cn1276 server (v3) kemtis kunanuraksapong msis with distinction mct, mcts, mcdst, mcp, a+
TRANSCRIPT
![Page 1: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/1.jpg)
CN1276 Server (V3)Kemtis KunanuraksapongMSIS with DistinctionMCT, MCTS, MCDST, MCP, A+
![Page 2: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/2.jpg)
Agenda
•Chapter 5: Active Directory Administration
•Quiz•Exercise
![Page 3: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/3.jpg)
Understanding User Accounts
•Three types of user accounts can be created and configured in Windows Server 2008:▫Local accounts▫Domain accounts▫Built-in user accounts
![Page 4: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/4.jpg)
Security guidelines
•Rename the Administrator account▫Set a strong password
•Limit knowledge of administrator passwords to only a few individuals
•Do not use the Administrator account for daily non-administrative tasks
•Rename the Guest account after enabling it for use▫Set a strong password
![Page 5: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/5.jpg)
Group Accounts
•Groups are implemented to allow administrators to assign rights and permissions to multiple users simultaneously.
•A group can be defined as a collection of user or computer accounts that is used to simplify the assignment of rights or permissions to network resources.
![Page 6: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/6.jpg)
Group Types
•Distribution groups▫Non-security-related groups created for the
distribution of information to one or more persons.
•Security groups▫Security-related groups created for
purposes of granting resource access permissions to multiple users.
![Page 7: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/7.jpg)
Group Nesting
•Users can be members of more than one group.
•Groups can contain other Active Directory objects, such as computers, and other groups.
•Groups containing groups is called group nesting.
![Page 8: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/8.jpg)
Group Scopes• Domain Local
▫ These groups can include users, computers, global groups, and universal groups from any domain
▫ To assign permissions to any resource in the domain in which they are located
• Global▫ These groups can include users, computers, and global
groups only from within the same domain ▫ To assign permission to resources that reside in any
domain in the forest ▫ Global group memberships are replicated only to DC within
the same domain• Universal
▫ Same as global group, but the group memberships should not change frequently because these groups are stored in the GC
![Page 9: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/9.jpg)
Using Global and Domain Local Groups•Assign users within a domain to global
groups.•Add global groups to domain local groups.•Assign permissions to domain local group.
![Page 10: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/10.jpg)
AGUDLP
•Microsoft approach to using groups:▫add Accounts to Global groups.
▫add those global groups to Universal groups.
▫Add universal groups to Domain Local groups.
▫Finally, assign Permissions to the domain local groups.
![Page 11: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/11.jpg)
Creating and Managing Groups
•Creating and managing groups is usually done with Active Directory Users and Computers.
![Page 12: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/12.jpg)
Working with Default Groups
•Account Operators▫Can create, modify and delete accounts for
users, groups, and computers in all containers and OUs.
▫Cannot modify administrators, domain admins and enterprise admin groups.
•Administrators•Backup Operators•Guests
▫Disabled by default
![Page 13: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/13.jpg)
Working with Default Groups
•Print Operators▫Can manage printers and document
queues.•Server Operators
▫Can log on a server interactively▫Create and delete shares, start and stop
some services▫Back up and restore files▫Format the disk, shutdown the computer
and modify the system date and time.
![Page 14: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/14.jpg)
Working with Default Groups•Users•DNSAdmins
▫Permits administrative access to the DNS server service.
•Domain Admins•Domain Computers
▫Contains all computers.▫Used to make computer management easier
through group policies.•Domain Controllers – Contains all computers
installed in the domain as a domain controller.
![Page 15: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/15.jpg)
Working with Default Groups•Domain Guests
▫Members include all domain guests.•Domain Users
▫Used to assign permissions to all users in the domain.
•Enterprise Admins▫Allows the global administrative privileges
associated with this group, such as the ability to create and delete domains.
![Page 16: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/16.jpg)
Working with Default Groups
•Schema Admins▫Members can manage and modify the
Active Directory schema.•See Table 5-1 on Page 106 - 111
![Page 17: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/17.jpg)
Special Identity Groups and Local Groups•Authenticated Users
▫Used to allow controlled access to resources throughout the forest or domain.
•Everyone •See Table 5-2 on Page 112 - 113
![Page 18: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/18.jpg)
Group Implementation Plan•A plan that states
▫who has the ability and responsibility to create, delete, and manage groups.
•A policy that states▫how domain local, global, and universal
groups are to be used.▫guidelines for creating new groups and
deleting old groups.•A naming standards document to keep
group names consistent.•A standard for group nesting.
![Page 19: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/19.jpg)
Creating Users and Groups
•Active Directory Users and Computers•Batch files
▫DSAdd user username DN –samid SAM account name
▫Dsadd user cn=jsmith,ou=Accounts,dc=lucernepublishing,dc=com –samid jsmith
![Page 20: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/20.jpg)
Creating Users and Groups (Cont.)•Comma-Separated Value Directory
Exchange (CSVDE)▫Header record (See Page 119)▫Csvde.exe –i –f newusers.csv
-i is to import -f is to specify the file to import
![Page 21: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/21.jpg)
Creating Users and Groups (Cont.)•LDAP Data Interchange Format Directory
Exchange (LDIFDE)▫You can Add/Modify/Delete the object▫Ldifde –i –f newobjects.ldf
•Windows Script Host (WSH)▫See code on Page 121
![Page 22: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/22.jpg)
Creating Users and Groups (Cont.)•Windows PowerShell
▫$objOU=[ADSI]”LDAP://OU=People, DC=contoso, DC=Com”
▫$objUser = $objOU.Create(“user”,”CN=Mary North”)
▫$objUser.put(SamAccountName”,”mary.north”)
▫$objUser.SetInfo()▫Windows 2008 R2
Import-module ActiveDirectory New-ADusers –SamAccountName “mary.north”
![Page 23: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/23.jpg)
Creating Users and Groups (Cont.)•Note:
▫CSVDE and LDIFDE cannot import user’s password, hence the user will be disabled by default
▫Only DSADD supports specifying the password
![Page 24: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/24.jpg)
Offline Domain Join• Offline domain join is a process to add computers to a
domain in locations where there is no connectivity to a corporate network.▫ Windows Server 2008 R2▫ Windows 7 image or on running computer
• The offline domain join process includes the following phases:▫ Run the djoin.exe/provision
To create computer account metadata from the text file djoin /provision /domain <domain_name> /machine <destination
computer> /savefile <filename.txt> ▫ Run the djoin.exe/requestODJ
To insert the computer account metadata into the Windows directory of the destination computer:
djoin /requestodj /loadfile <filename.txt>
![Page 25: CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+](https://reader036.vdocuments.net/reader036/viewer/2022062407/56649e315503460f94b21e60/html5/thumbnails/25.jpg)
Assignment
•Fill in the blank▫1-10
•Multiple Choice▫1-10
•Online Lab 5