Module 2 Creating Active Directory ® Domain Services User and Computer Objects

Module Overview Managing User Accounts Creating Computer Accounts Automating AD DS Object Management Using Queries to Locate Objects in AD DS

Naming options for domain user accounts: Names Associated with Domain User Accounts Object NamesExample Uniqueness requirement User logon nameGregory Must be unique within domain User logon name (pre-Microsoft ® Windows ® 2000) Woodgrove\Gregory Must be unique within domain User principal name (UPN) m Must be unique within forest LDAP distinguished name CN=Gregory,OU=IT,DC= WoodgroveBank,DC=com Will be globally unique, combining RDN, container name, and domain names Relative distinguished name (RDN) CN=GregoryMust be unique in OU

User Account Password Options User object passwords are a significant aspect of network security and can have options configured for: Password history Length Complexity By default, Windows Server® 2008 domain passwords must meet three out of the following four complexity requirements: Uppercase Lowercase Special characters Numbers

You use different tools for creating and managing local and domain user accounts: Tools for Configuring User Accounts AccountTools Local computer account Windows XP and Windows Vista®: User Accounts Domain account Windows Server 2003/2008: Active Directory Users and Computers Command-line utilities: dsadd, Windows PowerShell™, CSVDE, LDIFDE

What Is a User Account Template? User accounts templates take advantage of similarity between user accounts To use user templates: Create several typical users reflecting various groups within your organization Copy the user account most like the new account you want to create Modify the attributes: names, address, logon name, etc. A user account template is an account with common properties already configured

Options for Creating Computer Accounts ScenarioProcess Adding individual computers to a domain Add the computer to the domain through computer system properties Account will be created by default in Computers container Creating multiple computer accounts in preparation for automating an operating system and software deployment 1. Create an OU for each department 2. Pre-stage new computer accounts 3. Add the computer to the domain

Managing Computer Accounts Computer management activities include: Adding computer accounts: provides computer name and specifies management option Disabling computer accounts: maintains account, but prevents log on from the account Resetting the computer account: resets the security association between the domain and the client computer (re-join necessary) Deleting computer accounts: removes computer from all domain services Configuring group policies: manages software or computer desktop environments

Configuring AD DS Objects Using Command-Line Tools Command-line tools: Dsadd - Add objects to AD DS Dsmod - Modify objects in AD DS Dsrm - Remove objects from AD DS Dsget - Locate objects in AD DS net user - Add or modify user accounts Net group - Add or modify group access Net computer - Add or remove computer objects from AD DS

filename.ldf Managing User Objects with LDIFDE Active Directory import export LDIFDE.exe

Managing User Objects with CSVDE filename.csv Active Directory import export CSVDE.exe HR Application

Results from one cmdlet can be pipelined to another Windows PowerShell Cmdlets Windows PowerShell cmdlets all use the same syntax Noun Verb Date ParametersExample Get Get-Date Start Service W3SVC Start-Service W3SVC Get-Service W3svc | format-list Get-Service | sort-object name Get-Service |where-object {$_.status –eq “running”} | sort-object name

Options for Locating Objects in AD DS Sorting: use column headings in Active Directory Users and Computers to find the objects based on the columns Searching: provide the criteria for which you want to search Command-line: dsquery parameter

What Is a Saved Query? Saved queries provide: A quick and consistent way to access a common set of directory objects to monitor or to perform specific tasks A saved query is a way to save search criteria Options for searching attributes (e.g. last logon date)