active directory administration lesson 5. skills matrix technology skillobjective domainobjective #...
TRANSCRIPT
![Page 1: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/1.jpg)
Active Directory Active Directory AdministrationAdministration
Lesson 5
![Page 2: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/2.jpg)
Skills MatrixSkills Matrix
Technology Skill Objective Domain Objective #
Creating Users, Computers, and Groups
Automate creation of Active Directory accounts
4.1
Creating Users, Computers, and Groups
Maintain Active Directory accounts
4.2
![Page 3: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/3.jpg)
Lesson 5Lesson 5
Understanding User Accounts
Local accounts
Domain accounts
Built-in user accounts
![Page 4: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/4.jpg)
Lesson 5Lesson 5
Understanding Group Accounts
Distribution groups
Security groups
![Page 5: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/5.jpg)
Lesson 5Lesson 5
Working with Default Groups
Account Operators
Administrators
Backup Operators
Certificate Services DCOM Access
Cryptographic Operators
![Page 6: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/6.jpg)
Lesson 5Lesson 5
Working with Default Groups (cont.)
Distributed COM Users
Event Log Readers
Guests
IIS_IUSRS
Incoming Forest Trust Builders
![Page 7: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/7.jpg)
Lesson 5Lesson 5
Working with Default Groups (cont.)
Network Configuration Operators
Performance Log Users
Performance Monitor Users
Pre-Windows 2000 Compatible Access
Print Operators
![Page 8: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/8.jpg)
Lesson 5Lesson 5
Working with Default Groups (cont.)
Remote Desktop Users
Replicator
Server Operators
Terminal
Server License Servers
![Page 9: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/9.jpg)
Lesson 5Lesson 5
Working with Default Groups (cont.)
Users
Windows Authorization Access Group
Allowed RODC Password Replication Group
Cert Publishers
Denied RODC Password Replication Group
![Page 10: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/10.jpg)
Lesson 5Lesson 5
Working with Default Groups (cont.)
DnsAdmins
DnsUpdateProxy
Domain Admins
Domain Computers
Domain Controllers
![Page 11: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/11.jpg)
Lesson 5Lesson 5
Working with Default Groups (cont.)
Domain Guests
Domain Users
Enterprise Admins
Enterprise Read-Only Domain Controllers
Group Policy Creator Owners
![Page 12: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/12.jpg)
Lesson 5Lesson 5
Working with Default Groups (cont.)
RAS and IAS Servers
Read-Only Domain Controllers
Schema Admins
![Page 13: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/13.jpg)
Lesson 5Lesson 5
Understanding Special Identity Groups and Local Groups
Anonymous Logon
Authenticated Users
Batch
Creator Group
Creator Owner
![Page 14: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/14.jpg)
Lesson 5Lesson 5
Understanding Special Identity Groups and Local Groups (cont.)
Dial-up
Digest Authentication
Enterprise Domain Controllers
Everyone
Interactive
![Page 15: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/15.jpg)
Lesson 5Lesson 5
Understanding Special Identity Groups and Local Groups (cont.)
IUSR
Local Service
Network
Network Service
Remote Interactive Logon
![Page 16: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/16.jpg)
Lesson 5Lesson 5
Understanding Special Identity Groups and Local Groups (cont.)
Restricted
Self
Service
System
Terminal Server User
![Page 17: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/17.jpg)
Lesson 5Lesson 5
Developing a Group Implementation Plan
Group implementation plan: A plan that states who has the ability and
responsibility to create, delete, and manage groups
A policy that states how domain local, global, and universal groups are to be used
![Page 18: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/18.jpg)
Lesson 5Lesson 5
Developing a Group Implementation Plan (cont.)
Group implementation plan (cont.): A policy that states guidelines for creating new
groups and deleting old groups
A naming standards document to keep group names consistent
A standard for group nesting
![Page 19: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/19.jpg)
Lesson 5Lesson 5
Creating Users and Groups
Batch files
Comma-Separated Value Directory Exchange (CSVDE)
LDAP Data Interchange Format Directory Exchange (LDIFDE)
Windows Script Host (WSH)
![Page 20: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/20.jpg)
SummarySummary
You LearnedThree types of user accounts exist in Windows Server
2008: local user accounts, domain user accounts, and built-in user accounts. Local user accounts reside on a local computer and are not replicated to other computers by Active Directory. Domain user accounts are created and stored in Active Directory and replicated to all domain controllers within a domain. Built-in user accounts are automatically created when the operating system is installed and when a member server is promoted to a domain controller.
![Page 21: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/21.jpg)
SummarySummary
You Learned (cont.)
The Administrator account is a built-in domain account that serves as the primary supervisory account in Windows Server 2008. It can be renamed, but it cannot be deleted. The Guest account is a built-in account used to assign temporary access to resources. It can be renamed, but it cannot be deleted. This account is disabled by default, and the password can be left blank.
![Page 22: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/22.jpg)
SummarySummary
You Learned (cont.)
Windows Server 2008 group options include two types: security and distribution, and three scopes: domain local, global, and universal.
Domain local groups are placed on the ACL of resources and assigned permissions. They typically contain global groups in their membership list.
![Page 23: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/23.jpg)
SummarySummary
You Learned (cont.)
Global groups are used to organize domain users according to their resource access needs. Global groups are placed in the membership list of domain local groups, which are then assigned the desired permissions to resources.
![Page 24: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/24.jpg)
SummarySummary
You Learned (cont.)
Universal groups are used to provide access to resources anywhere in the forest. Their membership lists can contain global groups and users from any domain. Changes to universal group membership lists are replicated to all global catalog servers throughout the forest.
![Page 25: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/25.jpg)
SummarySummary
You Learned (cont.)
The recommended permission assignment strategy places users needing access permissions in a global group, the global group in a universal group, and the universal group in a domain local group and then assigns permissions to the domain local group.
![Page 26: Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649ddd5503460f94ad54ac/html5/thumbnails/26.jpg)
SummarySummary
You Learned (cont.)
Group nesting is the process of placing group accounts in the membership of other group accounts for the purpose of simplifying permission assignments.
Multiple users and groups can be created in Active Directory by using several methods. Windows Server 2008 offers the ability to use batch files, CSVDE, LDIFDE, and WSH to accomplish your administrative goals.