Documente Academic
Documente Profesional
Documente Cultură
Module Overview
Work with Active Directory Administration Tools Custom Consoles and Least Privilege Find Objects in Active Directory Use Windows PowerShell to Administer Active Directory
Manage most common day-to-day objects, including users, groups, computers, printers, and shared folders
Configure and maintain trust relationships and the domain and forest functional level
controller
Server Manager: Users and Computers, Sites and Services Administrative Tools folder
Download RSAT from www.microsoft.com/downloads Double-click the file, then follow the instructions in the Setup Wizard Control Panel Programs And Features Turn Windows Features On Or Off Remote Server Administration Tools
snap-ins
How to register the Active Directory Schema snap-in Where to save a custom console
Secure Administration with Least Privilege, Run As Administrator, and User Account Control
Maintain at least two accounts
standard user
the console and click Run As Administrator Use another account the user name and password for your administrative account
Demonstration: Secure Administration with User Account Control and Run As Administrator
In this demonstration, you will see:
How to run a custom console as an administrator
location
Administrative Tools
Administrative Console
Logon information
Virtual machine Logon user name Administrative user name 6425C-NYC-DC1 Pat.Coleman Pat.Coleman_Admin
Lab Scenario
In this exercise, you are Pat Coleman, an Active Directory
administrator at Contoso, Ltd. You are responsible for a variety of Active Directory support tasks, and you have found yourself constantly opening multiple consoles from the Administrative Tools folder in Control Panel. You have decided to build a single console that contains all the snap-ins you require to do your work. Additionally, the Contoso IT security policy is changing, and you will no longer be permitted to log on to a system with credentials that have administrative privileges, unless there is an emergency. Instead, you are required to log on with nonprivileged credentials.
Lab Review
Which snap-in are you most likely to use on a day-to-day
Options for Locating Objects in Active Directory Users and Demonstration: Control the View of Objects in Active
Demonstration: Use the Find Command Determine Where an Object Is Located Demonstration: Use Saved Queries Demonstration: Find Objects by Using Active Directory
Administrative Center
Select the user or group that will be displayed on the Managed By tab
Perform a search to locate the object in Active Directory, instead of browsing for the object
Demonstration: Use the Select Users, Contacts, Computers, Service Accounts, or Groups Dialog Box
In this demonstration, you will see:
How to select users with the Select dialog box
Sorting: Use column headings to find the objects based on the columns
Find command
3.
4. 5.
or
In the Find dialog box, click View, click Choose Columns, and then add the Published At column
administration
Administrative Center
Administrative Center
Logon information
Virtual machine Logon user name Administrative user name 6425C-NYC-DC1 Pat.Coleman Pat.Coleman_Admin
Lab Scenario
Contoso now spans five geographic sites around the world,
with over 1,000 employees. As your domain has become populated with so many objects, it has become more difficult to locate objects by browsing. You are tasked with defining best practices for locating objects in Active Directory for the rest of the team of administrators. You are also asked to monitor the health of certain types of accounts.
Lab Review
In your work, what scenarios require you to search Active
Directory?
PowerShell
Actions can be accomplished in the command-line console Actions can also be invoked within GUIs by running PowerShell commands in the background
Windows Server 2003, Windows Vista, and Windows Server 2008 with Service Pack 1
Windows PowerShell requires Microsoft .NET Framework 2.0 Active Directory Module for Windows PowerShell is included
with AD DS or AD LDS
Verb
Noun
Parameters
Example
Get Set
ADUser ADUser
<string>
Get
Cmdlets can be pipelined to other cmdlets: ADUser -Filter Get-Aduser Filter Name like *
Get-ADuser Don | Set_Aduser Department Marketing
account
Directory
Logon information
Virtual machine Administrative user name Password 6425C-NYC-DC1 Contoso\Administrator Pa$$w0rd
Lab Scenario
Contoso is growing, and changes need to be made to
objects in Active Directory. You are an administrator of AD DS, and you know that it is easier to view, create, delete, and modify objects by using Windows PowerShell.
Lab Review
Which common Active Directory cmdlet parameter is used
to limit search results to matches based on attributes? to specify the attributes that you want in your query results? for an Active Directory object?
How can you see a list of all attributes that are available