Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 33 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
33
Dung lượng
1,82 MB
Nội dung
Module Creating Active Directory® Domain Services User and Computer Objects Module Overview • Managing User Accounts • Creating Computer Accounts • Automating AD DS Object Management • Using Queries to Locate Objects in AD DS Lesson 1: Managing User Accounts • What Is a User Account? • Names Associated with Domain User Accounts • User Account Password Options • Standard User Management • Tools for Configuring User Accounts • What Is a User Account Template? What Is a User Account? A user account is an object that enables authentication and access to local and network resources A user account can be stored: In AD DS (AD DS account) AD DS accounts enable log on to domains and provide access to shared network resources On the local computer (local account) Local accounts enable log on to a single computer and local resources Creating a user account also creates a Security ID (SID) Names Associated with Domain User Accounts Naming options for domain user accounts: Object Names Example Uniqueness requirement User logon name Gregory Must be unique within domain User logon name (pre-Microsoft® Windows® 2000) Woodgrove\Gregory Must be unique within domain User principal name (UPN) Gregory@WoodgroveBank.co Must be unique within m forest LDAP distinguished name CN=Gregory,OU=IT,DC= WoodgroveBank,DC=com Will be globally unique, combining RDN, container name, and domain names Relative distinguished name (RDN) CN=Gregory Must be unique in OU User Account Password Options User object passwords are a significant aspect of network security and can have options configured for: Password history Length Complexity By default, Windows Server® 2008 domain passwords must meet three out of the following four complexity requirements: Uppercase Lowercase Special characters Numbers Standard User Management Standard User management activities include: Updating group membership: provides user group membership and access rights Resetting user passwords: resets security authentication used to access domain computer Setting user expiration: sets expiration date on how long user can access domain Setting logon hours: sets the hours in which users can log on to the domain Assigning profiles and setting home folders: Assign user profiles and home folders to regulate access to resources Tools for Configuring User Accounts You use different tools for creating and managing local and domain user accounts: Account Local computer account Tools Windows XP and Windows Vista®: User Accounts • Windows Server 2003/2008: Active Directory Users and Computers Domain account • Command-line utilities: dsadd, Windows PowerShell™, CSVDE, LDIFDE Demonstration: Configuring User Accounts In this demonstration, you will see how to: • Create a new user account using Active Directory Users and Computers • Rename user accounts • View complexity requirements What Is a User Account Template? A user account template is an account with common properties already configured User accounts templates take advantage of similarity between user accounts To use user templates: Create several typical users reflecting various groups within your organization Copy the user account most like the new account you want to create Modify the attributes: names, e-mail address, logon name, etc Configuring AD DS Objects Using Command-Line Tools Command-line tools: • Dsadd - Add objects to AD DS • Dsmod - Modify objects in AD DS • Dsrm - Remove objects from AD DS • Dsget - Locate objects in AD DS • net user - Add or modify user accounts • Net group - Add or modify group access • Net computer - Add or remove computer objects from AD DS Managing User Objects with LDIFDE • LDIFDE.exe import export filename.ldf Active Directory Managing User Objects with CSVDE • CSVDE.exe export filename.csv Active Directory import HR Application What Is Windows PowerShell? Windows PowerShell is a scripting and command-line technology that you can use to manage AD DS and other Windows components Windows PowerShell features include: • Powerful single line cmdlets • Aliases • Variables • Pipelining • Scripting support • Access to all cmd.exe commands Windows PowerShell Cmdlets Windows PowerShell cmdlets all use the same syntax Verb Noun Get Date Start Service Parameters Example Get-Date W3SVC Start-Service W3SVC • Results fromW3svc | format-listpipelined to another Get-Service one cmdlet can be • Get-Service | sort-object name • Get-Service |where-object {$_.status –eq “running”} | sort-object name Demonstration: Configuring Active Directory Objects Using Windows PowerShell In this demonstration, you will see how to: • Configure Active Directory Objects using Windows PowerShell Lesson 4: Using Queries to Locate Objects in AD DS • Options for Locating Objects in AD DS • What Is a Saved Query? Options for Locating Objects in AD DS Sorting: use column headings in Active Directory Users and Computers to find the objects based on the columns Searching: provide the criteria for which you want to search Command-line: dsquery parameter Demonstration: Searching AD DS In this demonstration, you will see how to: • Search AD DS for user accounts What Is a Saved Query? A saved query is a way to save search criteria Saved queries provide: A quick and consistent way to access a common set of directory objects to monitor or to perform specific tasks Options for searching attributes (e.g last logon date) Demonstration: Using a Saved Query In this demonstration, you will see how to: • Create a saved query Lab: Creating AD DS User and Computer Accounts • Exercise 1: Creating and Configuring User Accounts • Exercise 2: Creating and Configuring Computer Accounts • Exercise 3: Automating the Management of AD DS Objects Logon information Virtual computers 6419A-NYC-DC1, 6419A-NYC-CL1 User name Administrator Password Pa$$w0rd Estimated time: 45 minutes Lab Scenario Woodgrove Bank is an enterprise that has offices located in several cities throughout the world Woodgrove Bank has deployed AD DS for Windows Server 2008 As one of the network administrators, one of your primary tasks will be to create and manage user and computer accounts Lab Review • In order for the searches like the ones used in this lab to return accurate results, what you have to when creating the user accounts? • Your organization has a group of desktop support technicians who need to be able to add all computers to the AD DS domain How can you ensure that these technicians can add more than 10 computers to the domain without granting them more permissions than required? Module Review and Takeaways • Review Questions • Considerations for Managing AD DS User and Computer Accounts ... • Create a saved query Lab: Creating AD DS User and Computer Accounts • Exercise 1: Creating and Configuring User Accounts • Exercise 2: Creating and Configuring Computer Accounts • Exercise... Management Active Directory Users and Computers Directory Service Tools • Dsadd • Dsmod • Dsrm Csvde and Ldifde Tools Windows PowerShell Configuring AD DS Objects Using Command-Line Tools Command-line... • Windows Server 20 03 /20 08: Active Directory Users and Computers Domain account • Command-line utilities: dsadd, Windows PowerShell™, CSVDE, LDIFDE Demonstration: Configuring User Accounts In