Active Directory Objects Link to heading

Active Directory (AD) encompasses various types of objects that are essential for managing and organizing network resources. This section provides a detailed overview of user accounts, groups, and other objects within an AD environment.

User Accounts Link to heading

Creating and Managing User Accounts Link to heading

• Creation: User accounts can be created using the Active Directory Users and Computers (ADUC) tool or PowerShell. During creation, you specify essential details such as username, password, and organizational unit (OU) placement.
• Management: User accounts can be managed to update information, reset passwords, enable/disable accounts, and manage group memberships. Common management tasks include:
  • Profile Settings: Configuring user profiles and login scripts.
  • Password Policies: Applying password policies to enforce complexity and expiration rules.
  • Account Lockout: Managing lockout policies to handle failed login attempts.

User Attributes and Properties Link to heading

• Attributes: Each user account has various attributes, including:
  • Username: The logon name used to access the network.
  • Full Name: The user’s complete name.
  • Email Address: The user’s email contact information.
  • Telephone Number: Contact phone numbers.
• Properties: Additional properties include:
  • Account Status: Active or inactive status.
  • Group Memberships: Lists of security and distribution groups the user belongs to.
  • Profile Path: Location of the user’s profile folder on the network.

Groups Link to heading

Group Types: Security and Distribution Link to heading

• Security Groups:

  • Purpose: Used to assign permissions to resources and control access. Security groups can be granted access to files, folders, and other resources.
  • Scope: Security groups can be used in permissions settings and Group Policy applications.

• Distribution Groups:

  • Purpose: Used for email distribution lists. Distribution groups are primarily for sending email to multiple users at once and do not control access to resources.
  • Scope: Not used in permissions or Group Policy, but useful for email communication.

Group Scope: Domain Local, Global, Universal Link to heading

• Domain Local Groups:

  • Scope: Used to grant permissions within a single domain. They can contain users, groups, and computers from any domain but are primarily used for local domain resource access.
  • Usage: Typically used to manage permissions on resources within the domain.

• Global Groups:

  • Scope: Used to grant permissions across multiple domains in a forest. They can only contain members from the same domain.
  • Usage: Useful for grouping users with similar access needs within a domain.

• Universal Groups:

  • Scope: Used to grant permissions across all domains in a forest. They can contain members from any domain within the forest.
  • Usage: Ideal for managing permissions across an entire forest or multiple domains.

Computers and Other Objects Link to heading

Adding Computers to the Domain Link to heading

• Process: Computers can be added to the domain through:
  • Control Panel: By accessing system properties and changing the computer’s domain membership.
  • PowerShell: Using commands like Add-Computer to automate the process.
• Benefits: Adding computers to the domain allows for centralized management, security policy enforcement, and access to network resources.

Managing Other Object Types (Printers, Contacts) Link to heading

• Printers:

  • Adding Printers: Printers can be added and managed in AD to provide network-wide access. They are typically managed through the Print Management console.
  • Properties: Printer objects include attributes like location, driver information, and permissions.

• Contacts:

  • Creating Contacts: Contacts represent external entities that are not part of the domain but need to be listed in the global address book.
  • Management: Contacts include attributes like email address, phone number, and company information.