Actualizing and Overseeing Gathering and PC Accounts.

Uploaded on:
Category: Animals / Pets
Nearby User Accounts. Permit clients to sign on to and get entrance to ... Use worldwide gatherings to contain represents getting to assets in the same and in ...
Slide 1

Implementing and Managing Group and Computer Accounts

Slide 2

Domain User Accounts Allow clients to sign on to the space and access assets anyplace on the system Created in an OU in the Active Directory store Replicated to all area controllers

Slide 3

Local User Accounts Allow clients to sign on to and access assets on the PC where they sign in Created in the PC\'s security database Not imitated to space controllers

Slide 4

Introduction to Group Accounts A gathering is a holder object Used to sort out accumulations of clients, PCs, contacts, different gatherings Used to improve organization Similar to Organizational Units aside from OUs are not security principals , gatherings are OUs can just contain objects from their guardian space , gatherings can contain objects from inside backwoods

Slide 5

Introduction to Groups disentangle organization of client consents. Clients can be individuals from more than one gathering. When you allot authorizations, you give clients the capacity to access particular assets.

Slide 6

Group Types Security bunches Defined by Security Identifier (SID) Can be relegated consents for assets In optional access control records (DACLs) Can be alloted rights to perform diverse errands Can likewise be utilized as email substances Distribution gathers Primarily utilized as email elements Do not have related SID

Slide 7

Group Scopes Scope alludes to consistent limit of authorizations to particular assets Both Security and Distribution Groups have scopes Three degrees Objects conceivable inside every extension subject to designed useful level of an area Scope sorts are worldwide, space neighborhood, and general

Slide 8

Group Scopes (proceeded with) Three area useful levels: Windows 2000 blended: default arrangement, bolsters a mix of Windows NT Server 4.0, 2000 Server, and Server 2003 area controllers Windows 2000 local: underpins a mix of Windows 2000 Server and Server 2003 space controllers Windows Server 2003: bolsters Windows Server 2003 area controllers just

Slide 9

Global Groups Organize gatherings of clients, PCs, bunches inside the same space Use worldwide gatherings to contain represents getting to assets in the same and in different areas by means of area nearby gatherings Usually speaks to a geographic area or occupation capacity bunch Types of articles in gathering identified with designed utilitarian level of the space Depends on the sorts of area controllers in environment

Slide 10

Domain Local Groups Created on space controllers Can be doled out rights and authorizations to any asset inside the same area Can contain bunches from different spaces Specific items permitted in gathering identified with designed useful level of the area

Slide 11

Domain Local Group Example Managing security through space neighborhood and worldwide gatherings

Slide 12

Universal Groups Typically made to total clients or gatherings in various areas Stored on area controllers arranged as worldwide list servers Can be appointed rights and consents for any asset inside a backwoods Can just be made at the Windows 2000 local or Windows Server 2003 space practical level

Slide 13

Universal Groups (proceeded)

Slide 14

Creating Group Objects Group articles are put away in Active Directory database Variety of apparatuses can be utilized can be utilized for creation and administration Active Directory Users and Computers Command-line utilities DSADD, DSMOD, DSQUERY, and so forth

Slide 15

Active Directory Users and Computers Primary instrument To make bunch records Can likewise be utilized to design properties of gathering records Groups can be made in any inherent holders, at foundation of the area object, or in custom OU objects Possible gathering extensions dictated by the useful level the area is arranged to

Slide 16

Managing Groups

Slide 17

Raising Functional Level

Slide 18

Creating Groups

Slide 19

Converting Group Types May need to change a security gathering to a circulation gathering or the other way around Type of gathering must be changed if space useful level is Windows 2000 local or above

Slide 20

Converting Group Types

Slide 21

Converting Group Scopes Scope of a gathering can be changed Domain useful level must be at any rate Windows 2000 local Supported changes Global to widespread Group can not be an individual from another Global Group would bring about a Universal Group being an individual from a Global Group Domain nearby to all inclusive Cannot contain other Domain Local Groups Universal Groups can\'t contain Domain Local Groups

Slide 22

Converting Group Scopes (con\'t) Universal to worldwide Cannot contain other Universal Groups Result would be a Global Group containing a Universal Group Universal to area neighborhood No Restrictions

Slide 23

Group Scope

Slide 24

Command Line Utilities A distinct option for Active Directory Users and Computers Some executives have an inclination for summon line utilities Command-line utilities are more adaptable for gathering administration and creation in a few circumstances

Slide 25

DSADD Introduced in Windows Server 2003 Used to make new client and gathering accounts Syntax is dsadd bunch recognized name Switches include: - secgrp, - scope, - memberof, - individuals More help is accessible for switches and choices at Windows Server 2003 Help and Support Center or at order line

Slide 26

DSADD (proceeded)

Slide 27

DSMOD Allows different article sorts to be adjusted from the charge line Syntax is dsmod bunch recognized name Switches include: - desc, - rmmbr, - addmbr, - chmbr

Slide 28

DSMOD (proceeded)

Slide 29

DSQUERY Used to question different item sorts from the summon line, returns values Syntax for gatherings is dsquery bunch inquiry Supports trump card character (*) Output can be funneled (|) as data to other charge line devices Sent (>>) to a document

Slide 30

DSMOVE Used to move or rename different item sorts from the summon line Syntax for gatherings is dsmove bunch recognized name Switches include: - newparent, - newname Can just be utilized for gatherings inside a solitary area

Slide 31

DSRM Used to erase different item sorts from the order line Syntax for gatherings is dsrm bunch recognized name Switches include: - noprompt

Slide 32

Managing Security Groups Strategy for overseeing security bunches utilizes acronym A G U DL P: Create client Accounts (An) Organize them inside Global gatherings (G) Optional: Create Universal gatherings (U) and spot worldwide gatherings from any space in all inclusive gatherings Create Domain Local gatherings (DL) and include worldwide and all inclusive gatherings Assign Permissions (P) to the space nearby gatherings

Slide 33

Determining Group Membership Important undertaking for heads is to guarantee that clients are individuals from right gatherings One technique is by means of Member Of tab in the properties of a client account Only shows first level of gatherings (not gatherings of gatherings) Second technique is to utilize DSGET Returns qualities to an inquiry

Slide 34

Determining Group Membership (proceeded with) Syntax is dsget bunch recognized name switches - Switches include: - individuals, - memberof, - extend Can likewise be utilized as dsget client to get enrollment data around a particular client Output can be spared to a record: dsget bunch recognized name switches >> filename

Slide 35

Built-In Groups When Windows Server 2003 Active Directory is introduced Built-in gatherings are made consequently Rights are pre-doled out Stored in Builtin compartment and Users holder Use worked in gatherings where conceivable Eases usage of security rights

Slide 36

The Builtin Container Contains various area neighborhood bunch accounts Allocated diverse client rights in view of basic managerial or system related assignments

Slide 37

The Builtin Container (proceeded)

Slide 38

The Users Container Contains various space neighborhood and worldwide gathering accounts Some gatherings just found in the root space of an Active Directory woods as opposed to in individual areas Enterprise Admins Schema Admins

Slide 39

The Users Container (proceeded)

Slide 40

Creating and Managing Computer Accounts Computer accounts required on Windows NT 4.0, 2000, XP, Server 2003 Can be made amid establishment or included physically later Creation and administration devices Active Directory Users and Computers System applet in Control Panel Command-line utilities

Slide 41

Computer Accounts

Slide 42

Resetting Computer Accounts Secure channel Used by PCs that are area individuals to speak with area controller Password is changed at regular intervals Automatically synchronized amongst DC and WS

Slide 43

Resetting Computer Accounts Occasional synchronization issues emerge Computer has not been associated with system for 30+ days Secure channel has be traded off some how Results in the client not being authenicated Administrator must reset PC account Using Active Directory Users and Computers Netdom.exe charge from Windows Support Tools netdom reset computername/domin: domainname

Slide 44

What\'s Scope?

View more...