTER OBJECTS Allows an alternative default location for computer accounts to be specified. Use the Redircmp.exe command-line utility. Works only on Windows Server 2003 domain functional level. Automatically redirects all computer accounts Can be overridden by explicit computer account creation commands. Allows an alternative default location for computer accounts to be specified. Use the Redircmp.exe command-line utility. Works only on Windows Server 2003 domain functional level. Automatically redirects all computer accounts Can be overridden by explicit computer account creation commands. Example: Redircmp ou=Workstations,DC=contoso,DC=com

Chapter 8: WORKING WITH COMPUTER ACCOUNTS17 MANAGING COMPUTER OBJECTS Computer objects have properties. Can be viewed and configured through Active Directory Users and Computers Computer objects have properties. Can be viewed and configured through Active Directory Users and Computers

Chapter 8: WORKING WITH COMPUTER ACCOUNTS18 MODIFYING COMPUTER OBJECT PROPERTIES

Chapter 8: WORKING WITH COMPUTER ACCOUNTS19 DELETING, DISABLING, AND RESETTING COMPUTER OBJECTS Deleting Removes the computer account from Active Directory Disabling Prevents the computer from being used to log on to the domain Resetting Reestablishes relationship between a computer and Active Directory Deleting Removes the computer account from Active Directory Disabling Prevents the computer from being used to log on to the domain Resetting Reestablishes relationship between a computer and Active Directory

Chapter 8: WORKING WITH COMPUTER ACCOUNTS20 DELETING COMPUTER OBJECTS Manually through Active Directory Users and Computers Automatically by changing the domain membership on the computer Using a command-line tool such as Dsrm Manually through Active Directory Users and Computers Automatically by changing the domain membership on the computer Using a command-line tool such as Dsrm

Chapter 8: WORKING WITH COMPUTER ACCOUNTS21 DISABLING COMPUTER OBJECTS

Chapter 8: WORKING WITH COMPUTER ACCOUNTS22 RESETTING A COMPUTER OBJECT Necessary when replacing or upgrading a computer system Allows an appropriately named new system to use an existing computer account Allows computer account password on the computer to be synchronized with computer account password stored on the domain controller Necessary when replacing or upgrading a computer system Allows an appropriately named new system to use an existing computer account Allows computer account password on the computer to be synchronized with computer account password stored on the domain controller

Chapter 8: WORKING WITH COMPUTER ACCOUNTS23 MANAGING REMOTE COMPUTERS Allows you to perform management tasks across the network Actually a shortcut to the Computer Management MMC snap-in Allows you to perform management tasks across the network Actually a shortcut to the Computer Management MMC snap-in

Chapter 8: WORKING WITH COMPUTER ACCOUNTS24 MANAGING COMPUTER OBJECTS FROM THE COMMAND LINE Dsmod Used to modify existing computer account objects Dsrm Used to remove computer account objects from Active Directory Dsmod Used to modify existing computer account objects Dsrm Used to remove computer account objects from Active Directory

Chapter 8: WORKING WITH COMPUTER ACCOUNTS25 MANAGING COMPUTER OBJECT PROPERTIES WITH DSMOD.EXE Can be used to modify properties of existing computer account objects Useful for creating scripts and batch files to automate changes Cannot be used to create or delete computer account objects Can be used to modify properties of existing computer account objects Useful for creating scripts and batch files to automate changes Cannot be used to create or delete computer account objects Example: DSMod computer CN=MyComp,CN=Computers,DC=Contoso,DC=com –reset

Chapter 8: WORKING WITH COMPUTER ACCOUNTS26 DELETING COMPUTER OBJECT PROPERTIES WITH DSRM.EXE Can be used to delete computer account objects from the command line Requires confirmation of deletion unless the - noprompt switch is used Can be used to delete computer account objects from the command line Requires confirmation of deletion unless the - noprompt switch is used Example: DSrm CN=MyComp,CN=Computers,DC=Contoso,DC=com

Chapter 8: WORKING WITH COMPUTER ACCOUNTS27 TROUBLESHOOTING COMPUTER ACCOUNTS: PROBLEMS Messages at logon indicate that a domain controller cannot be contacted, that the computer account might be missing, or that the trust between the computer and the domain has been lost. Error messages or entries in an event log indicate similar problems or suggest that passwords, trusts, secure channels, or relationships with the domain or a domain controller have failed. A computer account is missing in Active Directory. Messages at logon indicate that a domain controller cannot be contacted, that the computer account might be missing, or that the trust between the computer and the domain has been lost. Error messages or entries in an event log indicate similar problems or suggest that passwords, trusts, secure channels, or relationships with the domain or a domain controller have failed. A computer account is missing in Active Directory.

Chapter 8: WORKING WITH COMPUTER ACCOUNTS28 TROUBLESHOOTING COMPUTER ACCOUNTS: SOLUTIONS Reset the computer account in Active Directory. If the computer account is missing, create a computer account. If the computer still belongs to the domain, you must remove it from the domain by changing its membership to a workgroup. Rejoin the computer to the domain. Reset the computer account in Active Directory. If the computer account is missing, create a computer account. If the computer still belongs to the domain, you must remove it from the domain by changing its membership to a workgroup. Rejoin the computer to the domain.

Chapter 8: WORKING WITH COMPUTER ACCOUNTS29 SUMMARY A computer object represents a specific system on the network. To add a computer to a domain, you must create a computer object for it in Active Directory and then join the physical computer to the object. To create computer objects, you can use the Active Directory Users and Computers console, the Dsadd utility, or the Netdom utility. A computer object represents a specific system on the network. To add a computer to a domain, you must create a computer object for it in Active Directory and then join the physical computer to the object. To create computer objects, you can use the Active Directory Users and Computers console, the Dsadd utility, or the Netdom utility.

Chapter 8: WORKING WITH COMPUTER ACCOUNTS30 SUMMARY (continued) Computer objects for non–domain controllers are placed in the Computers container by default. Computer object have a SID that Active Directory uses to reference the computer in its group memberships and other permissions. The typical steps for troubleshooting a computer object problem include creating or resetting the object, removing the computer from the domain, and rejoining it to the domain. Computer objects for non–domain controllers are placed in the Computers container by default. Computer object have a SID that Active Directory uses to reference the computer in its group memberships and other permissions. The typical steps for troubleshooting a computer object problem include creating or resetting the object, removing the computer from the domain, and rejoining it to the domain.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.