SlideShare ist ein Scribd-Unternehmen logo

Chapter Two.pptx

•Als PPTX, PDF herunterladen•
•
S
ssuser8347a1

Good slid

Bildung
1 von 37
Chapter Two Host Management 1
Active Directory Domain Services • Active Directory is a directory service, and it is the role of a directory service to maintain information about enterprise resources, including users, groups, and computers. • A directory service is the software system that stores, organizes and provides access to information in a directory. • It helps administrators centralize creation of users and groups, and specify roles and access levels for IT resources across the company network. • This greatly simplifies the task of administrators, as they save the effort of managing administration for multiple systems separately for each user. 2
Windows server Basic Terminology  Domain Controllers • Domain controllers (DCs) host perform the identity and access management in a Microsoft Windows enterprise. • Any server that has AD(Active Directory) installed becomes a DC. In a domain one domain act as the primary domain controller while the other act as a backup domain controller.  Functions of DC • Store a complete copy of all the objects related to a single domain. It also maintains the change made to the objects and updates these changes on other DC in the same domain. • Provides fault tolerance, Fault tolerance means if one DC is offline, another can provide all the required function to AD. • Manage all user interaction within a domain, such as finding AD object and validating user authentication. 3
Cont… • Active Directory enables you to configure a domain and a forest with a single domain controller. • Roles Wizard in Server Manager is used to install Active Directory Domain Services (AD DS). • Then the Active Directory Domain Services Installation Add Wizard is used to create the first DC in the forest. • Additional domain controllers are used to, create a level of fault tolerance in the event any one DC fails, or provide authentication in remote sites. E.g.: DBU.com 4
Cont… Domain • A domain is a core administrative unit of a network structure. • It is a logical grouping of computers that share a common directory database and security system. • Object stored in a domain are considered vital to network. • These object are resources needed by network user to perform task. The object can be printer, document, database or user. • A domain act as a security boundary and allow access to domain object. 5
Cont… Tree • A tree is a hierarchical collection of one or more domain, which is created by adding one or more child domain to an existing parent domain.  Child Domain • You may want to create a child domain and then delegate the Domain Name System (DNS) namespace to a domain controller located in this child domain for any the following reasons: E.g. CS.DBU.com DBU.c om IT.DBU.co m CS.DBU.c om First- year.CS.DBU.com 6
Cont…  Understanding Active directory objects • Active Directory is a directory service, to maintain information about enterprise resources, including users, groups, and computers. • Resources are divided into OUs (organizational unit) to facilitate manageability and visibility—that is, they can make it easier to find objects • A user requires an Active Directory user account to log on to a computer or to a domain. • The account establishes an identity for the user; the operating system then uses this identity to authenticate the user and to grant him or her authorization to access specific domain resources. 7
Cont….  Organizational units (OUs) are administrative containers within Active Directory that are used to collect objects that share common requirements for administration, configuration, or visibility.  Groups are an important class of object because they are used to collect users, computers, and other groups to create a single point of management. • The most straightforward and common use of a group is to grant permissions to a shared folder.  Users in a domain often share many similar properties. • For example, all sales representatives can belong to the same security groups, log on to the network during similar hours, and have home folders 8
Cont…  Computer • Similar with user object, computer are represented as account and object in AD. • A computer also logs on to a domain. • The computer object contains a name appended with a dollar sign, e,g COMP$, and password that is required when you join the computer to a domain. • Each computer that need to access network resource must have a unique computer account in the network. Forest • A forest is collection of one or more independent domain tree. 9
server installation • Microsoft releases all of its operating systems in multiple editions, which provides consumers with varying price points and feature sets.  Windows Server 2012 R2 Datacenter The Datacenter edition is designed for large and powerful servers with up to 64 processors and include fault-tolerance features such as hot-add processor support.  Windows Server 2012 R2 Standard The Standard edition includes the full set of Windows Server 2012 R2 features and differs from the Datacenter edition only in the number of virtual machine (VM) instances permitted by the license.  Windows Server 2012 R2 Essentials The Essentials edition includes nearly all the features in the Standard and Datacenter editions; it does not include Server Core, 10
Cont… ■ Windows Server 2012 R2 Foundation The Foundation edition is a scaled-down version of the operating system; it is designed for small businesses that require only basic server features, such as file and print services and application support. No virtualization rights, and is limited to 15 users. • Installation requirements • If your computer does not meet the following hardware specifications, Windows Server 2012 R2 will not install correctly (or possibly at all):  1.4-GHz 64-bit processor  512 MB RAM  32 GB avalable disk space  Super VGA (1024 x 768) or higher resolution monitor  Keyboard and mouse (or other compatible pointing device)  Internet access 11
Choosing installation options • Windows Server 2012 R2 provides installation options that enable administrators to keep the unnecessary resources installed on a server to a minimum.  Using Server Core • Windows Server 2012 R2 includes an installation option that minimizes the user interface on a server. • When you select the Windows Server Core installation option, you will install a stripped-down version of the operating system. • There is no Start menu, no desktop Explorer shell, no Microsoft Management Console (MMC), and virtually no graphical applications. • All you see when you start the computer is a single window with a command prompt. 12
WHAT IS SERVER CORE? • Server Core is not a separate product or edition. It is an installation option included with the Windows Server 2012 R2 Standard edition and the Windows Server 2012 R2 Datacenter edition. • There are several advantages to running servers using Server Core: ■ Hardware resource conservation Server Core eliminates some of the most memory-intensive and processor-intensive elements. ■ Reduced disk space Server Core requires less disk space for the installed operating system elements, which maximizes the utilization of the server’s storage resources. 13
Cont… ■ Reduced patch frequency The graphical elements of Windows Server 2012 R2 are among the most frequently updated, so running Server Core reduces the number of updates that administrators must apply. • Fewer updates also mean fewer server restarts and less downtime. ■ Reduced attack surface The less software there is running on the computer, the fewer entrance points for attackers to exploit. • Server Core reduces the potential openings presented by the operating system, increasing its overall security. 14 FIGURE 1-1 The default Server Core interface
Window server 2012 installation(GUI) 1. Start the computer then insert the window server 2012 installation DVD in to DVD drive. 2. Reboot the computer, installation wizard appears as shown. 3. Click next button. The install windows wizard now contain an installation now button as shown. 4. Select the language for installation. 15 5. Click install now button to start installation of windows server 2012, then type your product key for activation .
Cont… 6. Select window server edition and click next button 16 7. Select type of window server installation. (costume or upgrade)
Migrating roles • In addition to installing server we can migrate a server from one to another. • Migration is the preferred method of replacing an existing server with one running Windows Server 2012 R2. • Unlike an in-place upgrade, a migration copies vital information from an existing server to a clean Windows Server 2012 R2 installation. • By using the Windows Server Migration Tools and migration guides supplied with Windows Server 2012 R2, you can migrate data between servers under any of the following conditions:  Between versions You can migrate data from any Windows Server version from Windows Server 2003 SP2 to Windows Server 2012 R2. • This includes migrations from one server running Windows Server 2012 R2 to another. 17
Cont… ■ Between platforms You can migrate data from a 32-bit or 64-bit server to a 64-bit server running Windows Server 2012 R2. ■ Between editions You can migrate data between servers running different Windows Server editions(Data center to standard ). ■ Between physical and virtual instances You can migrate data from a physical server to a virtual one, or the reverse. ■ Between installation options You can migrate data from one server to another, even when one server is using the Server Core installation option and the other is using the Server with a 18
Users and Group management • Why Different Users? – Users create data • Privacy should be ensured – Different privileges for different activities • Administrators • Regular Users • Guests • Why User Management? – We must enforce policy based on the user or user role • User management – Creating, modifying and deleting users – Granting and Revoking permissions to users 19
Users managing 20 • Security policy should be in place – To define what to share and – How to share it. • Local User Management • No user management server is used • User accounts are created on the host itself • Each host is responsible for managing its user • Security policies are defined (and enforced) for the users created on the host • Centralized User Management • Dedicated server(s) manage user accounts • User accounts are created on the server • The server manages the users • Security policy is defined on the server and is applied universally • Specific Protocol – LDAP is used for communication between hosts and the server
Managing Users – You can create user accounts manually or by writing scripts  To create accounts manually, you use the Active Directory Users and Computers console  To script a user account, you need to be familiar with at least one scripting language, such as VBScript or Jscript  We can also cerate user account using power shell 21
Cont… • It is very important to plan your user accounts before you actually create them • Parameters you need to consider while planning – Naming conventions – Password requirements – Account options • Naming conventions – A good naming convention makes it easy for users to remember their logon names – Also provides for cases in which two users have the same name • Password requirements – Each user account will typically be assigned a password – Passwords prevent unauthorized access to a domain or a computer 22
Cont… • Account options – It is also important to consider certain properties before you create user accounts • Log On To option specifies the computers to which a user can log on • Logon Hours section allows you to specify which hours of the day and days of the week a user can log on • Account Expires section allows you to predefine when a user account will expire • Active Directory Services Interfaces (ADSI) – You can use ADSI to create scripts – ADSI is a fully programmable automation object available for administrators • You can also create user accounts in batches from a .csv or an .ldif file using the Csvde.exe or Ldifde.exe utilities 23
Cont…. Local user accounts – If you have administrative rights, you can use the Local Users and Groups snap-in in the Computer Management console – From this console, you can create, delete, or disable local user accounts on a local computer. 24 Local security database
Cont…  Creating a Domain User Account • You use a domain user account to log on to a domain and access network resources – You use the Active Directory Users and Computers console to create domain user accounts. 25 Domain user account
Cont… • Built-in user accounts are created by default during the installation of Windows Server. • Administrator built-in user account – A user account for the system administrator. – This account is the first account created during operating system installation. The account cannot be deleted or locked out. – It is a member of the Administrators group and cannot be removed from that group. – Used to perform administrative tasks • Creating and managing user accounts • Setting account properties • Assigning permissions to user accounts to access resources – Used to gain access to network resources 26
• Built-in Guest account – Used to give users access to resources for a short time – Is disabled by default • Authenticated Users – A group that includes all users whose identities were authenticated when they logged on. Membership is controlled by the operating system. – This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization. • Backup Operators – A built-in group. By default, the group has no members. – Backup Operators can back up and restore all files on a computer, regardless of the permissions that protect those files. Backup Operators also can log on to the computer and shut it down Cont…
Cont… • Domain Admins – A global group whose members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. – Domain Admins is the default owner of any object that is created in the domain's Active Directory by any member of the group. If members of the group create other objects, such as files, the default owner is the Administrators group. • Domain Users – A global group that, by default, includes all user accounts in a domain. When you create a user account in a domain, it is added to this group automatically. • Server Operators – A built-in group that exists only on domain controllers. By default, the group has no members. – Server Operators can log on to a server interactively; create and delete network shares; start and stop services; back up and restore files; format the hard disk of the computer; and shut down the computer.
Setting User Account Properties • Every user account you create has a set of default properties you can configure – Including personal information, logon settings, dial-in settings, and Terminal Services settings for a user – The personal properties you define for a domain user account are useful when conducting user searches based on very specific information – Logon settings are used to specify the logon hours for a user – Dial-in settings for a user account are used to specify if and how a user can make a dial-connection from a remote location – Terminal Services properties provide the ability to connect to a server from a remote location 29
Cont… • You can save a lot of time by filling out the common fields shared between user accounts in a “template” account – A template account is a disabled account that is used as a model for creating other accounts – After filling out the appropriate fields, you can right-click the account and select Copy to create a new account with most of your pre-defined fields already filled in 30
Maintaining User Accounts • As a System/network administrator, you must maintain user accounts based on the needs of your organization • Typical user account maintenance tasks – Modifying user accounts – Resetting passwords – Unlocking user accounts • You can modify user accounts in many ways – Rename a user account – Disable or enable a user account – Delete a user account • To modify user accounts, you need at least the Write permission for the user account 31
Cont… • You can reset passwords when a user’s password expires before the user has a chance to change it • In some cases, users might even forget their passwords • You do not need to know the old password in order to reset a password • After the administrator or the user sets a password for a user account, the password is not viewable to anyone, including the administrator • Windows Server can lock user accounts for users who violate the account lockout policy • In such cases, the user can either wait until the lockout period expires (usually 30 minutes), or contact an administrator to unlock the user account 32
Cont… • To unlock a user account • Open the Account tab on the Properties dialog box for the user account • Clear the Account is locked out check box • It is important to understand that the Account is locked out check box will be active only when the system has locked out a user account • You cannot manually lock out a user account 33 Unlocking a locked out account
Cont… • Moving accounts within a domain – You move an account within a domain to change the OU or container in which the account is currently located – This allows different delegated permissions and Group Policies to apply to the account • Planning password policy – You use Group Policy to set the Password policy for your network – Passwords should be memorable to your users, yet be completely unrelated to them personally – They should consist of uppercase and lowercase letters, numbers, and special characters – The length of the password is also extremely important, as a longer password takes longer to hack using a dictionary or brute force techniques 34
Group management • Because managing access to network resources using individual user accounts is unmanageable, you create group objects to manage large collections of users at one time.  Group Types • When you create a new group object by using Active Directory Users And Computers, you are given the choice of creating a distribution group or a security group. • The most commonly used type of group in Active Directory is the security group.  A security group is a security principal and can be used to assign permissions to network resources.  A distribution group you can send mail to the whole group of users at one time, using distribution group. 35
Group management  Group Scope In Windows Server Active Directory, you can create groups with three different scopes: I. Domain local, II. Global, and III. Universal. • Nested groups are groups that are members of other groups. 36
Group scope Scope Group Membership Used to Domain local group User accounts from any domain in the forest Global groups or universal groups from any domain in the forest  User accounts or global or universal groups from any domain in a trusted Forest  Nested domain local groups from the local domain  To assign access to resources only in the local domain Global group  User accounts from the domain where the group is created  Nested global groups from the same domain  To assign access to resources in all domains in the forest, or between trusted forests Universal group  User accounts from any domain in the forest  Global groups from any domain in the forest  Nested universal groups from any domain in the forest  To assign access to resources in all domains in the forest or between trusted forests 37

Empfohlen

Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDSHarsh Sethi
 
What is active directory
What is active directoryWhat is active directory
What is active directoryAdeel Khurram
 
7 understanding DNS
7 understanding DNS7 understanding DNS
7 understanding DNSHameda Hurmat
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Tuan Yang
 
Active Directory
Active Directory Active Directory
Active Directory Sandeep Kapadane
 
FILE SERVER
FILE SERVERFILE SERVER
FILE SERVERJagdeep Singh Malhi
 
Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Tuan Yang
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services202066
 

Empfohlen

Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDSHarsh Sethi
 
What is active directory
What is active directoryWhat is active directory
What is active directoryAdeel Khurram
 
7 understanding DNS
7 understanding DNS7 understanding DNS
7 understanding DNSHameda Hurmat
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Tuan Yang
 
Active Directory
Active Directory Active Directory
Active Directory Sandeep Kapadane
 
FILE SERVER
FILE SERVERFILE SERVER
FILE SERVERJagdeep Singh Malhi
 
Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Tuan Yang
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services202066
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptxmasbulosoke
 
Active directory
Active directory Active directory
Active directory deshvikas
 
Active directory slides
Active directory slidesActive directory slides
Active directory slidesTimothy Moffatt
 
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanMicrosoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanDavid J Rosenthal
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Diana Carolina Torres Viasus
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptxsyedasadraza13
 
1 introduction to windows server 2016
1 introduction to windows server 20161 introduction to windows server 2016
1 introduction to windows server 2016Hameda Hurmat
 
Windows Server 2019.pptx
Windows Server 2019.pptxWindows Server 2019.pptx
Windows Server 2019.pptxmasbulosoke
 
Course 102: Lecture 20: Networking In Linux (Basic Concepts)
Course 102: Lecture 20: Networking In Linux (Basic Concepts) Course 102: Lecture 20: Networking In Linux (Basic Concepts)
Course 102: Lecture 20: Networking In Linux (Basic Concepts) Ahmed El-Arabawy
 
Chapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsChapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsRaja Waseem Akhtar
 
History of Windows Server
History of Windows ServerHistory of Windows Server
History of Windows Serversundas Shabbir
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain serviceFestus Oriaku
 
Domain name system (dns)
Domain name system (dns)Domain name system (dns)
Domain name system (dns)Atikur Rahman
 
Windows server
Windows serverWindows server
Windows serverHideo Amezawa
 
2.1 users & groups
2.1 users & groups2.1 users & groups
2.1 users & groupsMuuluu
 
Dns server
Dns serverDns server
Dns serverSubrata Kumer Paul
 
Windows 2019
Windows 2019Windows 2019
Windows 2019Gary Williams
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
window configuration & Administration.pptx
window configuration & Administration.pptxwindow configuration & Administration.pptx
window configuration & Administration.pptxTadeseBeyene
 
pdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxpdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxTadeseBeyene
 

Weitere ähnliche Inhalte

Was ist angesagt?

Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptxmasbulosoke
 
Active directory
Active directory Active directory
Active directory deshvikas
 
Active directory slides
Active directory slidesActive directory slides
Active directory slidesTimothy Moffatt
 
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanMicrosoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanDavid J Rosenthal
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptxsyedasadraza13
 
1 introduction to windows server 2016
1 introduction to windows server 20161 introduction to windows server 2016
1 introduction to windows server 2016Hameda Hurmat
 
Windows Server 2019.pptx
Windows Server 2019.pptxWindows Server 2019.pptx
Windows Server 2019.pptxmasbulosoke
 
Course 102: Lecture 20: Networking In Linux (Basic Concepts)
Course 102: Lecture 20: Networking In Linux (Basic Concepts) Course 102: Lecture 20: Networking In Linux (Basic Concepts)
Course 102: Lecture 20: Networking In Linux (Basic Concepts) Ahmed El-Arabawy
 
Chapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsChapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsRaja Waseem Akhtar
 
History of Windows Server
History of Windows ServerHistory of Windows Server
History of Windows Serversundas Shabbir
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain serviceFestus Oriaku
 
Domain name system (dns)
Domain name system (dns)Domain name system (dns)
Domain name system (dns)Atikur Rahman
 
Windows server
Windows serverWindows server
Windows serverHideo Amezawa
 
2.1 users & groups
2.1 users & groups2.1 users & groups
2.1 users & groupsMuuluu
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 

Was ist angesagt? (20)

Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
 
Active directory
Active directory Active directory
Active directory
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
 
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanMicrosoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
 
1 introduction to windows server 2016
1 introduction to windows server 20161 introduction to windows server 2016
1 introduction to windows server 2016
 
Windows Server 2019.pptx
Windows Server 2019.pptxWindows Server 2019.pptx
Windows Server 2019.pptx
 
Course 102: Lecture 20: Networking In Linux (Basic Concepts)
Course 102: Lecture 20: Networking In Linux (Basic Concepts) Course 102: Lecture 20: Networking In Linux (Basic Concepts)
Course 102: Lecture 20: Networking In Linux (Basic Concepts)
 
Chapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsChapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer Accounts
 
History of Windows Server
History of Windows ServerHistory of Windows Server
History of Windows Server
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain service
 
Domain name system (dns)
Domain name system (dns)Domain name system (dns)
Domain name system (dns)
 
Windows server
Windows serverWindows server
Windows server
 
2.1 users & groups
2.1 users & groups2.1 users & groups
2.1 users & groups
 
Dns server
Dns serverDns server
Dns server
 
Windows 2019
Windows 2019Windows 2019
Windows 2019
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 

Ähnlich wie Chapter Two.pptx

window configuration & Administration.pptx
window configuration & Administration.pptxwindow configuration & Administration.pptx
window configuration & Administration.pptxTadeseBeyene
 
pdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxpdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxTadeseBeyene
 
Reply 1 neededThere are a couple of options available when upg.docx
Reply 1 neededThere are a couple of options available when upg.docxReply 1 neededThere are a couple of options available when upg.docx
Reply 1 neededThere are a couple of options available when upg.docxsodhi3
 
Configuring and administrate server
Configuring and administrate serverConfiguring and administrate server
Configuring and administrate serverGera Paulos
 
Windows sever 2008
Windows sever 2008Windows sever 2008
Windows sever 2008Harish Konala
 
Final domain control policy
Final domain control policy Final domain control policy
Final domain control policy BhagyashriJadhav16
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentationwebhostingguy
 
Instalacion de windows server 2012
Instalacion de windows server 2012Instalacion de windows server 2012
Instalacion de windows server 2012Salazar Jorge
 
Database Administration & Management - 01
Database Administration & Management - 01Database Administration & Management - 01
Database Administration & Management - 01FaisalMashood
 
DBAM-01.pdf
DBAM-01.pdfDBAM-01.pdf
DBAM-01.pdfhania80
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and servicesWiliam Ferraciolli
 
What's New in Windows Server 2012 R2
What's New in Windows Server 2012 R2What's New in Windows Server 2012 R2
What's New in Windows Server 2012 R2Aidan Finn
 
windows server 2012 R2
windows server 2012 R2windows server 2012 R2
windows server 2012 R2Gol D Roger
 
Keynote talk on Windows 8 - Jeff Stokes
Keynote talk on Windows 8 - Jeff StokesKeynote talk on Windows 8 - Jeff Stokes
Keynote talk on Windows 8 - Jeff StokesJeff Stokes
 
Best MCSA - SQL SERVER 2012 Training Institute in Delhi
Best MCSA - SQL SERVER 2012 Training Institute in DelhiBest MCSA - SQL SERVER 2012 Training Institute in Delhi
Best MCSA - SQL SERVER 2012 Training Institute in DelhiInformation Technology
 
Net essentials6e ch8
Net essentials6e ch8Net essentials6e ch8
Net essentials6e ch8APSU
 
itft_system admin
itft_system adminitft_system admin
itft_system adminSwati Aggarwal
 
Asish verma
Asish vermaAsish verma
Asish vermaAsish Verma
 

Ähnlich wie Chapter Two.pptx (20)

window configuration & Administration.pptx
window configuration & Administration.pptxwindow configuration & Administration.pptx
window configuration & Administration.pptx
 
pdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxpdf to ppt window configuration .pptx
pdf to ppt window configuration .pptx
 
Reply 1 neededThere are a couple of options available when upg.docx
Reply 1 neededThere are a couple of options available when upg.docxReply 1 neededThere are a couple of options available when upg.docx
Reply 1 neededThere are a couple of options available when upg.docx
 
Configuring and administrate server
Configuring and administrate serverConfiguring and administrate server
Configuring and administrate server
 
Windows sever 2008
Windows sever 2008Windows sever 2008
Windows sever 2008
 
Network operating system
Network operating systemNetwork operating system
Network operating system
 
Final domain control policy
Final domain control policy Final domain control policy
Final domain control policy
 
John
JohnJohn
John
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
 
Instalacion de windows server 2012
Instalacion de windows server 2012Instalacion de windows server 2012
Instalacion de windows server 2012
 
Database Administration & Management - 01
Database Administration & Management - 01Database Administration & Management - 01
Database Administration & Management - 01
 
DBAM-01.pdf
DBAM-01.pdfDBAM-01.pdf
DBAM-01.pdf
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
 
What's New in Windows Server 2012 R2
What's New in Windows Server 2012 R2What's New in Windows Server 2012 R2
What's New in Windows Server 2012 R2
 
windows server 2012 R2
windows server 2012 R2windows server 2012 R2
windows server 2012 R2
 
Keynote talk on Windows 8 - Jeff Stokes
Keynote talk on Windows 8 - Jeff StokesKeynote talk on Windows 8 - Jeff Stokes
Keynote talk on Windows 8 - Jeff Stokes
 
Best MCSA - SQL SERVER 2012 Training Institute in Delhi
Best MCSA - SQL SERVER 2012 Training Institute in DelhiBest MCSA - SQL SERVER 2012 Training Institute in Delhi
Best MCSA - SQL SERVER 2012 Training Institute in Delhi
 
Net essentials6e ch8
Net essentials6e ch8Net essentials6e ch8
Net essentials6e ch8
 
itft_system admin
itft_system adminitft_system admin
itft_system admin
 
Asish verma
Asish vermaAsish verma
Asish verma
 

KĂźrzlich hochgeladen

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

KĂźrzlich hochgeladen (20)

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
CĂłdigo Creativo y Arte de Software | Unidad 1
CĂłdigo Creativo y Arte de Software | Unidad 1CĂłdigo Creativo y Arte de Software | Unidad 1
CĂłdigo Creativo y Arte de Software | Unidad 1
 

Chapter Two.pptx

  • 2. Active Directory Domain Services • Active Directory is a directory service, and it is the role of a directory service to maintain information about enterprise resources, including users, groups, and computers. • A directory service is the software system that stores, organizes and provides access to information in a directory. • It helps administrators centralize creation of users and groups, and specify roles and access levels for IT resources across the company network. • This greatly simplifies the task of administrators, as they save the effort of managing administration for multiple systems separately for each user. 2
  • 3. Windows server Basic Terminology  Domain Controllers • Domain controllers (DCs) host perform the identity and access management in a Microsoft Windows enterprise. • Any server that has AD(Active Directory) installed becomes a DC. In a domain one domain act as the primary domain controller while the other act as a backup domain controller.  Functions of DC • Store a complete copy of all the objects related to a single domain. It also maintains the change made to the objects and updates these changes on other DC in the same domain. • Provides fault tolerance, Fault tolerance means if one DC is offline, another can provide all the required function to AD. • Manage all user interaction within a domain, such as finding AD object and validating user authentication. 3
  • 4. Cont… • Active Directory enables you to configure a domain and a forest with a single domain controller. • Roles Wizard in Server Manager is used to install Active Directory Domain Services (AD DS). • Then the Active Directory Domain Services Installation Add Wizard is used to create the first DC in the forest. • Additional domain controllers are used to, create a level of fault tolerance in the event any one DC fails, or provide authentication in remote sites. E.g.: DBU.com 4
  • 5. Cont… Domain • A domain is a core administrative unit of a network structure. • It is a logical grouping of computers that share a common directory database and security system. • Object stored in a domain are considered vital to network. • These object are resources needed by network user to perform task. The object can be printer, document, database or user. • A domain act as a security boundary and allow access to domain object. 5
  • 6. Cont… Tree • A tree is a hierarchical collection of one or more domain, which is created by adding one or more child domain to an existing parent domain.  Child Domain • You may want to create a child domain and then delegate the Domain Name System (DNS) namespace to a domain controller located in this child domain for any the following reasons: E.g. CS.DBU.com DBU.c om IT.DBU.co m CS.DBU.c om First- year.CS.DBU.com 6
  • 7. Cont…  Understanding Active directory objects • Active Directory is a directory service, to maintain information about enterprise resources, including users, groups, and computers. • Resources are divided into OUs (organizational unit) to facilitate manageability and visibility—that is, they can make it easier to find objects • A user requires an Active Directory user account to log on to a computer or to a domain. • The account establishes an identity for the user; the operating system then uses this identity to authenticate the user and to grant him or her authorization to access specific domain resources. 7
  • 8. Cont….  Organizational units (OUs) are administrative containers within Active Directory that are used to collect objects that share common requirements for administration, configuration, or visibility.  Groups are an important class of object because they are used to collect users, computers, and other groups to create a single point of management. • The most straightforward and common use of a group is to grant permissions to a shared folder.  Users in a domain often share many similar properties. • For example, all sales representatives can belong to the same security groups, log on to the network during similar hours, and have home folders 8
  • 9. Cont…  Computer • Similar with user object, computer are represented as account and object in AD. • A computer also logs on to a domain. • The computer object contains a name appended with a dollar sign, e,g COMP$, and password that is required when you join the computer to a domain. • Each computer that need to access network resource must have a unique computer account in the network. Forest • A forest is collection of one or more independent domain tree. 9
  • 10. server installation • Microsoft releases all of its operating systems in multiple editions, which provides consumers with varying price points and feature sets.  Windows Server 2012 R2 Datacenter The Datacenter edition is designed for large and powerful servers with up to 64 processors and include fault-tolerance features such as hot-add processor support.  Windows Server 2012 R2 Standard The Standard edition includes the full set of Windows Server 2012 R2 features and differs from the Datacenter edition only in the number of virtual machine (VM) instances permitted by the license.  Windows Server 2012 R2 Essentials The Essentials edition includes nearly all the features in the Standard and Datacenter editions; it does not include Server Core, 10
  • 11. Cont… ■ Windows Server 2012 R2 Foundation The Foundation edition is a scaled-down version of the operating system; it is designed for small businesses that require only basic server features, such as file and print services and application support. No virtualization rights, and is limited to 15 users. • Installation requirements • If your computer does not meet the following hardware specifications, Windows Server 2012 R2 will not install correctly (or possibly at all):  1.4-GHz 64-bit processor  512 MB RAM  32 GB avalable disk space  Super VGA (1024 x 768) or higher resolution monitor  Keyboard and mouse (or other compatible pointing device)  Internet access 11
  • 12. Choosing installation options • Windows Server 2012 R2 provides installation options that enable administrators to keep the unnecessary resources installed on a server to a minimum.  Using Server Core • Windows Server 2012 R2 includes an installation option that minimizes the user interface on a server. • When you select the Windows Server Core installation option, you will install a stripped-down version of the operating system. • There is no Start menu, no desktop Explorer shell, no Microsoft Management Console (MMC), and virtually no graphical applications. • All you see when you start the computer is a single window with a command prompt. 12
  • 13. WHAT IS SERVER CORE? • Server Core is not a separate product or edition. It is an installation option included with the Windows Server 2012 R2 Standard edition and the Windows Server 2012 R2 Datacenter edition. • There are several advantages to running servers using Server Core: ■ Hardware resource conservation Server Core eliminates some of the most memory-intensive and processor-intensive elements. ■ Reduced disk space Server Core requires less disk space for the installed operating system elements, which maximizes the utilization of the server’s storage resources. 13
  • 14. Cont… ■ Reduced patch frequency The graphical elements of Windows Server 2012 R2 are among the most frequently updated, so running Server Core reduces the number of updates that administrators must apply. • Fewer updates also mean fewer server restarts and less downtime. ■ Reduced attack surface The less software there is running on the computer, the fewer entrance points for attackers to exploit. • Server Core reduces the potential openings presented by the operating system, increasing its overall security. 14 FIGURE 1-1 The default Server Core interface
  • 15. Window server 2012 installation(GUI) 1. Start the computer then insert the window server 2012 installation DVD in to DVD drive. 2. Reboot the computer, installation wizard appears as shown. 3. Click next button. The install windows wizard now contain an installation now button as shown. 4. Select the language for installation. 15 5. Click install now button to start installation of windows server 2012, then type your product key for activation .
  • 16. Cont… 6. Select window server edition and click next button 16 7. Select type of window server installation. (costume or upgrade)
  • 17. Migrating roles • In addition to installing server we can migrate a server from one to another. • Migration is the preferred method of replacing an existing server with one running Windows Server 2012 R2. • Unlike an in-place upgrade, a migration copies vital information from an existing server to a clean Windows Server 2012 R2 installation. • By using the Windows Server Migration Tools and migration guides supplied with Windows Server 2012 R2, you can migrate data between servers under any of the following conditions:  Between versions You can migrate data from any Windows Server version from Windows Server 2003 SP2 to Windows Server 2012 R2. • This includes migrations from one server running Windows Server 2012 R2 to another. 17
  • 18. Cont… ■ Between platforms You can migrate data from a 32-bit or 64-bit server to a 64-bit server running Windows Server 2012 R2. ■ Between editions You can migrate data between servers running different Windows Server editions(Data center to standard ). ■ Between physical and virtual instances You can migrate data from a physical server to a virtual one, or the reverse. ■ Between installation options You can migrate data from one server to another, even when one server is using the Server Core installation option and the other is using the Server with a 18
  • 19. Users and Group management • Why Different Users? – Users create data • Privacy should be ensured – Different privileges for different activities • Administrators • Regular Users • Guests • Why User Management? – We must enforce policy based on the user or user role • User management – Creating, modifying and deleting users – Granting and Revoking permissions to users 19
  • 20. Users managing 20 • Security policy should be in place – To define what to share and – How to share it. • Local User Management • No user management server is used • User accounts are created on the host itself • Each host is responsible for managing its user • Security policies are defined (and enforced) for the users created on the host • Centralized User Management • Dedicated server(s) manage user accounts • User accounts are created on the server • The server manages the users • Security policy is defined on the server and is applied universally • Specific Protocol – LDAP is used for communication between hosts and the server
  • 21. Managing Users – You can create user accounts manually or by writing scripts  To create accounts manually, you use the Active Directory Users and Computers console  To script a user account, you need to be familiar with at least one scripting language, such as VBScript or Jscript  We can also cerate user account using power shell 21
  • 22. Cont… • It is very important to plan your user accounts before you actually create them • Parameters you need to consider while planning – Naming conventions – Password requirements – Account options • Naming conventions – A good naming convention makes it easy for users to remember their logon names – Also provides for cases in which two users have the same name • Password requirements – Each user account will typically be assigned a password – Passwords prevent unauthorized access to a domain or a computer 22
  • 23. Cont… • Account options – It is also important to consider certain properties before you create user accounts • Log On To option specifies the computers to which a user can log on • Logon Hours section allows you to specify which hours of the day and days of the week a user can log on • Account Expires section allows you to predefine when a user account will expire • Active Directory Services Interfaces (ADSI) – You can use ADSI to create scripts – ADSI is a fully programmable automation object available for administrators • You can also create user accounts in batches from a .csv or an .ldif file using the Csvde.exe or Ldifde.exe utilities 23
  • 24. Cont…. Local user accounts – If you have administrative rights, you can use the Local Users and Groups snap-in in the Computer Management console – From this console, you can create, delete, or disable local user accounts on a local computer. 24 Local security database
  • 25. Cont…  Creating a Domain User Account • You use a domain user account to log on to a domain and access network resources – You use the Active Directory Users and Computers console to create domain user accounts. 25 Domain user account
  • 26. Cont… • Built-in user accounts are created by default during the installation of Windows Server. • Administrator built-in user account – A user account for the system administrator. – This account is the first account created during operating system installation. The account cannot be deleted or locked out. – It is a member of the Administrators group and cannot be removed from that group. – Used to perform administrative tasks • Creating and managing user accounts • Setting account properties • Assigning permissions to user accounts to access resources – Used to gain access to network resources 26
  • 27. • Built-in Guest account – Used to give users access to resources for a short time – Is disabled by default • Authenticated Users – A group that includes all users whose identities were authenticated when they logged on. Membership is controlled by the operating system. – This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization. • Backup Operators – A built-in group. By default, the group has no members. – Backup Operators can back up and restore all files on a computer, regardless of the permissions that protect those files. Backup Operators also can log on to the computer and shut it down Cont…
  • 28. Cont… • Domain Admins – A global group whose members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. – Domain Admins is the default owner of any object that is created in the domain's Active Directory by any member of the group. If members of the group create other objects, such as files, the default owner is the Administrators group. • Domain Users – A global group that, by default, includes all user accounts in a domain. When you create a user account in a domain, it is added to this group automatically. • Server Operators – A built-in group that exists only on domain controllers. By default, the group has no members. – Server Operators can log on to a server interactively; create and delete network shares; start and stop services; back up and restore files; format the hard disk of the computer; and shut down the computer.
  • 29. Setting User Account Properties • Every user account you create has a set of default properties you can configure – Including personal information, logon settings, dial-in settings, and Terminal Services settings for a user – The personal properties you define for a domain user account are useful when conducting user searches based on very specific information – Logon settings are used to specify the logon hours for a user – Dial-in settings for a user account are used to specify if and how a user can make a dial-connection from a remote location – Terminal Services properties provide the ability to connect to a server from a remote location 29
  • 30. Cont… • You can save a lot of time by filling out the common fields shared between user accounts in a “template” account – A template account is a disabled account that is used as a model for creating other accounts – After filling out the appropriate fields, you can right-click the account and select Copy to create a new account with most of your pre-defined fields already filled in 30
  • 31. Maintaining User Accounts • As a System/network administrator, you must maintain user accounts based on the needs of your organization • Typical user account maintenance tasks – Modifying user accounts – Resetting passwords – Unlocking user accounts • You can modify user accounts in many ways – Rename a user account – Disable or enable a user account – Delete a user account • To modify user accounts, you need at least the Write permission for the user account 31
  • 32. Cont… • You can reset passwords when a user’s password expires before the user has a chance to change it • In some cases, users might even forget their passwords • You do not need to know the old password in order to reset a password • After the administrator or the user sets a password for a user account, the password is not viewable to anyone, including the administrator • Windows Server can lock user accounts for users who violate the account lockout policy • In such cases, the user can either wait until the lockout period expires (usually 30 minutes), or contact an administrator to unlock the user account 32
  • 33. Cont… • To unlock a user account • Open the Account tab on the Properties dialog box for the user account • Clear the Account is locked out check box • It is important to understand that the Account is locked out check box will be active only when the system has locked out a user account • You cannot manually lock out a user account 33 Unlocking a locked out account
  • 34. Cont… • Moving accounts within a domain – You move an account within a domain to change the OU or container in which the account is currently located – This allows different delegated permissions and Group Policies to apply to the account • Planning password policy – You use Group Policy to set the Password policy for your network – Passwords should be memorable to your users, yet be completely unrelated to them personally – They should consist of uppercase and lowercase letters, numbers, and special characters – The length of the password is also extremely important, as a longer password takes longer to hack using a dictionary or brute force techniques 34
  • 35. Group management • Because managing access to network resources using individual user accounts is unmanageable, you create group objects to manage large collections of users at one time.  Group Types • When you create a new group object by using Active Directory Users And Computers, you are given the choice of creating a distribution group or a security group. • The most commonly used type of group in Active Directory is the security group.  A security group is a security principal and can be used to assign permissions to network resources.  A distribution group you can send mail to the whole group of users at one time, using distribution group. 35
  • 36. Group management  Group Scope In Windows Server Active Directory, you can create groups with three different scopes: I. Domain local, II. Global, and III. Universal. • Nested groups are groups that are members of other groups. 36
  • 37. Group scope Scope Group Membership Used to Domain local group User accounts from any domain in the forest Global groups or universal groups from any domain in the forest  User accounts or global or universal groups from any domain in a trusted Forest  Nested domain local groups from the local domain  To assign access to resources only in the local domain Global group  User accounts from the domain where the group is created  Nested global groups from the same domain  To assign access to resources in all domains in the forest, or between trusted forests Universal group  User accounts from any domain in the forest  Global groups from any domain in the forest  Nested universal groups from any domain in the forest  To assign access to resources in all domains in the forest or between trusted forests 37