Download
module 2 managing user and computer accounts n.
Skip this Video
Loading SlideShow in 5 Seconds..
Module 2: Managing User and Computer Accounts PowerPoint Presentation
Download Presentation
Module 2: Managing User and Computer Accounts

Module 2: Managing User and Computer Accounts

813 Views Download Presentation
Download Presentation

Module 2: Managing User and Computer Accounts

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Module 2: Managing User and Computer Accounts

  2. Overview • Creating User Accounts • Creating Computer Accounts • Modifying User and Computer Account Properties • Creating a User Account Template • Managing User and Computer Accounts • Using Queries to Locate User and Computer Accounts in Active Directory

  3. Lesson: Creating User Accounts • What Is a User Account? • Names Associated with Domain User Accounts • Guidelines for Creating a User Account Naming Convention • User Account Placement in a Hierarchy • User Account Password Options • When to Require or Restrict Password Changes • Tools to Create User Accounts • Practice: Creating User Accounts • Best Practices for Creating User Accounts

  4. What Is a User Account? Local user accounts (stored on local computer) Domain user accounts (stored in Active Directory) Windows Server 2003 Domain Multimedia: Types of User Accounts

  5. Names Associated with Domain User Accounts

  6. Guidelines for Creating a User Account Naming Convention A convention for naming user accounts should accommodate: • Employees with identical names • Different types of employees, such as temporary or contract employees

  7. User Account Placement in a Hierarchy North America Accounting Users Users South America Sales Users Users Geopolitical Design Business Design

  8. User Account Password Options

  9. When to Require or Restrict Password Changes

  10. Tools to Create User Accounts Tools available to create user accounts • Active Directory Users and Computers • Command-line utilities • Dsadd • Net user • Batch utilities • CSVDE • LDIFDE • Computer Management MMC to create local users

  11. Practice: Creating User Accounts In this practice, you will: • Create a local user account by using Computer Management • Create a domain account by using Active Directory Users and Computers • Create a domain user account by using dsadd

  12. Best Practices for Creating User Accounts Best practices for creating local user accounts • Limit the number of people who can log on locally • Rename the Administrator account • Use strong passwords Best practices for creating domain user accounts • Do not use the Users container for ordinary user accounts • Disable any account that will not be used immediately • Require users to change their passwords the first time that they log on

  13. Lesson: Creating Computer Accounts • What Is a Computer Account? • Why Create a Computer Account? • Where Computer Accounts Are Created in a Domain • Computer Account Options • Practice: Creating a Computer Account

  14. What Is a Computer Account? • Identifies a computer in a domain • Provides a means for authenticating and auditing computer access to the network and to domain resources • Is required for every computer running: • Windows Server 2003 • Windows XP Professional • Windows 2000 • Windows NT

  15. Why Create a Computer Account? • Security • Authentication • Auditing • Management • Software deployment • Desktop management • Hardware and software inventory through Systems Management Server

  16. Where Computer Accounts Are Created in a Domain Computers that join a domain are created in the Computers container Computer accounts can be moved to or created in other organizational units

  17. Computer Account Options

  18. Practice: Creating a Computer Account In this practice, you will: • Create a computer account by using Active Directory Users and Computers • Create a computer account by using dsadd

  19. Lesson: Modifying User and Computer Account Properties • When to Modify User and Computer Account Properties • Properties Associated with User Accounts • Renaming a User Account • Properties Associated with Computer Accounts • Practice: Modifying User and Computer Account Properties

  20. When to Modify User and Computer Account Properties Modify user account properties to: • Make it easier to use search capabilities to find users • Match a company’s organizational hierarchy • Determine the group membership of a user account Modify computer account properties to: • Assist in asset tracking (Location property) • Document who manages a computer (Managed By property)

  21. Properties Associated with User Accounts The Properties dialog box for a user account contains:

  22. Renaming a User Account The Rename User dialog box

  23. Properties Associated with Computer Accounts The Properties dialog box for a computer account contains:

  24. Practice: Modifying User and Computer Account Properties In this practice, you will modify userand computer account properties

  25. Lesson: Creating a User Account Template • What Is a User Account Template? • What Properties Are in a Template? • Guidelines for Creating User Account Templates • Practice: Creating a User Account Template

  26. What Is a User Account Template? • Employs a user account with properties meeting common user requirements • Makes creating user accounts with standardized configurations more efficient User AccountTemplate

  27. What Properties Are in a Template?

  28. Guidelines for Creating User Account Templates • Create a separate classification for each department • Create a separate group for short-term and temporary employees • Set user account expiration dates for short-term and temporary employees • Disable the account template • Identify the account template

  29. Practice: Creating a User Account Template In this practice, you will create a user account template

  30. Lesson: Managing User and Computer Accounts • Why Enable or Disable User and Computer Accounts? • What Are Locked-Out User Accounts? • When to Reset User Passwords • When to Reset Computer Accounts • Practice: Resetting and Disabling a User Account

  31. Why Enable or Disable User and Computer Accounts? Scenarios for disabling accounts • User takes a leave of absence • Creating accounts that will not be used immediately Tools available for disabling or enabling accounts • Active Directory Users and Computers • Dsmod command

  32. What Are Locked-Out User Accounts? • Account lockout thresholds: • Define the number of failed logon attempts • Prevent hackers from guessing user passwords • Logon failures can occur: • At the logon screen • At a screen saver protected by a password • When accessing network resources

  33. When to Reset User Passwords • Reset a password when a user forgets his or her password • After the local user’s password has been reset, the user can no longer access some types of information

  34. When to Reset Computer Accounts Reset computer accounts when: • Computers fail to authenticate to the domain • Passwords need to be synchronized

  35. Practice: Resetting and Disabling a User Account In this practice, you will: • Reset a user account password • Disable user accounts

  36. Lesson: Using Queries to Locate User and Computer Accounts in Active Directory • Multimedia: Introduction to Locating User and Computer Accounts in Active Directory • Search Types • What Is a Saved Query? • Importing and Exporting Saved Queries • Practice: Using Saved Queries to Locate Users and Computers in Active Directory

  37. Multimedia: Introduction to Locating User and Computer Accounts in Active Directory This presentation will explain how to locate objects in Active Directory

  38. Search Types Basic query criteria include: • Object type • Location • General values associated with the object, such as name and description

  39. What Is a Saved Query?

  40. Importing and Exporting Saved Queries

  41. In this practice, you will: Create a query to find computer accounts in the sales department Export the query as an XML file in the Admin_tools shared folder Practice: Using Queries to Locate Users and Computers in Active Directory

  42. Lab: Managing User and Computer Accounts In this lab, you will: • Create user accounts • Create computer accounts • Use queries to locate objects • Modify user and computer properties