- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Lesson 1: Configuring Active Directory Objects
• Types of AD DS Objects • Demonstration: Configuring AD DS User Accounts • AD DS Group Types • AD DS Group Scopes • Default AD DS Groups • AD DS Special Identities • Discussion: Using Default Groups and Special Identities • Demonstration: Configuring AD DS Group Accounts • Demonstration: Configuring Additional AD DS Objects
Security groups Used to assign rights and permissions to groups of users and computers
Used most effectively when nested
The functional level determines the type of groups that you can create
Domain Environment
Options for Assigning Access to Resources
When assigning access to resources:
• Plan for the lowest level of permissions • Keep the plan as simple as possible • Document the plan
Resource Groups
Permissions
Discussion: Using Groups in a Single-Domain or Multiple-Domain Environment
Using the scenarios, answer the questions in your workbooks
InetOrgPerson
• Similar to a user account • Used for compatibility with other directory services
Organizational Unit
• Used to group similar objects for administration
Printers
• Used to simplify the process of locating and connecting to printers
Shared folders
• Used to simplify the process of locating and connecting to shared folders
Types of AD DS Objects
User accounts • Enables a single sign-on for a user • Provides access to resources Computer accounts • Enables authentication and auditing of computer access to resources Group accounts • Helps simplify administration
Demonstration: Configuring AD DS Group Accounts
In this demonstration, you will see how to configure AD DS group accounts
Demonstration: Configuring Additional AD DS Objects
Windows PowerShell
Configuring AD DS Objects Using Command Line Tools
Command line tools: • Dsadd • Dsmod • Dsrm • Dsget • net user • Net group • Net computer
and other domain local groups from its own domain • Accounts from any trusted domain
• Users, groups, and computers
Global Universal
from its own domain
In any trusted domain In any trusted domain On the local computer
Windows PowerShell
Tools for Automating AD DS Object Management
Active Directory Users and Computers Directory Service Tools • Dsadd • Dsmod • Dsrm
Csvde and Ldifde Tools
Managing User Objects with LDIFDE
• LDIFDE.exe
import
export filename.ldf
Active Directory
Managing User Objects with CSVDE
• CSVDE.exe
import
filename.csv
Account operators Administrators Backup operators Incoming forest trust builders Network configuration operators Performance log users
AD DS Special Identities
Options include:
• Adding user accounts to the ACL on the resource
• Adding user accounts to groups, and adding the groups to the ACL on the resource
• Adding user accounts to account groups, adding the account groups to resource groups, and adding the resource groups to the ACL on the resource
AD DS Group Scopes
Group scope Group members can include
• Universal groups, global groups,
Can be used to assign permissions
In the same domain
Domain Local
Lesson 3: Automating AD DS Object Management
• Tools for Automating AD DS Object Management • Configuring AD DS Objects Using Command-Line Tools • Managing User Objects with LDIFDE • Managing User Objects with CSVDE • What Is Windows PowerShell? • Windows PowerShell Cmdlets • Demonstration: Configuring Active Directory Objects Using
Using Account Groups to Assign Access to Resources
User Accounts
Account Groups
Permissions
Using Account Groups and Resource Groups
User Accounts
Account Groups
In this demonstration, you will see how to configure additional AD DS o百度文库jects
Lesson 2: Strategies for Using Groups
• Options for Assigning Access to Resources • Using Account Groups to Assign Access to Resources • Using Account Groups and Resource Groups • Discussion: Using Groups in a Single-Domain or Multiple-
Anonymous logon Authenticated users
Batch Creator group Creator owner Dialup Everyone
Discussion: Using Default Groups and Special Identities
Using the scenario, answer the questions in your workbook
Module 7: Configuring Active Directory Objects and Trusts
Module Overview
• Configuring Active Directory Objects • Strategies for Using Groups • Automating AD DS Object Management • Delegating Administrative Access to AD DS Objects • Configuring AD DS Trusts
Designed to provide access to resources without administrative or user interaction Interactive Local system Network Self Service Terminal Server users Other organization This organization
Demonstration: Configuring AD DS User Accounts
In this demonstration, you will see how to configure AD DS user accounts
AD DS Group Types
Distribution groups Used only with e-mail applications Not security-enabled
Default groups are designed to manage shared resources and delegate specific domain-wide administrative roles Performance monitor users Pre-Windows 2000 compatible access Print operators Remote Desktop users Replicator Server operators Users
• Users, groups,
and computers as members from any trusted domain and computers as members from any trusted domain
Local
• Users, groups,
Default AD DS Groups
