Active Directory Tutorial

Question 1

workgroup vs domain

Answer 1

workgroup (small groups, like at home network): -no server required -user accounts are required on every machine domain: client-server network -a server, called a domain controller, is required (2012, 2019 windows server with active directory on it) -user accounts, user groups are stored in active directory -manages all computer from server. need access to my machine? add colleague /enable colleague to access my machine via active directory

Question 2

what is active directory?

Answer 2

It’s a directory service available with the windows server platforms. it stores information in a central database and allows users to have a single user account (called a domain user account) for the network

Question 3

need to know:

Answer 3

active directory office 365 microsoft exchange ticketing system deployments basic troubleshooting not just a comptiaA++

Question 4

new hire:

Answer 4

create an account username kmoore, create a computer, add to group, document everything in ticket (always log your process in the ticket)

Question 5

change user’s title change user’s department

Answer 5

all this is done in active directory!

Question 6

higher level active directory users

Answer 6

creating policy creating group privileges creating “o-use?” checking and creating logs creating domain controller (?) sys admin complete - help desk uses

Question 7

sys admin create, and turn over tasks to help desk

Answer 7

help desk: manage & create user, groups, computers (user changes passwork, user changes name, adding people to groups, groups adding to other groups, changing computers, deleting computers, blocking computers….)

Question 8

domain admin–>LDAP–>active directory

Answer 8

(insert it_support_img2) LDAP - lightweight directory access protocol

Question 9

image of active directory on the server

Answer 9

(insert it_support_img3) what is the domain name of this active directory environment? –>jobskillshare.org (not necessarily a decipherable name)

Question 10

how to tell if a computer login is to a workgroup or a domain?

Answer 10

(insert it_support_img4) The login would include / The image is a login to a workgroup

Question 11

on a domain connected computer, how to you login to the local computer?

Answer 11

/localuser and password need to know local computer name

Question 12

how to create a new user

Answer 12

start->programs->administration tools-> select active directory users and computers go to computers->new->computer and add the client’s computer name go to users->new->users and ‘create a new user’ with the OpenSSO Enterprise host name as the User ID (login name)

Question 13

create new object - user

Answer 13

must click box “user must change pass…”

Question 14

where to give new user more permissions / how to find out what permissions a user has

Answer 14

right click on user, tab “Member Of”, add appropriate group (insert it_support_img6)

Question 15

how to find out who is in a certain group / what users can have access to certain groups

Answer 15

active directory->users*->right click on group then see “Members” tab *note: a group is a kind of user

Question 16

find the domain ip address (host ip address? domain=server, host=local) describe the network and the host

Answer 16

cmd >ipconfig 192.168.10.206 domain ip address is 192.168.10.206 the network part is 192.168.10 (this is class C) the host part is .206

Question 17

reset password vs unlock account

Answer 17

can also simply unlock their account (if they got locked out, eg by entering wrong passwd multiple times) note: if wants to reset AND got locked out, need to do both

Question 18

create new group

Answer 18

right click domain,click new–>group

Question 19

group scope and group type

Answer 19

group scope -Domain local : only accessible within our domain -Global : accessible for domains within our forest -Universal : accessible for the whole forest

group type -security : (most common) purpose is restricting access to certain files, domains, actions….or granting access & permissions, create a security group -distribution : ~if you have exchange and want to make an email list to distribute things like “newsletter for helpdesk employees”, create a distribution group

Question 20

domain - trees and forest

Answer 20

varonis.com an active directory forest (AD forest) is the top most logical container in an active directory configuration that contains domains, users, computers, and group policies docs. microsoft.com : domain-trees a domain tree is made up of several domains that share a common schema and configuration, forming a contiguous namespace. domains in a tree are also linked together by trust relationships. active directory is a set of 1 or more trees. wikipedia domains are identified by their DNS name structure, the namespace. … a forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which user,s computers, groups, and other objects are accessible.

Question 21

organizational unit

Answer 21

often (best practice) same as domain name –>put users and groups there also as organization units (??what is difference between user organizational domain and the Users folder under the domain?)

Question 22

create a shared folder (“file shares”)

Answer 22

active directory->right click on domain name–>new–>shared folder name “ (example ‘Knowledge Documents’) network path ——– on your server: create a folder : ‘Share’ (or something) right-click, properties–>Sharing tab click Share… –>Choose people on your… type: domain users* you can search for specific user as well as groups in the ‘Add’ field note! the group names have spaces: ‘Domain Users’ is a (default) group! choose permission level ‘read’ (default) or ‘read and write’ now you are shown the status ‘Your folder is shared’ along with the network path of the shared folder –>use this in your new AD object creation Network path (\server\share) \IPDC01\Share now we have shared folder published to active domain, and so we can map it automatically in a group policy ex: help desk group includes access to the Z: drive which is mapped to ‘Knowledge Documents’ –>when a helpdesk employee logs in they automatically have a Z: drive, which is mapped to knowledge docs

Question 23

add a printer

Answer 23

right click on domain–>new–>printer network path \ipdc003\printer01 which has to be physically connected to this domain Can add this printer to a group policy, so this printer can be found via the Add Printer service under Control Panel–>Devices