Lesson 14: Creating and Managing Active Directory Users and Computers Flashcards
Two types of users on 2012
Local Users
Domain Users
Local Users
Can only access resources on a local computer and are stored on the local SAM database on the computer where they reside.
SAM
Security Account Manager – database present on servers that stores user accounts and security descriptors for users on the local computer
Domain Users
Users that can access network resources. Account info is stored in the AD DS database and replicated to all domain controllers.
Two built-in user account on computers running Windows Server 2012
Administrator
Guest
4 security guidelines for the administrator account
Rename the account
use a strong password
limit knowledge of who has the password
do not use the account for non-admin tasks
By default, the guest account is ____
Disabled and has no password
What are two restrictions you should consider for the guest account
Rename the account.
set a strong password
You cannot ____ the admin or guest account
delete
ADAC
Active Directory Administrative Cener
Two interfaces to create a user
ADAC
Active Director Users and Computers console
4 tools used to create multiple users and groups
Dsadd.exe
Windows PowerShell
Comma-separated value directory exchange (CSVDE.exe)
LDIFDE.exe
LDIFDE.exe
LDAP Data Interchange Format Directory Exchange
User Template
A standard user object containing boilerplate attribute settings that you can apply to new users that you create.
Which exe file can you use to create objects like users, groups, and OUs?
Dsadd.exe
LDIFDE.exe
Header Record
The first line of the a CSV text file that provides attribute names.
Difference between Dsadd.ee and lfifde.exe?
LFIFDE.exe allows you to modify objects that are already created.
What do computer objects share with user objects?
They have properties, like name, location, and who can manage them.
They inherit group policy settings from container objects like domains, sites, and organizational units
They can be members of groups and inherit permissions from group objects
Before a client PC sends login credentials to the DC, what happens?
The client PC and the DC each verify that the other is a member of the domain by checking that their computer object is in the DC
2 steps to adding a computer to AD DS
Create a computer account in Active Directory
Join the PC to the domain
Note that joining a PC to the domain will allow the computer to create its own object
DN
Distinguished Name. Unique name for an object
What EXE can be used to create computer objects?
Dsadd.exe
How do you change more than one object at a time?
Select multiple objects (shift, control) and right-click, properties.
What EXE can be used to join a computer to a domain?
netdom.exe
How can you joing a PC to a domain while the PC is offline?
djoin.exe
Run this once on a PC connected to the domain. Use the outputed text file when running it again, on a PC not connected. Once connected, the offline PC will use the file to join the domain.