Active Directory Basic


  • File—Here you can access the Options menu, which allows you to clean up console information. You can also quit Active Directory Users And Computers by clicking Exit.
  • Action—This menu allows you to perform different actions depending on which container object you’ve selected. For example, if you select the Users container, you might see the Delegate Control menu option and options that allow you to create new users and groups, but if you select a particular User object, you’ll see actions about what you can do to a user, such as resetting passwords and disabling accounts.
  • View—This menu choice allows you to customize the appearance of Active Directory Users And Computers. You can change how objects appear, how many columns Active Directory Users And Computers displays, and even filter out objects you don’t want to appear.
  • Window—This menu choice allows you to display multiple MMC windows and control how those windows appear on your server.
  • Help—Obviously, this choice allows you to access Active Directory Users And Computers Help files.

The button bar
As in most MMCs, the button bar in Active Directory Users And Computers closely resembles a Web browser. Like browser buttons, these buttons are relatively self-explanatory. Left to right, these buttons are:

  • Back
  • Forward
  • Up One Level
  • Show/Hide Console
  • Paste
  • Properties
  • Refresh
  • Export List
  • Help
  • Create New User
  • Create New Group
  • Create New Organizational Unit
  • Set Filter
  • Find Objects
  • Add Objects To Group

You’ll notice that as you go from container to container in the left pane, buttons sometimes will become unavailable. For example, if you go to the Computers container, you can’t use the Create New Organizational Unit button.

The Console Tree
The left pane is called the Console Tree. This tree displays all of the container objects for Active Directory. Somewhat as you do in the Hive in the Windows Registry, you’ll navigate through the Console Tree to get to Active Directory objects. Default objects you’ll find in Windows Server 2003’s Console Tree are:

  • Saved Queries—Allows you to store XML queries that perform actions on groups of objects.
  • DomainWhere Domain is the name of your Active Directory Domain. This is the main container for Active Directory and contains all of the other container and organizational unit objects.
  • BuiltinContains all of the default security groups that come with Windows Server 2003 such as Administrators, Groups, Users, and Pre-2000 Computers.
  • Computers—Contains all of the workstations and member servers on your network.
  • Domain Controllers—Contains all of the domain controllers for your Active Directory tree.
  • ForeignSecurityPrincipalsStores security principal objects within a trusted domain.
  • LostAndFoundHere you’ll find the objects that were supposed to replicate across the directory but couldn’t for some reason. Objects will appear here if they were created at the same time the container that holds them was deleted. This will probably only happen where you have multiple network administrators working in Active Directory.
  • NTDS Quotas—Stores quota objects, which restrict the number of objects a user can create in a container.
  • Program Data—Contains object information pertaining to network applications, specifically data stored directly into Active Directory.
  • System—Contains additional containers that store system information for Active Directory such as Group Policies, DNS, IPSec, and DFS Configurations.
  • User—This is the default container for Active Directory users.

In addition to these default containers, you can create additional containers called Organizational Units. Organizational Units can be structured to reflect your organization or however else you want to organize your Active Directory tree. They can contain other objects such as users, groups, printers, shared folders, or even other Organizational Units.

Common Active Directory objects
Within the containers reside objects, which represent every resource that has access on your network. As you look through the various containers discussed above, you’ll see the objects appear in the right pane.

Microsoft has done a pretty good job of giving the objects meaningful names. You can quickly guess what an object does by its name. For example, the DHCP Users object is a group object containing members that have read-only access to DHCP. Even if you can’t discern an object’s purpose by its name, Microsoft has included a Description column that tells you what each default object does.

Each object is made up of a group of properties, which describe the object and what it can do on the network. You can view the properties for an object by right-clicking it and selecting Properties. I’ll describe the Properties for the following objects:

  • Computer
  • Group
  • User

I’m only going to describe the default tabs for each object. Applications that extend Active Directory’s Schema, such as Exchange, will add additional tabs to objects.

Computer
The Computer object describes computers that have rights on the network. It can describe domain controllers, member servers, or workstations. You’ll find domain controllers in the Domain Controllers container. Member servers and workstations will appear in the Computers container. When you right-click a Computer object and select Properties, you’ll see the screen shown in Figure B.

Figure B
Active Directory’s Computer object

As with most Properties pages, you’ll find tabs with further information. Tabs on the Computer Properties page include:

  • General—This tab provides basic information about the object, including both its NetBIOS name and its DNS name. The most important check box here is Trust Computer For Delegation. You’ll select it if you want the computer to be able to request services from another computer.
  • Operating System—This tab will show you the operating system running on the computer and what Service Packs have been applied to it.
  • Member Of—Here you’ll make the computer a member of a group.
  • Location—On this tab you can enter a string describing where the computer is located.
  • Managed By—Here you can enter information about who’s in charge of the computer. You can quickly assign someone by selecting their information directly from Active Directory.
  • Object—This tab displays information about the object including its name, when it was created, when it was last updated, and the Update Sequence Numbers for it.
  • Security—This tab controls the Active Directory rights other objects have to this object. The Group Or Users box lists the objects with rights and the Permissions box describes the permissions the selected object has.
  • Dial-in—Here you’ll decide whether or not users can remotely access the computer, whether by dial-up or VPN. You can also set callback options for extra security.

Group
If you right click a Group object, you’ll see the screen shown in Figure C.

Figure C
A typical Active Directory Group

Tabs on the Group object include:

  • General—This tab displays information about the object. You can view, but not change Group Scope and Group Type for Groups. You can change all other fields on this page.
  • Members—Here you can add and remove group members. By clicking the Add button, you can add individual objects or select multiple objects.
  • Member Of—This tab lists the groups that the object belongs to. You can add or delete group membership here.
  • Managed By—Here you can enter information about who’s in charge of the computer. You can quickly assign someone by selecting their information directly from Active Directory.
  • Object—This tab displays information about the object including its name, when it was created, when it was last updated, and the Update Sequence Numbers for it.
  • Security—This tab controls the Active Directory rights other objects have to this object. The Group Or Users box lists the objects with rights and the Permissions box describes the permissions the selected object has.

User
When you right-click a User object and select Properties, you’ll see the screen shown in Figure D.

Figure D
A typical User object

Tabs on User objects include:

  • General—Displays general descriptive information about the user, including name, e-mail address and Web site address.
  • Address—This tab displays snail mail addresses for the user.
  • Account—Here you’ll find detailed account information for the user. You can view and change the logon name for the user, along with controlling when the user can log on to the network. The Account Options on this tab allow you to force users to change their password at next logon, prevent them from changing passwords, require a Smart Card for logon, and enable delegation for the account. You’ll also use this page if the account gets locked out due to logon failures.
  • Profile—On this tab you’ll specify the paths to any logon scripts you’re using. You can also specify a path to the user’s profile here.
  • Telephones—This tab serves as a repository for any telephone numbers you have for the user, including pagers, cell phones, and IP telephone numbers.
  • Organization—Don’t confuse this tab with Active Directory’s Organizational Unit object. Here, you’ll place information about the user’s company, including job title, department, and company name. You can also import Manager information from Active Directory.
  • Environment—This tab controls the Terminal Services startup environment for the user.
  • Sessions—This tab helps you control how the user interacts with Terminal Services, including how long a session stays connected and what happens if you disconnect from the server.
  • Remote Control—This tab allows you to remotely control a user’s Terminal Services session. You can set settings that allow you to only view the session or to work in the session as well.
  • Terminal Services Profile—This tab is similar to the Profile tab, but this only controls profile information for the Terminal Services session.
  • COM+—You can assign the user to be part of a COM+ partition set here.
  • Published Certificates—This tab allows you to associate X.509 security certificates with the user.
  • Member Of—This tab lists the groups that the object belongs to. You can add or delete group membership here.
  • Dial-in—Here you’ll decide whether or not users can remotely access the computer, whether by dial-up or VPN. You can also set callback options for extra security.
  • Object—This tab displays information about the object including its name, when it was created, when it was last updated, and the Update Sequence Numbers for it.
  • Security—This tab controls the Active Directory rights other objects have to this object. The Group Or Users box lists the objects with rights and the Permissions box describes the permissions the selected object has.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: