Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.

Published byDarrell Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to."— Presentation transcript:

1 11 WORKING WITH COMPUTER ACCOUNTS Chapter 8

2 Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to an Active Directory domain  Create and manage computer objects  Troubleshoot computer accounts  Describe the process of adding a computer to an Active Directory domain  Create and manage computer objects  Troubleshoot computer accounts

3 Chapter 8: WORKING WITH COMPUTER ACCOUNTS3 UNDERSTANDING COMPUTER OBJECTS  Logical representation in Active Directory of the physical computer object  Can be granted permissions to other objects and be subject to group policy  Can be made a member of a group  Logical representation in Active Directory of the physical computer object  Can be granted permissions to other objects and be subject to group policy  Can be made a member of a group

4 Chapter 8: WORKING WITH COMPUTER ACCOUNTS4 ADDING COMPUTERS TO A DOMAIN  Step 1: Create a computer account in Active Directory  Step 2: Join the computer to the domain  Step 1: Create a computer account in Active Directory  Step 2: Join the computer to the domain

5 Chapter 8: WORKING WITH COMPUTER ACCOUNTS5 CREATING COMPUTER OBJECTS  Computer object must exist in Active Directory before computer can be joined to the domain.  Computer object can be created using Active Directory Users and Computers or a command-line tool such as Dsadd.  Computer account can also be created during the domain joining process.  Computer object must exist in Active Directory before computer can be joined to the domain.  Computer object can be created using Active Directory Users and Computers or a command-line tool such as Dsadd.  Computer account can also be created during the domain joining process.

6 Chapter 8: WORKING WITH COMPUTER ACCOUNTS6 CREATING COMPUTER OBJECTS USING ACTIVE DIRECTORY USERS AND COMPUTERS

7 Chapter 8: WORKING WITH COMPUTER ACCOUNTS7 CREATING COMPUTER OBJECTS USING DSADD.EXE  Allows computer account creation to be scripted  Provides a mechanism to create large amounts of computer accounts at one time  Allows computer account creation to be scripted  Provides a mechanism to create large amounts of computer accounts at one time

8 Chapter 8: WORKING WITH COMPUTER ACCOUNTS8 CREATING COMPUTER OBJECTS USING NETDOM.EXE  Command-line utility  Simpler to use than Dsadd  Must be extracted from the support.cab archive in the \Support\Tools folder on the Windows Server 2003 installation CD  Command-line utility  Simpler to use than Dsadd  Must be extracted from the support.cab archive in the \Support\Tools folder on the Windows Server 2003 installation CD

9 Chapter 8: WORKING WITH COMPUTER ACCOUNTS9 JOINING COMPUTERS TO A DOMAIN

10 Chapter 8: WORKING WITH COMPUTER ACCOUNTS10 JOINING A DOMAIN USING NETDOM.EXE  Allows computers to be joined to the domain from a command line  Allows scripts to be developed to streamline the process of joining a computer to a domain  Allows computers to be joined to the domain from a command line  Allows scripts to be developed to streamline the process of joining a computer to a domain

11 Chapter 8: WORKING WITH COMPUTER ACCOUNTS11 CREATING COMPUTER OBJECTS WHILE JOINING THE DOMAIN

12 Chapter 8: WORKING WITH COMPUTER ACCOUNTS12 JOINING A DOMAIN DURING OPERATING SYSTEM INSTALLATION

13 Chapter 8: WORKING WITH COMPUTER ACCOUNTS13 LOCATING COMPUTER OBJECTS  The Computers container  The Domain Controllers OU  The Computers container  The Domain Controllers OU

14 Chapter 8: WORKING WITH COMPUTER ACCOUNTS14 LOCATING DOMAIN CONTROLLER COMPUTER OBJECTS  Computer accounts for domain controllers are placed in the system-created domain controllers OU by default.  The Default Domain Controllers Policy GPO is applied to the container.  Computer accounts for domain controllers are placed in the system-created domain controllers OU by default.  The Default Domain Controllers Policy GPO is applied to the container.

15 Chapter 8: WORKING WITH COMPUTER ACCOUNTS15 LOCATING OTHER COMPUTER OBJECTS  Non–domain-controller computer accounts are placed in the Computers system-created container by default.  Container does not support group policy  Non–domain-controller computer accounts are placed in the Computers system-created container by default.  Container does not support group policy

16 Chapter 8: WORKING WITH COMPUTER ACCOUNTS16 REDIRECTING COMPUTER OBJECTS  Allows an alternative default location for computer accounts to be specified.  Use the Redircmp.exe command-line utility.  Works only on Windows Server 2003 domain functional level.  Can be overridden by explicit computer account creation commands.  Allows an alternative default location for computer accounts to be specified.  Use the Redircmp.exe command-line utility.  Works only on Windows Server 2003 domain functional level.  Can be overridden by explicit computer account creation commands.

17 Chapter 8: WORKING WITH COMPUTER ACCOUNTS17 MANAGING COMPUTER OBJECTS  Computer objects have properties.  Can be viewed and configured through Active Directory Users and Computers  Computer objects have properties.  Can be viewed and configured through Active Directory Users and Computers

18 Chapter 8: WORKING WITH COMPUTER ACCOUNTS18 MODIFYING COMPUTER OBJECT PROPERTIES

19 Chapter 8: WORKING WITH COMPUTER ACCOUNTS19 DELETING, DISABLING, AND RESETTING COMPUTER OBJECTS Deleting  Removes the computer account from Active Directory Disabling  Prevents the computer from being used to log on to the domain Resetting  Reestablishes relationship between a computer and Active Directory Deleting  Removes the computer account from Active Directory Disabling  Prevents the computer from being used to log on to the domain Resetting  Reestablishes relationship between a computer and Active Directory

20 Chapter 8: WORKING WITH COMPUTER ACCOUNTS20 DELETING COMPUTER OBJECTS  Manually through Active Directory Users and Computers  Automatically by changing the domain membership on the computer  Using a command-line tool such as Dsrm  Manually through Active Directory Users and Computers  Automatically by changing the domain membership on the computer  Using a command-line tool such as Dsrm

21 Chapter 8: WORKING WITH COMPUTER ACCOUNTS21 DISABLING COMPUTER OBJECTS

22 Chapter 8: WORKING WITH COMPUTER ACCOUNTS22 RESETTING A COMPUTER OBJECT  Necessary when replacing or upgrading a computer system  Allows an appropriately named new system to use an existing computer account  Necessary when replacing or upgrading a computer system  Allows an appropriately named new system to use an existing computer account

23 Chapter 8: WORKING WITH COMPUTER ACCOUNTS23 MANAGING REMOTE COMPUTERS  Allows you to perform management tasks across the network  Actually a shortcut to the Computer Management MMC snap-in  Allows you to perform management tasks across the network  Actually a shortcut to the Computer Management MMC snap-in

24 Chapter 8: WORKING WITH COMPUTER ACCOUNTS24 MANAGING COMPUTER OBJECTS FROM THE COMMAND LINE Dsmod  Used to modify existing computer account objects Dsrm  Used to remove computer account objects from Active Directory Dsmod  Used to modify existing computer account objects Dsrm  Used to remove computer account objects from Active Directory

25 Chapter 8: WORKING WITH COMPUTER ACCOUNTS25 MANAGING COMPUTER OBJECT PROPERTIES WITH DSMOD.EXE  Can be used to modify properties of existing computer account objects  Useful for creating scripts and batch files to automate changes  Cannot be used to create or delete computer account objects  Can be used to modify properties of existing computer account objects  Useful for creating scripts and batch files to automate changes  Cannot be used to create or delete computer account objects

26 Chapter 8: WORKING WITH COMPUTER ACCOUNTS26 DELETING COMPUTER OBJECT PROPERTIES WITH DSRM.EXE  Can be used to delete computer account objects from the command line  Requires confirmation of deletion unless the - noprompt switch is used  Can be used to delete computer account objects from the command line  Requires confirmation of deletion unless the - noprompt switch is used

27 Chapter 8: WORKING WITH COMPUTER ACCOUNTS27 TROUBLESHOOTING COMPUTER ACCOUNTS: PROBLEMS  Messages at logon indicate that a domain controller cannot be contacted, that the computer account might be missing, or that the trust between the computer and the domain has been lost.  Error messages or entries in an event log indicate similar problems or suggest that passwords, trusts, secure channels, or relationships with the domain or a domain controller have failed.  A computer account is missing in Active Directory.  Messages at logon indicate that a domain controller cannot be contacted, that the computer account might be missing, or that the trust between the computer and the domain has been lost.  Error messages or entries in an event log indicate similar problems or suggest that passwords, trusts, secure channels, or relationships with the domain or a domain controller have failed.  A computer account is missing in Active Directory.

28 Chapter 8: WORKING WITH COMPUTER ACCOUNTS28 TROUBLESHOOTING COMPUTER ACCOUNTS: SOLUTIONS  Reset the computer account in Active Directory.  If the computer account is missing, create a computer account.  If the computer still belongs to the domain, you must remove it from the domain by changing its membership to a workgroup.  Rejoin the computer to the domain.  Reset the computer account in Active Directory.  If the computer account is missing, create a computer account.  If the computer still belongs to the domain, you must remove it from the domain by changing its membership to a workgroup.  Rejoin the computer to the domain.

29 Chapter 8: WORKING WITH COMPUTER ACCOUNTS29 SUMMARY  A computer object represents a specific system on the network.  To add a computer to a domain, you must create a computer object for it in Active Directory and then join the physical computer to the object.  To create computer objects, you can use the Active Directory Users and Computers console, the Dsadd utility, or the Netdom utility.  A computer object represents a specific system on the network.  To add a computer to a domain, you must create a computer object for it in Active Directory and then join the physical computer to the object.  To create computer objects, you can use the Active Directory Users and Computers console, the Dsadd utility, or the Netdom utility.

30 Chapter 8: WORKING WITH COMPUTER ACCOUNTS30 SUMMARY (continued)  Computer objects for non–domain controllers are placed in the Computers container by default.  Computer object have a SID that Active Directory uses to reference the computer in its group memberships and other permissions.  The typical steps for troubleshooting a computer object problem include creating or resetting the object, removing the computer from the domain, and rejoining it to the domain.  Computer objects for non–domain controllers are placed in the Computers container by default.  Computer object have a SID that Active Directory uses to reference the computer in its group memberships and other permissions.  The typical steps for troubleshooting a computer object problem include creating or resetting the object, removing the computer from the domain, and rejoining it to the domain.

31 Chapter 8: WORKING WITH COMPUTER ACCOUNTS31

Download ppt "11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to."

Similar presentations

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
7.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory

Administering Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Lesson 14: Creating and Managing Active Directory Users and Computers

Lesson 14: Creating and Managing Active Directory Users and Computers
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

Similar presentations

Ads by Google