programming4us
 
Applications Server
 

Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 1) - Overview of Active Directory Objects

12/7/2014 8:19:59 PM

Now that you are familiar with the task of creating OUs, you should find creating and managing other Active Directory objects quite simple. The following sections look at the details.

1. Overview of Active Directory Objects

When you install and configure a domain controller, Active Directory sets up some organization for you, and you can create and manage several types of objects. This section describes these features.

1.1. Active Directory Organization

By default, after you install and configure a domain controller, you will see the following organizational sections within the Active Directory Users And Computers tool (they look like folders):


Built-In

The Built-In container includes all of the standard groups that are installed by default when you promote a domain controller. You can use these groups to administer the servers in your environment. Examples include the Administrators group, Backup Operators, and Print Operators.


Computers

By default, the Computers container contains a list of the workstations in your domain. From here, you can manage all of the computers in your domain.


Domain Controllers

The Domain Controllers container includes a list of all of the domain controllers for the domain.


Foreign security principals

Foreign security principals are any objects to which security can be assigned and that are not part of the current domain. Security principals are Active Directory objects to which permissions can be applied, and they can be used to manage permissions in Active Directory.


Users

The Users container includes all of the security accounts that are part of the domain. When you first install the domain controller, there will be several groups in this container. For example, the Domain Admins group and the Administrator account are created in this container.

1.2. Active Directory Objects

You can create and manage several different types of Active Directory objects. The following are specific object types:


Computer

Computer objects represent workstations that are part of the Active Directory domain. All computers within a domain share the same security database, including user and group information. Computer objects are useful for managing security permissions and enforcing Group Policy restrictions.


Contact

Contact objects are usually used in OUs to specify the main administrative contact. Contacts are not security principals like users. They are used to specify information about individuals within the organization.


Group

Group objects are logical collections of users primarily for assigning security permissions to resources. When managing users, you should place them into groups and then assign permissions to the group. This allows for flexible management without the need to set permissions for individual users.


Organizational Unit

An OU object is created to build a hierarchy within the Active Directory domain. It is the smallest unit that can be used to create administrative groupings, and it can be used to assign group policies. Generally, the OU structure within a domain reflects a company's business organization.


Printer

Printer objects map to printers.


Shared Folder

Shared Folder objects map to server shares. They are used to organize the various file resources that may be available on file/print servers. Often, Shared Folder objects are used to give logical names to specific file collections. For example, systems administrators might create separate shared folders for common applications, user data, and shared public files.


User

A User object is the fundamental security principal on which Active Directory is based. User accounts contain information about individuals, as well as password and other permission information.


InetOrgPerson

The InetOrgPerson object is an Active Directory object that defines attributes of users in Lightweight Directory Access Protocol (LDAP) and X.500 directories.


MSMQ Queue Alias

An MSMQ Queue Alias object is an Active Directory object for the MSMQ-Custom-Recipient class type. The MSMQ (Microsoft Message Queuing) Queue Alias object associates an Active Directory path and a user-defined alias with a public, private, or direct single-element format name. This allows a queue alias to be used to reference a queue that might not be listed in Active Directory Domain Services (AD DS).

1.2.1. Creating Objects Using the Active Directory Users And Computers Tool

Exercise 1 walks you through the steps you need to take to create various objects within an Active Directory domain. In this exercise, you create some basic Active Directory objects.

Exercise 1: Creating Active Directory Objects

  1. Open the Active Directory Users And Computers tool.

  2. Expand the current domain to list the objects currently contained within it. For this exercise you will use the second- and third-level OUs contained within the North America top-level OU, as shown in the following graphic.



  3. Right-click the Corporate OU, and select New => User. Fill in the following information:

    First Name: Maria

    Initial: D

    Last Name: President

    Full Name: (leave as default)

    User Logon Name: mdpresident (leave default domain)

    Click Next to continue.



  4. Enter in "P@ssw0rd" for the password for this user, and then confirm it. Note that you can also make changes to password settings here. Click Next.



  5. You will see a summary of the user information. Click Finish to create the new user.

  6. Click on the RD container and create another user in that container with the following information:

    First Name: John

    Initials: Q

    Last Name: Admin

    Full Name: (leave as default)

    User Logon Name: jqadmin (leave default domain)

    Click Next to continue.

  7. Assign the password "P@ssw0rd". Click Next, and then click Finish to create the user.

  8. Right-click the RD OU, and select New => Contact. Use the following information to fill in the properties of the Contact object:

    First Name: Jane

    Initials: R

    Last Name: Admin

    Display Name: jradmin

    Click OK to create the new Contact object.



  9. Right-click the RD OU, and select New => Shared Folder. Enter Software for the name and \\server1\applications for the network path (also known as the Universal Naming Convention [UNC] path). Note that you can create the object even though this resource (the physical server) does not exist. Click OK to create the Shared Folder object.



  10. Right-click the HR OU, and select New => Group. Type All Users for the group name. Do not change the value in the Group Name (Pre–Windows 2000) field. For the Group Scope, select Global, and for the Group Type, select Security. To create the group, click OK.



  11. Right-click the Sales OU and select New => Computer. Type Workstation1 for the name of the computer. Notice that the pre–Windows 2000 name is automatically populated and that, by default, the members of the Domain Admins group are the only ones that can add this computer to the domain. Place a check mark in the Assign This Computer Account As A Pre–Windows 2000 Computer box, and then click OK to create the Computer object.



  12. Close the Active Directory Users And Computers tool.


1.2.2. Importing Objects from a File

In Exercise 1 we created an account using the Active Directory Users And Computers tools. But what if we needed to bulk import accounts? There are two main applications for doing bulk imports of accounts: the ldifde.exe utility and the csvde.exe utility. Both utilities import accounts from files.

The ldifde utility imports from line-delimited files. This utility allows an administrator to export and import data, thus allowing batch operations like Add, Modify, and Delete to be performed in Active Directory. Windows Server 2008 includes ldifde.exe to help support batch operations.

csvde.exe performs the same export functions as ldifde.exe, but csvde.exe uses a comma-separated file format. The csvde.exe utility does not allow administrators to modify or delete objects. It only supports adding objects to Active Directory.

1.2.3. Active Directory Migration Tool (ADMT) v3

Another tool you can use to help import and migrate users is the Active Directory Migration Tool (ADMT) v3. The ADMT v3 allows an administrator to migrate users, groups, and computers from a Microsoft Windows NT 4.0 domain to a Windows Server 2008 Active Directory domain.

Administrators can also use the ADMT v3 to migrate users, groups, and computers between Active Directory domains in different forests (interforest migration) and between Active Directory domains in the same forest (intraforest migration).

ADMT v3 also helps administrators perform security translations from a Windows NT 4.0 domain to a Windows Server 2008 Active Directory domain. ADMT v3 will also allow the security translations between Active Directory domains in different forests.
 
Others
 
- Sharepoint 2010 : Windows PowerShell Remoting (part 2) - Entering a Remote Session, Running SharePoint 2010 Cmdlets Remotely
- Sharepoint 2010 : Windows PowerShell Remoting (part 1)
- Sharepoint 2010 : Windows PowerShell Scripts (part 3) - Writing Comment-Based Help Topics in Scripts,Using Functions in Scripts , Customizing Windows PowerShell with Profile Scripts
- Sharepoint 2010 : Windows PowerShell Scripts (part 2) - Executing Scripts, Using Parameters in Scripts
- Sharepoint 2010 : Windows PowerShell Scripts (part 1) - Setting the Execution Policy
- Sharepoint 2010 : Windows PowerShell Functions
- Sharepoint 2013 : Security and Policy - SharePoint Users
- Sharepoint 2013 : Security and Policy - Permissions and Permission Levels (part 2) - Creating Custom Permission Levels
- Sharepoint 2013 : Security and Policy - Permissions and Permission Levels (part 1)
- Sharepoint 2013 : Security and Policy - Security Administration
 
 
REVIEW
 
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- Sigma 24mm f/1.4 DG HSM Art

- Canon EF11-24mm f/4L USM

- Creative Sound Blaster Roar 2

- Alienware 17 - Dell's Alienware laptops

- Smartwatch : Wellograph

- Xiaomi Redmi 2
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
 
Top 10
 
- How To Install Windows Server 2012 On VirtualBox
- How To Fix Skype High CPU And Memory Usage In Windows 8
- Add 270 Additional Cleaning Options To CCleaner With CCEnhancer
- FPPT Provides More Than 2000 Free And Attractive PowerPoint Templates
- Setup Free Media Server To Stream Videos To DLNA Compatible TV, Xbox 360 & PS3 (Play Station 3)
- How To Install Android Market & Google Apps On Kindle Fire
- How To Make Ubuntu Look Like Windows 7
- How To Add A New Account in MS Outlook 2013
- Get Android & Mac OS X Style Gadgets For Windows 7 & Windows 8 With XWidget
- How To Activate Microsoft Office 2013
<