1 / 23

Any Questions?

Any Questions?. Chapter 4 Group Accounts. Create and manage groups Create and modify groups by using the Microsoft Active Directory Users And Computers MMC snap-in Identify and modify the scope of a group Manage group membership Create and modify groups by using automation. Pg 4-1.

jasper
Download Presentation

Any Questions?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Any Questions?

  2. Chapter 4 Group Accounts • Create and manage groups • Create and modify groups by using the Microsoft Active Directory Users And Computers MMC snap-in • Identify and modify the scope of a group • Manage group membership • Create and modify groups by using automation Pg 4-1

  3. Chapter 4 Group Accounts • Lesson 1: Understanding Group Types and Scopes • Lesson 2: Managing Group Accounts • Lesson 3: Using Automation to Manage Group Accounts Pg 4-1

  4. Chapter 4 Lesson 1Understanding Group Types and Scopes • Identify the two types of groups and their proper use • Identify the three types of group scope and their proper use • Understand the difference between groups and identities Pg 4-3

  5. Domain Functional Level • Windows 2000 mixed For supporting Microsoft Windows NT 4, Windows 2000, and Windows Server 2003 domain controllers • Windows 2000 native For supporting Windows 2000 and Windows Server 2003 domain controllers • Windows Server 2003 interim For supporting Windows NT 4 and Windows Server 2003 domain controllers • Windows Server 2003 For supporting Windows Server 2003 domain controllers Pg 4-3

  6. Group Scope • How permissions are assigned • Domain Local • Domain Global • Universal Pg 4-4

  7. Local groups • Machine local groups on individual machines • Backward compatible with NT4 • Not used on Domain Controllers • Can include members from any domain • Only sets permissions for that machine Pg 4-4

  8. Domain Local groups • Primarily for Domain Local resources • Exist in all mixed, interim, and native functional level domains and forests. • Are available domainwide only in Windows 2000 native or Windows Server 2003 domain functional level domains. Domain local groups function as a local group on the domain controllers while the domain is in mixed or interim domain functional level. • Can include members from any domain in the forest, from trusted domains in other forests, and from trusted down-level domains. • Have domain wide scope in Windows 2000 native and Windows Server 2003 domain functional level domains and can be used to grant resource permission on any computer running Windows Server 2003 within, but not beyond, the domain in which the group exists. Pg 4-4

  9. Universal Groups • Grant resources in all trusted domains • Remember trees and forests? • Only for Security • Universal groups can include members from any domain in the forest. • In domains configured at the Windows 2000 native or Windows Server 2003 domain functional level, you can grant universal groups permissions in any domain, including domains in other forests with which a trust exists. Pg 4-5

  10. Group Scope Pg 4-6

  11. Group Conversion • In windows 2003 and 2000 native you can change scope • You can also use dsmod • dsmod group “CN=Finance,OU=Groups,DC=contoso,DC=com” -scope u • Cannot change if it would violate group membership rules • Can also convert type from security to distribution Pg 4-8

  12. Special Identities • Cannot be created or modified • Can be used to set permissions Pg 4-8

  13. Special Identities Pg 4-8

  14. Any Questions?

  15. Chapter 4 Lesson 2Managing Group Accounts • Create a group • Modify the membership of a group • Find the domain groups to which a user belongs Pg 4-12

  16. Creating a Security Group • Active Directory Users and Computers MMC • Security Groups • Used to specify permissions in an ACL • Domain Local or Global in Scope • Distribution Groups • Only for e-mail • Can create Universal Pg 4-12

  17. Modifying Group Membership • Add or remove members • Using the search functionality • Find all • Filter to be more specific Pg 4-12

  18. Any Questions?

  19. Chapter 4 Lesson 3Using Automation to Manage Group Accounts • Import security principals with Ldifde • Export security principals with Ldifde • Use the Dsadd and Dsmod commands to create and modify groups Pg 4-15

  20. Real World • Accessing the data that already exists • Export in usable format • CSVDE.EXE • LDIFDE.EXE Pg 4-15

  21. CSVDE • Can import or export details from a flat .csv file Pg 4-15

  22. LDIFDE • Uses lightwieght directory Access protocol (LDAP) • Common format for many directory services Pg 4-15

  23. Command Line • DSADD • DSGET • DSMOD • DSMOVE • DSRM • VBSCRIPT Pg 4-15

More Related