ACTIVE DIRECTORY ADMINISTRATION - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

ACTIVE DIRECTORY ADMINISTRATION

Description:

Full control of computer, domain, forest. Used to establish administrative structure and create other accounts. Should ... Scripts can be VBScript or Jscript. ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 25
Provided by: york5
Category:

less

Transcript and Presenter's Notes

Title: ACTIVE DIRECTORY ADMINISTRATION


1
ACTIVE DIRECTORY ADMINISTRATION
  • Chapter 5

2
UNDERSTANDING USER ACCOUNTS
  • Authentication
  • User account types
  • Administrator
  • Guest

3
AUTHENTICATION AND ACCESS TOKEN
4
CATEGORIES OF USER ACCOUNTS
  • Security Accounts Manager (SAM)
  • Local
  • Builtin user accounts
  • Domain user accounts (NTDS.dit)
  • Domain local
  • Builtin user accounts

5
ADMINISTRATOR ACCOUNT
  • Full control of computer, domain, forest
  • Used to establish administrative structure and
    create other accounts
  • Should be renamed
  • Should be secured with a complex password
  • Can be disabled, but cannot be deleted

6
GUEST ACCOUNT
  • Designed to allow temporary access to the network
  • Disabled by default, but cannot be deleted
  • Should be secured with a complex password if
    enabled

7
GROUPS AND THEIR USERS
8
GROUP TYPES
9
GROUP TYPES, SCOPES, AND CONVERTING
  • Distribution groups
  • Typically used with applications to provide a
    list of users (Microsoft Exchange)
  • Cannot be used to assign access permissions
  • Security groups
  • Primarily used to grant access
  • Can also be used like a distribution group for
    e-mail, if the group has an e-mail address
    assigned

10
DOMAIN LOCAL GROUPS
  • Membership user accounts, computer accounts,
    global groups, universal groups from any domain,
    and domain local groups from the same domain.
  • Purpose Used to assign permissions to resources
    in the local domain.
  • Once you assign permissions to this group, you
    can use it to grant those permissions to other
    groups or users.

11
GLOBAL GROUPS
  • Membership User accounts, computer accounts, and
    other global groups.
  • Purpose Used to organize users.
  • Users are typically assigned to global groups
    based on job role, task, or title.

12
UNIVERSAL GROUPS
  • Membership user accounts, computer accounts,
    global or universal groups.
  • Purpose Used to organize users or groups of
    users in global groups.
  • Larger organizations typically use universal
    groups to group accounts from different domains.

13
GROUP NESTING WINDOWS 2000 MIXED DOMAIN
FUNCTIONAL LEVEL
14
GROUP NESTING WINDOWS 2000 NATIVE OR LATER
DOMAIN FUNCTIONAL LEVEL
15
DEFAULT GROUPS
  • Builtin security groups
  • Pre-defined permissions
  • Placed in Builtin and Users containers by default
  • Groups are sometimes added when services are
    installed
  • Dynamic Host Configuration Protocol (DHCP)
    service adds DHCP Admins and DHCP Users
  • Domain Name System (DNS) adds DNS Admins and DNS
    UpdateProxy

16
SPECIAL IDENTITY GROUPS
  • Anonymous Logon
  • Everyone
  • Authenticated Users
  • Interactive
  • Network

17
LOCAL GROUPS
  • Only on nonActive Directory databases
  • SAM database
  • Domain members local security databases
  • Typically used in peer-to-peer (workgroup)
    networks
  • Used to grant system rights and access to
    resources available on the local computer

18
DEVELOPING A GROUP IMPLEMENTATION PLAN
  • Determine who has the ability to create and
    manage users and groups.
  • Determine how domain local, global, and universal
    groups should be used.
  • Define the guidelines for the creation and
    deletion of users and groups.
  • Implement a common naming scheme for users and
    groups.
  • Determine the appropriate uses of group nesting.

19
CREATING USERS AND GROUPS
  • Batch files
  • netdsadd
  • Directory Exchange Utilities
  • CSVDE utility
  • LDIFDE utility
  • Windows Script Host (WSH)

20
USING BATCH FILES
  • net user
  • net group
  • dsadd user
  • dsadd group

21
USING CSVDE
  • Comma-separated values.
  • Header record must be defined using a
    distinguished name and schema attributes. Entries
    in the remainder of the file must follow the
    order of the header record.
  • Once the file is created, use csvde -i -f
    file.txt to import the users.
  • Cannot create users with passwords.
  • Cannot modify existing user accounts.

22
USING LDIFDE
  • Line-separated values. Object entries are
    separated by a hyphen.
  • Once the file is created, use ldifde -i -f
    file.txt to import the users.
  • Cannot create users with passwords.
  • Can modify passwords once users are created.
  • Can be used to import, export, and modify Active
    Directory objects.

23
USING WSH
  • Allows you to write scripts to create users and
    other Active Directory objects.
  • Scripts can be VBScript or Jscript.
  • Allows for highly customized solutions that
    automate the creation of user accounts.

24
SUMMARY
  • What are the two group types?
  • Which type can be used to assign permissions?
  • Which one is primarily for e-mail?
  • Name three group scopes.
  • What domain functional level is required for
    creating universal groups?
  • Name methods for automating user account creation.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ACTIVE DIRECTORY ADMINISTRATION" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!