1 / 26

Active Directory Administration

Active Directory Administration. Lesson 5. Skills Matrix. Understanding User Accounts. Local accounts Domain accounts Built-in user accounts. Lesson 5. Understanding Group Accounts. Distribution groups Security groups. Lesson 5. Working with Default Groups. Account Operators

rocco
Download Presentation

Active Directory Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Administration Lesson 5

  2. Skills Matrix

  3. Understanding User Accounts • Local accounts • Domain accounts • Built-in user accounts Lesson 5

  4. Understanding Group Accounts • Distribution groups • Security groups Lesson 5

  5. Working with Default Groups • Account Operators • Administrators • Backup Operators • Certificate Services DCOM Access • Cryptographic Operators Lesson 5

  6. Working with Default Groups (cont.) • Distributed COM Users • Event Log Readers • Guests • IIS_IUSRS • Incoming Forest Trust Builders Lesson 5

  7. Working with Default Groups (cont.) • Network Configuration Operators • Performance Log Users • Performance Monitor Users • Pre-Windows 2000 Compatible Access • Print Operators Lesson 5

  8. Working with Default Groups (cont.) • Remote Desktop Users • Replicator • Server Operators • Terminal • Server License Servers Lesson 5

  9. Working with Default Groups (cont.) • Users • Windows Authorization Access Group • Allowed RODC Password Replication Group • Cert Publishers • Denied RODC Password Replication Group Lesson 5

  10. Working with Default Groups (cont.) • DnsAdmins • DnsUpdateProxy • Domain Admins • Domain Computers • Domain Controllers Lesson 5

  11. Working with Default Groups (cont.) • Domain Guests • Domain Users • Enterprise Admins • Enterprise Read-Only Domain Controllers • Group Policy Creator Owners Lesson 5

  12. Working with Default Groups (cont.) • RAS and IAS Servers • Read-Only Domain Controllers • Schema Admins Lesson 5

  13. Understanding Special Identity Groups and Local Groups • Anonymous Logon • Authenticated Users • Batch • Creator Group • Creator Owner Lesson 5

  14. Understanding Special Identity Groups and Local Groups (cont.) • Dial-up • Digest Authentication • Enterprise Domain Controllers • Everyone • Interactive Lesson 5

  15. Understanding Special Identity Groups and Local Groups (cont.) • IUSR • Local Service • Network • Network Service • Remote Interactive Logon Lesson 5

  16. Understanding Special Identity Groups and Local Groups (cont.) • Restricted • Self • Service • System • Terminal Server User Lesson 5

  17. Developing a Group Implementation Plan • Group implementation plan: • A plan that states who has the ability and responsibility to create, delete, and manage groups • A policy that states how domain local, global, and universal groups are to be used Lesson 5

  18. Developing a Group Implementation Plan (cont.) • Group implementation plan (cont.): • A policy that states guidelines for creating new groups and deleting old groups • A naming standards document to keep group names consistent • A standard for group nesting Lesson 5

  19. Creating Users and Groups • Batch files • Comma-Separated Value Directory Exchange (CSVDE) • LDAP Data Interchange Format Directory Exchange (LDIFDE) • Windows Script Host (WSH) Lesson 5

  20. You Learned • Three types of user accounts exist in Windows Server 2008: local user accounts, domain user accounts, and built-in user accounts. Local user accounts reside on a local computer and are not replicated to other computers by Active Directory. Domain user accounts are created and stored in Active Directory and replicated to all domain controllers within a domain. Built-in user accounts are automatically created when the operating system is installed and when a member server is promoted to a domain controller. Summary

  21. You Learned (cont.) • The Administrator account is a built-in domain account that serves as the primary supervisory account in Windows Server 2008. It can be renamed, but it cannot be deleted. The Guest account is a built-in account used to assign temporary access to resources. It can be renamed, but it cannot be deleted. This account is disabled by default, and the password can be left blank. Summary

  22. You Learned (cont.) • Windows Server 2008 group options include two types: security and distribution, and three scopes: domain local, global, and universal. • Domain local groups are placed on the ACL of resources and assigned permissions. They typically contain global groups in their membership list. Summary

  23. You Learned (cont.) • Global groups are used to organize domain users according to their resource access needs. Global groups are placed in the membership list of domain local groups, which are then assigned the desired permissions to resources. Summary

  24. You Learned (cont.) • Universal groups are used to provide access to resources anywhere in the forest. Their membership lists can contain global groups and users from any domain. Changes to universal group membership lists are replicated to all global catalog servers throughout the forest. Summary

  25. You Learned (cont.) • The recommended permission assignment strategy places users needing access permissions in a global group, the global group in a universal group, and the universal group in a domain local group and then assigns permissions to the domain local group. Summary

  26. You Learned (cont.) • Group nesting is the process of placing group accounts in the membership of other group accounts for the purpose of simplifying permission assignments. • Multiple users and groups can be created in Active Directory by using several methods. Windows Server 2008 offers the ability to use batch files, CSVDE, LDIFDE, and WSH to accomplish your administrative goals. Summary

More Related