02 Admintrating Active Directory

8/13/2019 02 Admintrating Active Directory

1/22

w w w

. t e c h n o c o r p . c

o . i n

Active DirectoryAdministering Active Directory Securely and Efficiently


2/22

w w w


o . i n

Module Overview

Work with Active Directory Administration Tools Custom Consoles and Least Privilege Find Objects in Active Directory Use Windows PowerShell to Administer Active Directory


3/22


4/22


5/22

w w w


o . i n

Active Directory Administration Snap-Ins

Active Directory Users and Computers Manage most common day-to-day objects, including users, groups,

computers, printers, and shared folders Active Directory Sites and Services

Manage replication, network topology, and related services

Active Directory Domains and Trusts Configure and maintain trust relationships and the domain and forest

functional level Active Directory Schema

Administer the Schema


6/22

w w w


o . i n

What Is the Active Directory Administrative Center?

Task-oriented tool based upon Windows PowerShell


7/22

w w w


o . i n

Find Active Directory Administration Too

Active Directory snap-ins are installed on a domain controller Server Manager: Users and Computers, Sites and Services Administrative Tools folder

Install the RSAT on a member client or server Windows Server 2008

Server Manager Features Add Feature Remote Server Administration Windows Vista SP1, Windows 7

Download RSAT from www.microsoft.com/downloads Double-click the file, then follow the instructions in the Setup Wizard Control Panel Programs And Features Turn Windows Features On Or Off

Server Administration Tools
http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads


8/22

w w w


o . i n

Secure Administration with Least Privilege,Run As Administrator, and User AccountControl

Maintain at least two accounts A standard user account An account with administrative privileges

Log on to your computer as a standarduser

Do not log on to your computer withadministrative credentials

Start administrative consoles with RunAs Administrator

1. Right-click the console and click Run AsAdministrator

2. Click Use another account3. Enter the user name and password for your

administrative account


9/22

w w w . t

e c h n o c o r p . c

o . i n

Find Objects in Active Directory Scenarios for Finding Objects in Active Directory Demonstration: Use the Select Users, Contacts, Computers, or Groups

Dialog Box Options for Locating Objects in Active Directory Users and Computers Demonstration: Control the View of Objects in Active Directory Users a

Computers Demonstration: Use the Find Command Determine Where an Object Is Located Demonstration: Use Saved Queries Demonstration: Find Objects by Using Active Directory Administrative

Center


10/22

w w w . t


o . i n

Scenarios for Finding Objects in ActiveDirectory

When you assign permissions to a folder or file Select the group or user to which permissions are assigned When you add members to a group

Select the user or group that will be added as a member When you configure a linked attribute such as Managed By

Select the user or group that will be displayedon the Managed By tab When you need to administer a user, group, or computer

Perform a search to locate the object in Active Directory,instead of browsing for the object


11/22

w w w . t


o . i n

Demonstration: Use the Select Users,Contacts, Computers, Service Accounts, orGroups Dialog BoxIn this demonstration, you will see: How to select users with the Select dialog box


12/22

w w w . t


o . i n

Options for Locating ObjectsSorting: Usecolumn headingsto find theobjects based onthe columns

Searching:Provide thecriteria for whichyou want tosearch


13/22

w w w . t


o . i n

Demonstration: Control the View ofObjects in Active Directory AdministrativToolsIn this demonstration, you will see: How to add or remove columns in the details pane How to sort objects based on columns in the details pane


14/22

w w w . t


o . i n

Demonstration: Use the Find Command

In this demonstration, you will see: How to search for objects in Active Directory using the Find comm


15/22

w w w . t


o . i n

Determine Where an Object is Located

1. Ensure that Advanced Features is enabled2. Find the object3. Open its Properties dialog box4. Click the Object tab5. View the Canonical name of object or

In the Find dialog box, click View , click Choose Columns , aadd the Published At column


16/22


17/22

w w w . t


o . i n

Demonstration: Find Objects by Using Active Directory Administrative Center

In this demonstration, you will see: How to find objects using the Active Directory Administrative Cen How to save queries using the Active Directory Administrative Cen


18/22

w w w . t


o . i n

Use Windows PowerShell to Administer Active Directory

What Is Windows PowerShell? Installation Requirements for Windows PowerShell 2.0 Overview of the Windows PowerShell Syntax Windows PowerShell Cmdlets for Active Directory Demonstration: Manage Users and Groups by Using PowerShell


19/22

w w w . t


o . i n

What Is Windows PowerShell? Windows PowerShell is not a scripting language

At least, it is not only a scripting language PowerShell is an engine designed to run commands that perform

administrative tasks, for example: Creating user accounts Configuring services Deleting mailboxes

PowerShell provides a foundation upon that Microsoft GUI-basedadministrative tools can build upon

Actions can be accomplished in the command-line console Actions can also be invoked within GUIs by running PowerShell commands in th

background


20/22


21/22

w w w . t


o . i n

SyntaxAll Windows PowerShell cmdlets use the same syntax

Cmdlets can be pipelined to other cmdlets:

Get-ADuser Don | Set_Aduser DepartmentMarketing

Verb Noun Parameters Example

Get ADUser Get-Aduser Don

Set ADUser Set-Aduser Department Marketing

Get ADUser -Filter Get-Aduser Filter Name like *


22/22

w w w . t


o . i n

Windows PowerShell Cmdlets for ActiveDirectory PowerShell provides cmdlets to assist in the following:

User, Computer, and Group Management Organizational Unit Management Password Policy Management Searching and Modifying Objects Forest and Domain Management Domain Controller and Operations Master Management Managed Service Account Management

02 Admintrating Active Directory

Documents

Transcript of 02 Admintrating Active Directory