Active Directory is managed by the controller domain. When you install and configure a domain controller, Active Directory installs many organizations for you, allowing you to build and manage various types of objects. In fact, Active Directory is a central database in which various objects are stored, such as user accounts, computer accounts, groups, OUs, and so on. The contents of the Active Directory objects include the information needed for the object, including descriptions, file system rights, security indexes, application rights, and directory information.
As a network administrator, one of your main responsibilities is to build and configure users, groups, computer accounts, organizational units (OUs) and group poliy. Similar to the Active Directory directory in previous versions of Windows Server, Windows Server 2008 also uses Active Directory Users Directory and Active Directory Users and Computers to manage user accounts, groups, and computers. In addition to the tasks mentioned above, you can manage other aspects of Active Directory, including group policy, domain controller, domain security policy, and so on.
With this console, which is most used in day-to-day management tasks in Active Directory, it is used to create, manage and maintain, as well as delete computer accounts and user accounts in Active Directory. It should be noted that objects are nestled in Active Directory in groups called Organizing Units (OUs). Most of the tasks are done by the console
Active Directory Users and Computers will include the following:
- Add a new user in the Active Directory
- Change user passwords
- Transfer certain rights to file servers
- Allow remote access to the network
- Set up login and logout scripts
- Build security groups
Many applications, including Exchange Server, Terminal Services, and System Center, have the ability to add active directories in many situations. These programs allow the Active Directory to manage their affiliated objects. For example, if you add the Terminal Services application to your network, you can control the duration of each user's connection to the network through the Active Directory Users and Computers console.
You can use the following paths to access the Active Directory Users and Computers console:
Note that only Domain Controllers have such a console and if you can not find this console, make sure you log in to the control panel.
Start --> Programs --> Administrative Tools Active Directory Users and Computers
Start --> Control Panel --> Administrative Tools Active Directory Users and Computers
After learning how to access Active Directory Users and Computers, it's time to review the default containers and OUs. After installing and configuring the Domain controller, by default, you will see several built-in containers and OUs in the Active Directory Users and Computers console (Figure 1). The forest-based Active Directory structure is that each Forest can have multiple Domains and Or Tree. The Active Directory Users and Computers console does not allow you to work with the Forest structure, and you can only manage the Domain structure with it.
If you look at the image, you see that itpro.local is the domain that exists on my network. All objects created in my Active Directory structure are part of the itpro.local domain. But this is not the only one that exists on my network. The Active Directory Users and Computers console shows us only one domain at a time, in order to avoid complexity and ambiguity in the management of domains. The domain on the first page of this console is in fact the same domain as the Domain controller we have logged in. This is where we logged on the domain controller that itpro.local domain is located on.
But the problem here is that domains may be physically and geographically spaced apart. For example, there are many companies that have offices in different regions and each domain has a domain and you need one tool to access any of these domains. You can also access domains that you trust and access to through the Active Directory Users and Computers console. All you need to do is right click on the domain and click Connect To Domain. It will open a page that will allow you to type the domain name you want to use or select the domain you want from the list. And it's easy to open the domain with the Browse option.
In (Figure 1), you see a number of Containers, each referring to a type of object. Any object that is created in Active Directory is associated with an Object Type, in which they are referred to as the Object Class or Object Class. Each object also has its own attributes or attributes that are related to it, depending on the type of objects. After installing and configuring a controller domain, you will see several containers in the Active Directory Users and Computers console that are: (similar to Folder)
Built-In: Contains all preconfigured security groups that are automatically created when the controller domain is installed. These groups provide standard permissions on different objects within the Active Directory. This Container includes groups of Account Operators group, Administrators, Users Backup Operators, Server Operators, Replicators, Users, Remote Desktop, and Print Operators.
Computers: Includes work stations within your domain. By default, there is no workstation inside this container, but by joining a workstation to your domain, you can view that computer in this container.
Domain Controllers: Includes all Domain Controllers that control your domain.
Foreign Security Principals: This container holds all objects that are not part of your domain and assigns permissions that must be used.
Users: Includes all security accounts that are part of the domain. There are several groups in this container that are automatically created when installing the controller domain. This container contains the administrator's default account and groups such as Domain Admins, Enterprise Admins, Domain Controllers, Domain Guests, Domain Users, Schema Admins, Guests, etc.
In addition, you can create and manage various types of Active Directory objects. Some of these objects are as follows:
Computer: Computer objects display workstations that are part of a domain Active Directory. All computers within a Domain share in the same security database, which includes group and user information. Computer objects are useful for managing security privileges and enforcement of Group Policy constraints.
Contact: These objects are usually used in OUs to specify management contacts. Contacts do not have security responsibilities similar to users, and only serve to identify information about individuals within organizations.
Group: Group objects are logical sets of primary users that allocate security access to resources. When managing users, you need to put them into groups and then assign permissions to the group. This provides a more flexible management solution without the need to assign permissions individually to the user.
Organizational Unit: An OU object is used to create a hierarchy of Active Active Directory directories. It is the smallest unit used to build management groups. It can also be used to allocate group policies. Typically, an OU structure within a hierarchy domain reflects the organization of a business enterprise.
Printer: A printer for the printer device.
Shared Folder: This is a mapping object for server shares. They are used to organize various file sources that may be available on file / print servers. Often the Shared Folder objects are used to give a logical name to a specific file set.
User: An Active Security user object on the Active Directory. User accounts include information about individuals such as passwords and other permissions information.
,
