Presentation is loading. Please wait.

Presentation is loading. Please wait.

CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

Published byLesley Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+"— Presentation transcript:

1 CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

2 Agenda Chapter 5: Active Directory Administration Quiz Exercise

3 Understanding User Accounts Three types of user accounts can be created and configured in Windows Server 2008: ▫Local accounts ▫Domain accounts ▫Built-in user accounts

4 Security guidelines Rename the Administrator account ▫Set a strong password Limit knowledge of administrator passwords to only a few individuals Do not use the Administrator account for daily non-administrative tasks Rename the Guest account after enabling it for use ▫Set a strong password

5 Group Accounts Groups are implemented to allow administrators to assign rights and permissions to multiple users simultaneously. A group can be defined as a collection of user or computer accounts that is used to simplify the assignment of rights or permissions to network resources.

6 Group Types Distribution groups ▫Non-security-related groups created for the distribution of information to one or more persons. Security groups ▫Security-related groups created for purposes of granting resource access permissions to multiple users.

7 Group Nesting Users can be members of more than one group. Groups can contain other Active Directory objects, such as computers, and other groups. Groups containing groups is called group nesting.

8 Group Scopes Domain Local ▫These groups can include users, computers, global groups, and universal groups from any domain ▫To assign permissions to any resource in the domain in which they are located Global ▫These groups can include users, computers, and global groups only from within the same domain ▫To assign permission to resources that reside in any domain in the forest ▫Global group memberships are replicated only to DC within the same domain Universal ▫Same as global group, but the group memberships should not change frequently because these groups are stored in the GC

9 Using Global and Domain Local Groups Assign users within a domain to global groups. Add global groups to domain local groups. Assign permissions to domain local group.

10 AGUDLP Microsoft approach to using groups: ▫add A ccounts to G lobal groups. ▫add those global groups to U niversal groups. ▫Add universal groups to D omain L ocal groups. ▫Finally, assign P ermissions to the domain local groups.

11 Creating and Managing Groups Creating and managing groups is usually done with Active Directory Users and Computers.

12 Working with Default Groups Account Operators ▫Can create, modify and delete accounts for users, groups, and computers in all containers and OUs. ▫Cannot modify administrators, domain admins and enterprise admin groups. Administrators Backup Operators Guests ▫Disabled by default

13 Working with Default Groups Print Operators ▫Can manage printers and document queues. Server Operators ▫Can log on a server interactively ▫Create and delete shares, start and stop some services ▫Back up and restore files ▫Format the disk, shutdown the computer and modify the system date and time.

14 Working with Default Groups Users DNSAdmins ▫Permits administrative access to the DNS server service. Domain Admins Domain Computers ▫Contains all computers. ▫Used to make computer management easier through group policies. Domain Controllers – Contains all computers installed in the domain as a domain controller.

15 Working with Default Groups Domain Guests ▫Members include all domain guests. Domain Users ▫Used to assign permissions to all users in the domain. Enterprise Admins ▫Allows the global administrative privileges associated with this group, such as the ability to create and delete domains.

16 Working with Default Groups Schema Admins ▫Members can manage and modify the Active Directory schema. See Table 5-1 on Page 106 - 111

17 Special Identity Groups and Local Groups Authenticated Users ▫Used to allow controlled access to resources throughout the forest or domain. Everyone See Table 5-2 on Page 112 - 113

18 Group Implementation Plan A plan that states ▫who has the ability and responsibility to create, delete, and manage groups. A policy that states ▫how domain local, global, and universal groups are to be used. ▫guidelines for creating new groups and deleting old groups. A naming standards document to keep group names consistent. A standard for group nesting.

19 Creating Users and Groups Active Directory Users and Computers Batch files ▫DSAdd user username DN –samid SAM account name ▫Dsadd user cn=jsmith,ou=Accounts,dc=lucernepublishing,dc =com –samid jsmith

20 Creating Users and Groups (Cont.) Comma-Separated Value Directory Exchange (CSVDE) ▫Header record (See Page 119) ▫Csvde.exe –i –f newusers.csv  -i is to import  -f is to specify the file to import

21 Creating Users and Groups (Cont.) LDAP Data Interchange Format Directory Exchange (LDIFDE) ▫You can Add/Modify/Delete the object ▫Ldifde –i –f newobjects.ldf Windows Script Host (WSH) ▫See code on Page 121

22 Creating Users and Groups (Cont.) Windows PowerShell ▫$objOU=[ADSI]”LDAP://OU=People, DC=contoso, DC=Com” ▫$objUser = $objOU.Create(“user”,”CN=Mary North”) ▫$objUser.put(SamAccountName”,”mary.north”) ▫$objUser.SetInfo() ▫Windows 2008 R2  Import-module ActiveDirectory  New-ADusers –SamAccountName “mary.north”

23 Creating Users and Groups (Cont.) Note: ▫CSVDE and LDIFDE cannot import user’s password, hence the user will be disabled by default ▫Only DSADD supports specifying the password

24 Offline Domain Join Offline domain join is a process to add computers to a domain in locations where there is no connectivity to a corporate network. ▫Windows Server 2008 R2 ▫Windows 7 image or on running computer The offline domain join process includes the following phases: ▫Run the djoin.exe/provision  To create computer account metadata from the text file  djoin /provision /domain /machine /savefile ▫Run the djoin.exe/requestODJ  To insert the computer account metadata into the Windows directory of the destination computer:  djoin /requestodj /loadfile

25 Assignment Fill in the blank ▫1-10 Multiple Choice ▫1-10 Online Lab 5

Download ppt "CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+"

Similar presentations

CN2140 Server II (V2) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN2140 Server II (V2) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
MOAC : Installing and Configuring Windows Server 2012

MOAC : Installing and Configuring Windows Server 2012
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 5: Account Management.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 5: Account Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Lesson 14: Creating and Managing Active Directory Users and Computers

Lesson 14: Creating and Managing Active Directory Users and Computers
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.

Module 2 Creating Active Directory ® Domain Services User and Computer Objects.

Similar presentations

Ads by Google