Scribd Logo
Upload

Welcome to Scribd!

  • What Is Active Directory Users and Computers

    Uploaded by

    VadimFaureanu
    9 views6 pages
    Active Directory is a centralized directory that stores user accounts, computers, security groups and permissions. It allows administrators to manage network resources from a single location. Common tasks in Active Directory include creating and deleting user accounts when employees are hired or leave, and resetting passwords when users forget them. Active Directory solves problems that would exist without it, such as having to create and manage local user accounts on each individual computer on the network.

    Original Description:

    DDirectory

    Original Title

    What+is+Active+Directory+Users+and+Computers

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Active Directory is a centralized directory that stores user accounts, computers, security groups and permissions. It allows administrators to manage network resources from a single location. Common tasks in Active Directory include creating and deleting user accounts when employees are hired or leave, and resetting passwords when users forget them. Active Directory solves problems that would exist without it, such as having to create and manage local user accounts on each individual computer on the network.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views6 pages

    What Is Active Directory Users and Computers

    Uploaded by

    VadimFaureanu
    Active Directory is a centralized directory that stores user accounts, computers, security groups and permissions. It allows administrators to manage network resources from a single location. Common tasks in Active Directory include creating and deleting user accounts when employees are hired or leave, and resetting passwords when users forget them. Active Directory solves problems that would exist without it, such as having to create and manage local user accounts on each individual computer on the network.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Paul Hill | itFlee.

    com

    Active Directory Users and Computers (also known as Active Directory or AD for short) is a tool that is installed when a
    server has the Active Directory Domain Services role installed. Just as the name implies, Active Directory is a live
    directory (or database) that stores user accounts (and their passwords), computers, printers, file shares, security groups
    and their respective permissions.

    A group could be made up of users, computers, printers or file shares. The reason for using groups within Active
    Directory is frequently for security purposes. You can use AD and Group Policy together to assign specific permissions for
    objects within Active Directory.

    The purpose of Active Directory is to handle security authentication across the domain. One of the ways AD does this is
    by only allowing authorized users to logon to the network. Active Directory also provides centralized security
    management of your network resources by storing things like user names and passwords in one location instead of the
    administrator needing to store this information on each individual computer.

    The most common task you will be asked to do in Active Directory is reset user passwords and create or delete user
    accounts. For example, every time a new employee is hired at your company, they will need login credentials. You will
    need to create their account and help them login for the first time. Quite often people will forget their passwords and
    ask you to reset it for them.

    If you did not have Active Directory you would need to create local user accounts on each computer, the new employee
    would like to access. Also, every time you had to reset a password for that user you would need to do it on each
    computer they had an account on. This is not a big deal if you only have two or three computers, but what happens
    when you have over 200 computers on the network?

    Active Directory solves this problem by having the accounts all stored in one place. When a user tries to log in to a
    domain joined workstation, the computer reaches out to the domain controller and checks the entered credentials
    against the credentials stored in Active Directory. This means that when a user changes his password in Active Directory
    the change will be effective for all domain computers on the network.

    This example not only applies to user accounts, but the other objects that can be stored in Active Directory like
    computers, printers, file shares and security groups.

    Now that you understand what Active Directory is, let’s learn about the interface. To start AD, open Server Manager.
    Select Tools > Active Directory Users and Computers.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    The Active Directory Users and Computers window will appear:

    This window looks like those you have seen before (DNS manager, DHCP, etc). On the left, we have our navigation pane
    and on the right, we have the contents of the current location.

    On the menu, we have File, Action, View, and Help. Within the File menu you can either exit Active Directory or select
    Options. Within the options you can delete any changes you have made to the view of the Active Directory Users and
    Computers console.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    The Action menu is the exact same menu you get when you right-click on an object within either the navigation or
    contents pane. The View menu allows you to add or remove columns to allow you to quickly show or hide additional
    information as necessary.

    Most importantly, you can enable the Advanced Features view mode. This viewing mode shows a lot of hidden (and
    useful) information that you would otherwise not be able to find.

    At the top of our navigation pane we have Saved Queries and the name of your domain (itflee.com in my case). Saved
    Queries is commonly ignored by many administrators. It allows you to quickly locate things like expired or locked out
    user accounts, user accounts who have not logged in within the last 30 days and more. As the name implies you can
    create these searches and save them for later use. This can make redundant tasks much easier.

    Itflee.com refers to the domain the Active Directory is servicing. You may right click on the domain to complete several
    actions.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    Delegating control will allow you to choose additional users who may manage the domain. The find button allows you to
    locate objects stored within this domain. You may change domains by selecting the Change Domain option. You would
    use this option if you have a sub-domain to itflee.com like training.itflee.com. You can also change to another Domain
    Controller that is on the network by selecting the Change Domain Controller option.

    The raise domain functional level option is used to enable Active Directory features when you have multiple Domain
    Controllers on a network. Some features are only available when all your servers are updated to the latest version
    available. For example, if you have a 2012 domain controller and a 2016 domain controller both servicing the same
    network, your domains functional level will be that of the 2012 domain controller. Meaning the servers cannot use the
    features of 2016 but only the features included with 2012. If you were to upgrade the 2012 server to 2016, you could
    then raise your domains functional level to enable the new features. If I click on this option I can see that my domain
    functional level is Windows Server 2016.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    Choosing the Operations Masters allows you to choose which servers operate master roles like the Schema Master,
    Domain Name Naming Master, Relative Identified (ID) Master, Primary Domain Controller (PDC) Emulator and
    Infrastructure Master.

    If you have multiple domain controllers on your network you can change which servers have what roles. This is
    something you would need to do when remove a domain controller from the network.

    Active Directory Domain Services is a “multimaster enabled database” which means several domain controllers can
    make changes to the database. Allowing multiple DCs to write changes to the database can sometimes cause conflicting
    updates to occur. This is where Operations Masters steps in to resolve this issue by only allowing certain DCs to make
    changes to certain parts of AD DS.

    Since we do not have any additional DCs on the network, we cannot change any of the Operations Masters settings.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    The New option allows you to create new objects within Active Directory like user or computer accounts and more. That
    is all we are going to cover in this lecture. Now you know what Active Directory is and what it is used for. Great job and I
    will see you in the next lecture!

    Paul Hill | PaulH@itflee.com | itFlee.com

    You might also like