Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 2 Creating Active Directory ® Domain Services User and Computer Objects.

Published byBetty Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 2 Creating Active Directory ® Domain Services User and Computer Objects."— Presentation transcript:

1 Module 2 Creating Active Directory ® Domain Services User and Computer Objects

2 Module Overview Managing User Accounts Creating Computer Accounts Automating AD DS Object Management Using Queries to Locate Objects in AD DS

3 Lesson 1: Managing User Accounts What Is a User Account? Names Associated with Domain User Accounts User Account Password Options Standard User Management Tools for Configuring User Accounts What Is a User Account Template?

4 A user account can be stored: In AD DS (AD DS account) On the local computer (local account) What Is a User Account? Creating a user account also creates a Security ID (SID) A user account is an object that enables authentication and access to local and network resources AD DS accounts enable log on to domains and provide access to shared network resources Local accounts enable log on to a single computer and local resources

5 Naming options for domain user accounts: Names Associated with Domain User Accounts Object NamesExample Uniqueness requirement User logon nameGregory Must be unique within domain User logon name (pre-Microsoft ® Windows ® 2000) Woodgrove\Gregory Must be unique within domain User principal name (UPN) Gregory@WoodgroveBank.co m Must be unique within forest LDAP distinguished name CN=Gregory,OU=IT,DC= WoodgroveBank,DC=com Will be globally unique, combining RDN, container name, and domain names Relative distinguished name (RDN) CN=GregoryMust be unique in OU

6 User Account Password Options User object passwords are a significant aspect of network security and can have options configured for: Password history Length Complexity By default, Windows Server® 2008 domain passwords must meet three out of the following four complexity requirements: Uppercase Lowercase Special characters Numbers

7 Standard User Management Standard User management activities include: Updating group membership: provides user group membership and access rights Resetting user passwords: resets security authentication used to access domain computer Setting user expiration: sets expiration date on how long user can access domain Setting logon hours: sets the hours in which users can log on to the domain Assigning profiles and setting home folders: Assign user profiles and home folders to regulate access to resources

8 You use different tools for creating and managing local and domain user accounts: Tools for Configuring User Accounts AccountTools Local computer account Windows XP and Windows Vista®: User Accounts Domain account Windows Server 2003/2008: Active Directory Users and Computers Command-line utilities: dsadd, Windows PowerShell™, CSVDE, LDIFDE

9 Demonstration: Configuring User Accounts In this demonstration, you will see how to: Create a new user account using Active Directory Users and Computers Rename user accounts View complexity requirements

10 Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

11 What Is a User Account Template? User accounts templates take advantage of similarity between user accounts To use user templates: Create several typical users reflecting various groups within your organization Copy the user account most like the new account you want to create Modify the attributes: names, e-mail address, logon name, etc. A user account template is an account with common properties already configured

12 Demonstration: Creating and Using a User Account Template In this demonstration, you will see how to: Create and use a User Account Template

13 Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

14 Lesson 2: Creating Computer Accounts What Is a Computer Account? Options for Creating Computer Accounts Managing Computer Accounts

15 Computer accounts: What Is a Computer Account? Are required for authentication and auditing A computer account is an object in AD DS that identifies a computer in a domain A computer account is an object in AD DS that identifies a computer in a domain Enable managing computer by using group policies Are required for all computers running Windows NT or later

16 Options for Creating Computer Accounts ScenarioProcess Adding individual computers to a domain Add the computer to the domain through computer system properties Account will be created by default in Computers container Creating multiple computer accounts in preparation for automating an operating system and software deployment 1. Create an OU for each department 2. Pre-stage new computer accounts 3. Add the computer to the domain

17 Managing Computer Accounts Computer management activities include: Adding computer accounts: provides computer name and specifies management option Disabling computer accounts: maintains account, but prevents log on from the account Resetting the computer account: resets the security association between the domain and the client computer (re-join necessary) Deleting computer accounts: removes computer from all domain services Configuring group policies: manages software or computer desktop environments

18 Demonstration: Configuring Computer Accounts In this demonstration, you will see how to: Pre-stage a computer account Configure computer account settings Disable and reset a computer account

19 Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

20 Lesson 3: Automating AD DS Object Management Tools for Automating AD DS Object Management Configuring AD DS Objects Using Command-Line Tools Managing User Objects with LDIFDE Managing User Objects with CSVDE What Is Windows PowerShell? Windows PowerShell Cmdlets

21 Tools for Automating AD DS Object Management Active Directory Users and Computers Directory Service Tools Dsadd Dsmod Dsrm Csvde and Ldifde ToolsWindows PowerShell

22 Configuring AD DS Objects Using Command-Line Tools Command-line tools: Dsadd - Add objects to AD DS Dsmod - Modify objects in AD DS Dsrm - Remove objects from AD DS Dsget - Locate objects in AD DS net user - Add or modify user accounts Net group - Add or modify group access Net computer - Add or remove computer objects from AD DS

23 filename.ldf Managing User Objects with LDIFDE Active Directory import export LDIFDE.exe

24 Managing User Objects with CSVDE filename.csv Active Directory import export CSVDE.exe HR Application

25 What Is Windows PowerShell? Windows PowerShell is a scripting and command-line technology that you can use to manage AD DS and other Windows components Windows PowerShell features include: Powerful single line cmdlets Aliases Variables Pipelining Scripting support Access to all cmd.exe commands

26 Results from one cmdlet can be pipelined to another Windows PowerShell Cmdlets Windows PowerShell cmdlets all use the same syntax Noun Verb Date ParametersExample Get Get-Date Start Service W3SVC Start-Service W3SVC Get-Service W3svc | format-list Get-Service | sort-object name Get-Service |where-object {$_.status –eq “running”} | sort-object name

27 Demonstration: Configuring Active Directory Objects Using Windows PowerShell In this demonstration, you will see how to: Configure Active Directory Objects using Windows PowerShell

28 Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

29 Lesson 4: Using Queries to Locate Objects in AD DS Options for Locating Objects in AD DS What Is a Saved Query?

30 Options for Locating Objects in AD DS Sorting: use column headings in Active Directory Users and Computers to find the objects based on the columns Searching: provide the criteria for which you want to search Command-line: dsquery parameter

31 Demonstration: Searching AD DS In this demonstration, you will see how to: Search AD DS for user accounts

32 What Is a Saved Query? Saved queries provide: A quick and consistent way to access a common set of directory objects to monitor or to perform specific tasks A saved query is a way to save search criteria Options for searching attributes (e.g. last logon date)

33 Demonstration: Using a Saved Query In this demonstration, you will see how to: Create a saved query

34 Lab: Creating AD DS User and Computer Accounts Exercise 1: Creating and Configuring User Accounts Exercise 2: Creating and Configuring Computer Accounts Exercise 3: Automating the Management of AD DS Objects Logon information Virtual computers 6419A-NYC-DC1, 6419A-NYC-CL1 User nameAdministrator Password Pa$$w0rd Estimated time: 45 minutes

35 Lab Scenario Woodgrove Bank is an enterprise that has offices located in several cities throughout the world. Woodgrove Bank has deployed AD DS for Windows Server 2008. As one of the network administrators, one of your primary tasks will be to create and manage user and computer accounts.

36 Lab Review In order for the searches like the ones used in this lab to return accurate results, what do you have to do when creating the user accounts? Your organization has a group of desktop support technicians who need to be able to add all computers to the AD DS domain. How can you ensure that these technicians can add more than 10 computers to the domain without granting them more permissions than required?

37 Module Review and Takeaways Review Questions Considerations for Managing AD DS User and Computer Accounts

38 Module Review and Takeaways - Notes Review Questions Considerations for Managing AD DS User and Computer Accounts

Download ppt "Module 2 Creating Active Directory ® Domain Services User and Computer Objects."

Similar presentations

Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Module 3: Configuring Active Directory Objects and Trusts.

Module 3: Configuring Active Directory Objects and Trusts.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 5: Account Management.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 5: Account Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.

Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Microsoft ® Official Course Module 4 Automating Active Directory Domain Services Administration.

Microsoft ® Official Course Module 4 Automating Active Directory Domain Services Administration.
Windows Server 2003 使用者及電腦帳號管理 林寶森

Windows Server 2003 使用者及電腦帳號管理 林寶森
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

Similar presentations

Ads by Google