Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4: Implementing User, Group, and Computer Accounts

Published byCrystal Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 4: Implementing User, Group, and Computer Accounts"— Presentation transcript:

1 Module 4: Implementing User, Group, and Computer Accounts

2 Overview Introduction to Accounts
Creating and Managing Multiple Accounts Implementing User Principal Name Suffixes Moving Objects in Active Directory Planning a User, Group, and Computer Account Strategy Planning an Active Directory Audit Strategy

3 Lesson: Introduction to Accounts
Types of Accounts Types of Groups What Are Domain Local Groups? What Are Global Groups? What Are Universal Groups?

4 Types of Accounts User accounts Computer accounts Group accounts
Enables a single sign-on for a user Provides access to resources Computer accounts Enables authentication and auditing of computer access to resources Group accounts Helps simplify administration

5 Types of Groups Distribution groups Security groups
Used only with applications Not security-enabled Security groups Used to assign rights and permissions to groups of users and computers Used most effectively when nested The functional level determines the type of groups that you can create

6 What Are Domain Local Groups?
A security or distribution group that can contain: Universal groups, global groups, and other domain local groups from its own domain Accounts from any domain in the forest

7 What Are Global Groups? A security or distribution group that can contain users, groups, and computers as members from its own domain

8 What Are Universal Groups?
A security or distribution group that can contain users, groups, and computers as members from any domain in its forest

9 Lesson: Creating and Managing Multiple Accounts
Tools for Creating and Managing Multiple Accounts How to Create Accounts Using the Csvde Tool How to Create and Manage Accounts Using the Ldifde Tool How to Create and Manage Accounts Using Windows Script Host

10 Tools for Creating and Managing Multiple Accounts
Active Directory Users and Computers Directory Service Tools Dsadd Dsmod Dsrm Csvde and Ldifde Tools Windows Script Host

11 How to Create Accounts Using the Csvde Tool
Your instructor will demonstrate how to create accounts by using the Csvde command-line tool

12 How to Create and Manage Accounts Using the Ldifde Tool
Your instructor will demonstrate how to create and manage accounts by using the Ldifde command-line tool

13 How to Create and Manage Accounts Using the Windows Script Host
Your instructor will demonstrate how to create and manage accounts by using Windows Script Host

14 Practice: Creating User Accounts
In this practice you will create and run a script file that contains commands to create a user account and then you will verify that the user account was created

15 Lesson: Implementing User Principal Name Suffixes
What Is a User Principal Name? Multimedia: How Name Suffix Routing Works How Name Suffix Conflicts Are Detected and Resolved How to Create and Remove a UPN Suffix How to Enable and Disable Name Suffix Routing in Forest Trusts

16 What Is a User Principal Name?
A logon name that is used only for logging on to a Windows Server 2003 network Advantages Unique in Active Directory Can be the same as a user’s address

17 Multimedia: How Name Suffix Routing Works
contoso.msft adatum.msft Trust

18 How Name Suffix Conflicts Are Detected and Resolved
Name suffix conflicts occur when A DNS name is already in use A NetBIOS name is already in use A domain SID conflicts with another name suffix SID Name suffix conflicts in a domain cause access to that domain from outside the forest to be denied

19 How to Create and Remove a UPN Suffix
Your instructor will demonstrate how to create and remove a UPN suffix

20 How to Enable and Disable Name Suffix Routing in Forest Trusts
Your instructor will demonstrate how to enable and disable name suffix routing in forest trusts

21 Practice: Creating UPN Suffixes
In this practice, you will create a name suffix for a second-level domain, and then enable name suffix routing between two forests

22 Lesson: Moving Objects in Active Directory
What Is SID History? Implications of Moving Objects How to Move Objects Within a Domain How to Move Objects Between Domains How to Use LDP to View Properties of Moved Objects

23 What Is SID History? SID History
Is a list of all SIDs that were assigned to a user account Provides a migrated user account with continuity of access to resources

24 Implications of Moving Objects
Within a domain No change to SID or GUID Within a forest New SID SID history Same GUID Across forests New GUID

25 How to Move Objects Within a Domain
Your instructor will demonstrate how to move Active Directory objects within a domain

26 How to Move Objects Between Domains
Your instructor will demonstrate how to move objects between domains

27 How to Use LDP to View Properties of Moved Objects
Your instructor will demonstrate how to view the properties of objects by using the LDP utility

28 Practice: Moving Objects
In this practice, you will use Ldp.exe to: Examine the SID, SIDHistory, and GUID of a user object. Move a user object to another organizational unit in the same domain. View any changes to the SID, SIDHistory, and GUID of the user object.

29 Lesson: Planning a User, Group, and Computer Account Strategy
Guidelines for Naming Accounts Guidelines for Setting a Password Policy Guidelines for Authenticating, Authorizing, and Administering Accounts Guidelines for Planning a Group Strategy

30 Guidelines for Naming Accounts
Define naming conventions for: User account names that identify the user Computers that identify the owner, location, and computer type Groups that identify the group type, its location, and the purpose of the group

31 Guidelines for Setting a Password Policy
Set Enforce password history to at least 24 passwords remembered Set the maximum password age to no more than 42 days Set the minimum password age to at least 2 days Set password length to at least 8 characters Enable the setting Password must meet complexity requirements

32 Guidelines for Authenticating, Authorizing, and Administering Accounts
Set the account lockout threshold policy setting to a high value Protect administrative accounts Use multifactor authentication Implement a role-based security model for granting permissions Disable the Administrator account and apply a least privilege policy to accounts

33 Guidelines for Planning a Group Strategy
Assign users with common job responsibilities to global groups Create a domain local group for sharing resources Add global groups that require access to resources to domain local groups Use universal groups to grant access to resources in multiple domains Use universal groups when membership is static

34 Practice: Planning an Account Strategy
In this practice, you will determine: An account naming strategy A password policy An authentication, authorization, and administration strategy A group strategy for your forest

35 Lesson: Planning an Active Directory Audit Strategy
Why Audit Access to Active Directory? Guidelines for Monitoring Changes to Active Directory

36 Why Audit Access to Active Directory?
To record all successful changes to Active Directory To track access to a resource or by a specific account To detect and log failed access attempts

37 Guidelines for Monitoring Changes to Active Directory
Enable: Auditing of account management events Success auditing of policy changes Failure auditing for system events Failure auditing of policy change events and account management events when necessary

38 Practice: Planning an Audit Strategy
In this practice, you will determine which audit policies to enable for Active Directory

39 Lab A: Implementing an Account and Audit Strategy
Planning an Account and Audit Strategy Creating Accounts by Using the Csvde Tool Creating a UPN Suffix Moving a Group of Users

Download ppt "Module 4: Implementing User, Group, and Computer Accounts"

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Windows Server 2003 建立網域間之信任關係

Windows Server 2003 建立網域間之信任關係
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 3: Configuring Active Directory Objects and Trusts.

Module 3: Configuring Active Directory Objects and Trusts.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
Administering Active Directory

Administering Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.

Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
Understanding Active Directory

Understanding Active Directory
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.

Similar presentations

Ads by Google