Active Directory Tutorial Flashcards
youtube channels: Server Academy Jobskillshare
workgroup vs domain
workgroup (small groups, like at home network): -no server required -user accounts are required on every machine domain: client-server network -a server, called a domain controller, is required (2012, 2019 windows server with active directory on it) -user accounts, user groups are stored in active directory -manages all computer from server. need access to my machine? add colleague /enable colleague to access my machine via active directory
what is active directory?
It’s a directory service available with the windows server platforms. it stores information in a central database and allows users to have a single user account (called a domain user account) for the network
need to know:
active directory office 365 microsoft exchange ticketing system deployments basic troubleshooting not just a comptiaA++
new hire:
create an account username kmoore, create a computer, add to group, document everything in ticket (always log your process in the ticket)
change user’s title change user’s department
all this is done in active directory!
higher level active directory users
creating policy creating group privileges creating “o-use?” checking and creating logs creating domain controller (?) sys admin complete - help desk uses
sys admin create, and turn over tasks to help desk
help desk: manage & create user, groups, computers (user changes passwork, user changes name, adding people to groups, groups adding to other groups, changing computers, deleting computers, blocking computers….)
domain admin–>LDAP–>active directory
(insert it_support_img2) LDAP - lightweight directory access protocol
image of active directory on the server
(insert it_support_img3) what is the domain name of this active directory environment? –>jobskillshare.org (not necessarily a decipherable name)
how to tell if a computer login is to a workgroup or a domain?
(insert it_support_img4) The login would include / The image is a login to a workgroup
on a domain connected computer, how to you login to the local computer?
/localuser and password need to know local computer name
how to create a new user
start->programs->administration tools-> select active directory users and computers go to computers->new->computer and add the client’s computer name go to users->new->users and ‘create a new user’ with the OpenSSO Enterprise host name as the User ID (login name)
create new object - user
must click box “user must change pass…”
where to give new user more permissions / how to find out what permissions a user has
right click on user, tab “Member Of”, add appropriate group (insert it_support_img6)
how to find out who is in a certain group / what users can have access to certain groups
active directory->users*->right click on group then see “Members” tab *note: a group is a kind of user
find the domain ip address (host ip address? domain=server, host=local) describe the network and the host
cmd >ipconfig 192.168.10.206 domain ip address is 192.168.10.206 the network part is 192.168.10 (this is class C) the host part is .206
reset password vs unlock account
can also simply unlock their account (if they got locked out, eg by entering wrong passwd multiple times) note: if wants to reset AND got locked out, need to do both
create new group
right click domain,click new–>group
group scope and group type
group scope -Domain local : only accessible within our domain -Global : accessible for domains within our forest -Universal : accessible for the whole forest
group type -security : (most common) purpose is restricting access to certain files, domains, actions….or granting access & permissions, create a security group -distribution : ~if you have exchange and want to make an email list to distribute things like “newsletter for helpdesk employees”, create a distribution group
domain - trees and forest
varonis.com an active directory forest (AD forest) is the top most logical container in an active directory configuration that contains domains, users, computers, and group policies docs. microsoft.com : domain-trees a domain tree is made up of several domains that share a common schema and configuration, forming a contiguous namespace. domains in a tree are also linked together by trust relationships. active directory is a set of 1 or more trees. wikipedia domains are identified by their DNS name structure, the namespace. … a forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which user,s computers, groups, and other objects are accessible.
organizational unit
often (best practice) same as domain name –>put users and groups there also as organization units (??what is difference between user organizational domain and the Users folder under the domain?)
create a shared folder (“file shares”)
active directory->right click on domain name–>new–>shared folder name “ (example ‘Knowledge Documents’) network path ——– on your server: create a folder : ‘Share’ (or something) right-click, properties–>Sharing tab click Share… –>Choose people on your… type: domain users* you can search for specific user as well as groups in the ‘Add’ field note! the group names have spaces: ‘Domain Users’ is a (default) group! choose permission level ‘read’ (default) or ‘read and write’ now you are shown the status ‘Your folder is shared’ along with the network path of the shared folder –>use this in your new AD object creation Network path (\server\share) \IPDC01\Share now we have shared folder published to active domain, and so we can map it automatically in a group policy ex: help desk group includes access to the Z: drive which is mapped to ‘Knowledge Documents’ –>when a helpdesk employee logs in they automatically have a Z: drive, which is mapped to knowledge docs
add a printer
right click on domain–>new–>printer network path \ipdc003\printer01 which has to be physically connected to this domain Can add this printer to a group policy, so this printer can be found via the Add Printer service under Control Panel–>Devices
