SlideShare a Scribd company logo

CREATING AND MANAGING USER ACCOUNTS.pdf

S
SolomonAnab1

User accounts in Active Directory represent users and their access to network resources. The main tools for managing user accounts are Active Directory Users and Computers and command line utilities like DSADD and DSMOD. User authentication involves validating a user's identity through interactive or network authentication using protocols like Kerberos v5 and NTLM. User profiles store desktop configuration settings and can be local, roaming, or mandatory. Bulk import/export utilities like LDIFDE and CSVDE allow importing and exporting user data to and from Active Directory.

Technology
1 of 50
Download to read offline
Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts
2 Objectives • Understand the purpose of user accounts • Understand the user authentication process • Understand and configure local, roaming, and mandatory user profiles • Configure and modify user accounts using different methods • Troubleshoot user account and authentication problems
3 Introduction to User Accounts • A user account is an Active Directory object • Represents information that defines a user with access to network (first name, last name, password, etc.) • Required for anyone using resources on network • Assists in administration and security • Must follow organizational standards
4 User Account Properties • Primary tool for creating and managing accounts is Active Directory Users and Computers • Active Directory is extensible so additional tabs may be added to property pages • Major account properties that can be set include: • General • Address • Account • Profile • Sessions
5 Activity 3-1: Reviewing User Account Properties • Objective is to review properties of user accounts through main tabs of Active Directory Users and Computers • Start  Administrative Tools  Active Directory Users and Computers  Users  AdminXX account  Properties • Explore tabs and values as directed
6 The Account Tab of Properties
7 User Authentication • The process by which a user’s identity is validated • Used to grant or deny access to network resources • From a client operating system • Name, password, resource required • In Active Directory environment • Domain controller authenticates • In a workgroup • Local SAM database authenticates
8 Authentication Methods • Two main processes • Interactive authentication • User account information is supplied at log on • Network authentication • User’s credentials are confirmed for network access
9 Interactive Authentication • The process by which a user provides a user name and password for authentication • For domain logon, credentials compared to centralized Active Directory database • For local logon, credentials compared to local SAM database • In domain environments, users normally don’t have local accounts
10 Network Authentication • The process by which a network service confirms the identify of a user • For a user who logs on to domain, network authentication is transparent • Credentials from interactive authentication valid for network resources • A user who logs on to local computer will be prompted to log on to network resource separately
11 Authentication Protocols • Windows Server 2003 supports two main authentication protocols: • Kerberos version 5 (Kerberos v5) • NT LAN Manager (NTLM) • Kerberos v5 is primary protocol for Active Directory environments but is not supported on all client systems • NTLM is primary protocol for older Microsoft operating systems
12 Kerberos v5 • Primary authentication protocol used in Active Directory domain environments • Supported by Windows 2000, Windows XP, Windows Server 2003 • Protocol followed: • Log on request passed to Key Distribution Center (KDC), a Windows Server 2003 domain controller • KDC authenticates user and, if valid, issues a ticket- granting ticket (TGT) to client system
13 Kerberos v5 (continued) • When client requests a network resource, it presents the TGT to KDC • KDC issues a service ticket to client • Client presents service ticket to host server for network resource • Every domain controller in Active Directory environment holds role of KDC • Not all clients follow this protocol
14 NTLM • A challenge-response protocol • Used with operating systems running Windows NT 4.0 or earlier or with Windows 2000 or Server 2003 when necessary • Protocol followed: • User logs in, client calculates cryptographic hash of password • Client sends user name to domain controller
15 NTLM (continued) • Domain controller generates random challenge and sends it to client • Client encrypts challenge with hash of password and sends to domain controller • Domain controller calculates expected value to be returned from client and compares to actual value • After successful authentication, domain controller generates a token for user for network access
16 User Profiles • A collection of settings specific to a particular user • Stored locally by default • Do not follow user logging on to different computers • Can create a roaming profile • Does follow user logging on to different computers • Administrator can create a mandatory profile • User cannot alter it
17 User Profile Folders and Contents
18 Local Profiles • New profiles are created from Default User profile folder • User can change local profile and changes are stored uniquely to that user • Administrator can manage various elements of profile • Change Type • Delete • Copy To
19 Activity 3-2: Testing Local Profile Settings • Objective is to configure and test a local user profile • Start  Administrative Tools  Active Directory Users and Computers  Users  New  User • Follow directions to create a new user profile • Explore and configure properties • Test by logging in as new user
20 Roaming Profiles • Roaming profiles • Allow a profile to be stored on a central server and follow the user • Provide advantage of a single centralized location (helpful for backup) • Configured from Profiles page of Active Directory Users and Computers • Changing a profile from local to roaming requires care – should copy first
21 Activity 3-3: Configuring and Testing a Roaming Profile • Objective: To configure and test a roaming user profile • Create a shared folder, copy a local profile to folder, and configure properties of user account to use roaming folder • Follow directions in book to create, configure, and test the new roaming profile
22 Mandatory Profiles • Local and roaming profiles allow users to make permanent changes • Mandatory profiles allow changes only for a single session • Local and roaming profiles can both be configured as mandatory • ntuser.dat  ntuser.man
23 Activity 3-4: Configuring a Mandatory Profile • Objective: To configure and test a mandatory user profile • Start  My Computer • Follow directions to make previously created test profile mandatory by renaming file • Test that no permanent changes can be made by user
24 Creating and Managing User Accounts • Standard tool is Active Directory Users and Computers • Also a number of command line tools and utilities
25 Active Directory Users and Computers • Available from Administrative Tools menu • Can be added to a Microsoft Management Console • Can be run from command line (dsa.msc) • Graphical tool • Can add, modify, move, delete, search for user accounts • Can configure multiple objects simultaneously
26 Activity 3-5: Creating User Accounts Using Active Directory Users and Computers • Objective: Use Active Directory Users and Computers to create user accounts • Start  Administrative Tools  Active Directory Users and Computers • Follow directions to create a number of new user accounts
27 User Account Templates • A user account that is pre-configured with common settings • Can be copied to create new user accounts with pre- defined settings • New account is then configured with detailed individual settings
28 Activity 3-6: Creating a User Account Template • Objective: Create a user account template and use the template to create a new user account • Start  Administrative Tools  Active Directory Users and Computers • Create a new user account template • Use a variable that will automatically populate the profile path with the name of user account • Follow directions to create and explore a new user account from template
29 Command Line Utilities • Some administrators prefer working from command line • Can be used to automate creation or management of accounts more flexibly
30 DSADD • Allows object types to be added to directory • Computer accounts, contacts, quotas, OUs, users, etc. • Syntax for user account is • DSADD USER distinguished-name switches • Switches include • -pwd (password), -memberof, -email, -profile, -disabled
31 Activity 3-7: Creating User Accounts Using DSADD • Objective: Use the DSADD USER command to create new user accounts • Start  Run • Follow directions to enter DSADD command • Check using Active Directory Computers and Users • Enter new DSADD command and again check results
32 DSMOD • Allows object types to be modified from the command line • Computer accounts, users, quotas, OUs, servers, etc. • Syntax for modifying user account is • DSMOD USER distinguished-name+ switches+ • Can modify multiple accounts simultaneously
33 Activity 3-8: Modifying User Accounts Using DSMOD • Objective is to modify existing user account properties using the DSMOD USER command • Start  Run • Follow directions to enter DSMOD command for a single user • Check using Active Directory Comp. and Users • Enter new DSMOD command for multiple users • Check results using Active Directory
34 DSQUERY • Allows various object types to be queried from command line • Supports wildcard (*) • Output can be redirected to another command (piped) • Example: return all user accounts that have not changed passwords in 14 days • dsquery user domainroot –name * -stalepwd 14
35 DSMOVE • Allows various object types to be moved from current location to a new location • Allows various object types to be renamed • Only moves within the same domain (otherwise use MOVETREE) • Example: to move a user account into a marketing OU • dsmove "cn=Paul Kohut,cn=users,dc=domain01, dc=dovercorp,dc=net" –newparent "ou=marketing, dc=domain01,dc=dovercorp,dc=net"
36 DSRM • Allows objects to be deleted from directory • Can delete single object or entire subtree • Has a confirm option that can be overridden • Example: to delete the Marketing OU and all its contained objects without a confirm prompt: • dsrm –subtree –noprompt –c "ou=marketing, dc=domain01,dc=dovercorp,dc=net "
37 Bulk Import and Export • Allows an organization to import existing stores of data rather than recreating from scratch • Allows an organization to export data that is already structured in Active Directory to secondary databases • Two command line utilities for import and export • CSVDE • LDIFDE
38 CSVDE • Command-line tool to bulk export and import Active Directory data to and from comma- separated value (CSV) files • CSV files can be created/edited using text-based editors • Example: • csvde –f output.csv
39 LDIFDE • Command-line tool to bulk export and import Active Directory data to and from LDIF files • LDAP Interchange Format • Industry standard for information in LDAP directories • Each attribute/value on a separate line with blank lines between objects • Can be read in text-based editors • Common uses: extending AD schemas, importing bulk data to populate AD, manipulating user and group objects
40 Activity 3-9: Exporting Active Directory Users Using LDIFDE • Objective is to export Active Directory user accounts using LDIFDE • Start  Run • Follow directions to enter LDIFDE command • Check exported results using Notepad editor
41 Troubleshooting User Account and Authentication Issues • Normally creating and configuring user accounts is straightforward • Issues do arise related to • Configuration of account • Policy settings
42 Account Policies • Authentication-related policy settings • Configured in Account Policies node of Group Policy objects at domain level • Account lockout, passwords, Kerberos • Default Domain Policy • Accessed from Active Directory Computers and Users • Configures policies for all domain users
43 Password Policy • Configuration settings • Password history and reuse • Maximum password age • Minimum password age • Minimum password length • Complexity requirements • Encryption policy
44 Account Lockout Settings • Configuration settings • Account lockout duration • Account lockout threshold • Reset account lockout counter after
45 Kerberos Policy • Configuration settings • Enforce user logon restrictions • Maximum lifetime for service ticket • Maximum lifetime for user ticket • Maximum lifetime for user ticket renewal • Maximum tolerance for computer clock synchronization
46 Auditing Authentication • Audit account logon event • Configured in Group Policy object linked to Domain Controllers OU (Default Domain Controllers Policy) • Default is to log only successful logons • Event viewable in Security log (use Event Viewer) • Can choose to edit failed logons • May be helpful for troubleshooting • Codes provide information about type of failure
47 Resolving Logon Issues • Some common logon issues (and fixes) • Incorrect user name or password (administrative reset) • Account lockout (manual unlock) • Account disabled (administrative enable) • Logon hour restrictions (check account restrictions) • Workstation restrictions (check account restrictions) • Domain controllers (check configured DNS settings) • Client time settings (check client clock synchronization)
48 Resolving Logon Issues (continued) • Down-level client issues (install Active Directory Client Extensions) • UPN logon issues (check Global Catalog server) • Unable to log on locally (set policy on local server) • Remote access logon issues (check access on Dial- up properties) • Terminal services logon issues (check allow logon to terminal server permission)
49 Summary • A user account is an object stored in Active Directory • Information that defines user and access to network • Primary tools to create and manage user accounts • Active Directory Users and Computers • Command line utilities (DSADD, DSMOD, DSQUERY, DSMOVE, DSRM) • Two main authentication processes • Interactive authentication • Network authentication
50 Summary (continued) • Two main authentication protocols • Kerberos v5, NTLM • User profiles used to configure and customize desktop environment • Local, roaming, mandatory • Utilities for bulk importing and exporting user data to and from Active Directory • LDIFDE and CSVDE

Recommended

Chapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsChapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer Accounts
Raja Waseem Akhtar
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware Devices
Raja Waseem Akhtar
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
thoms1i
 
Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDS
Harsh Sethi
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)
Tuan Yang
 
Windows 2000 Presentation
Windows 2000 PresentationWindows 2000 Presentation
Windows 2000 Presentation
Ruby Ann Joy Vergara
 
Chapter07 Advanced File System Management
Chapter07 Advanced File System ManagementChapter07 Advanced File System Management
Chapter07 Advanced File System Management
Raja Waseem Akhtar
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
gameaxt
 

Recommended

Chapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsChapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer Accounts
Raja Waseem Akhtar
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware Devices
Raja Waseem Akhtar
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
thoms1i
 
Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDS
Harsh Sethi
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)
Tuan Yang
 
Windows 2000 Presentation
Windows 2000 PresentationWindows 2000 Presentation
Windows 2000 Presentation
Ruby Ann Joy Vergara
 
Chapter07 Advanced File System Management
Chapter07 Advanced File System ManagementChapter07 Advanced File System Management
Chapter07 Advanced File System Management
Raja Waseem Akhtar
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
gameaxt
 
Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07
gameaxt
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in Linux
Knoldus Inc.
 
File Sever
File SeverFile Sever
File Sever
Jagdeep Singh Malhi
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
10 implementing GPOs
10 implementing GPOs10 implementing GPOs
10 implementing GPOs
Hameda Hurmat
 
Windows Server 2012 Installation and Configurtion Superiorgrw
Windows Server 2012 Installation and Configurtion SuperiorgrwWindows Server 2012 Installation and Configurtion Superiorgrw
Windows Server 2012 Installation and Configurtion Superiorgrw
Awais Amjad
 
Microsoft Windows Operating System.
Microsoft Windows Operating System.Microsoft Windows Operating System.
Microsoft Windows Operating System.
Swathi Vishwa
 
Administer Active Directory
Administer Active DirectoryAdminister Active Directory
Administer Active Directory
Hameda Hurmat
 
Chapter03 Creating And Managing User Accounts
Chapter03 Creating And Managing User AccountsChapter03 Creating And Managing User Accounts
Chapter03 Creating And Managing User Accounts
Raja Waseem Akhtar
 
Windows 2019
Windows 2019Windows 2019
Windows 2019
Gary Williams
 
Linux User Management
Linux User ManagementLinux User Management
Linux User Management
Gaurav Mishra
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and application
aminpathan11
 
Windows 7
Windows 7Windows 7
Windows 7
Faimin Khan
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
I Putu Hariyadi
 
Windows 2000
Windows 2000Windows 2000
Windows 2000
Agnas Jasmine
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
User account (Windows)
User account (Windows)User account (Windows)
User account (Windows)
Dev Dorse
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
Rob Dunn
 
Chapter10 Server Administration
Chapter10 Server AdministrationChapter10 Server Administration
Chapter10 Server Administration
Raja Waseem Akhtar
 
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
KhadijaTahir29
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03
gameaxt
 

More Related Content

What's hot

Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07
gameaxt
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in Linux
Knoldus Inc.
 
File Sever
File SeverFile Sever
File Sever
Jagdeep Singh Malhi
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
10 implementing GPOs
10 implementing GPOs10 implementing GPOs
10 implementing GPOs
Hameda Hurmat
 
Windows Server 2012 Installation and Configurtion Superiorgrw
Windows Server 2012 Installation and Configurtion SuperiorgrwWindows Server 2012 Installation and Configurtion Superiorgrw
Windows Server 2012 Installation and Configurtion Superiorgrw
Awais Amjad
 
Microsoft Windows Operating System.
Microsoft Windows Operating System.Microsoft Windows Operating System.
Microsoft Windows Operating System.
Swathi Vishwa
 
Administer Active Directory
Administer Active DirectoryAdminister Active Directory
Administer Active Directory
Hameda Hurmat
 
Chapter03 Creating And Managing User Accounts
Chapter03 Creating And Managing User AccountsChapter03 Creating And Managing User Accounts
Chapter03 Creating And Managing User Accounts
Raja Waseem Akhtar
 
Windows 2019
Windows 2019Windows 2019
Windows 2019
Gary Williams
 
Linux User Management
Linux User ManagementLinux User Management
Linux User Management
Gaurav Mishra
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and application
aminpathan11
 
Windows 7
Windows 7Windows 7
Windows 7
Faimin Khan
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
I Putu Hariyadi
 
Windows 2000
Windows 2000Windows 2000
Windows 2000
Agnas Jasmine
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
User account (Windows)
User account (Windows)User account (Windows)
User account (Windows)
Dev Dorse
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
Rob Dunn
 
Chapter10 Server Administration
Chapter10 Server AdministrationChapter10 Server Administration
Chapter10 Server Administration
Raja Waseem Akhtar
 

What's hot (20)

Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07Microsoft Offical Course 20410C_07
Microsoft Offical Course 20410C_07
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in Linux
 
File Sever
File SeverFile Sever
File Sever
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
 
10 implementing GPOs
10 implementing GPOs10 implementing GPOs
10 implementing GPOs
 
Windows Server 2012 Installation and Configurtion Superiorgrw
Windows Server 2012 Installation and Configurtion SuperiorgrwWindows Server 2012 Installation and Configurtion Superiorgrw
Windows Server 2012 Installation and Configurtion Superiorgrw
 
Microsoft Windows Operating System.
Microsoft Windows Operating System.Microsoft Windows Operating System.
Microsoft Windows Operating System.
 
Administer Active Directory
Administer Active DirectoryAdminister Active Directory
Administer Active Directory
 
Chapter03 Creating And Managing User Accounts
Chapter03 Creating And Managing User AccountsChapter03 Creating And Managing User Accounts
Chapter03 Creating And Managing User Accounts
 
Windows 2019
Windows 2019Windows 2019
Windows 2019
 
Linux User Management
Linux User ManagementLinux User Management
Linux User Management
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and application
 
Windows 7
Windows 7Windows 7
Windows 7
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
Instalasi dan Konfigurasi Mikrotik CHR pada Proxmox VE 5.1
 
Windows 2000
Windows 2000Windows 2000
Windows 2000
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
 
User account (Windows)
User account (Windows)User account (Windows)
User account (Windows)
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
 
Chapter10 Server Administration
Chapter10 Server AdministrationChapter10 Server Administration
Chapter10 Server Administration
 

Similar to CREATING AND MANAGING USER ACCOUNTS.pdf

chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
KhadijaTahir29
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03
gameaxt
 
Mcts chapter 5
Mcts chapter 5Mcts chapter 5
Mcts chapter 5
Sadegh Nakhjavani
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
 
Null talk
Null talkNull talk
Null talk
Agam Jain
 
Windows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl KullanılırWindows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl Kullanılır
Mustafa
 
SBS 2011 Kullanimi
SBS 2011 KullanimiSBS 2011 Kullanimi
SBS 2011 Kullanimi
MSHOWTO Bilisim Toplulugu
 
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxUNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
LeahRachael
 
Necto 16 training 17 - administration
Necto 16 training 17 - administrationNecto 16 training 17 - administration
Necto 16 training 17 - administration
Panorama Software
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...
Zoho Corporation
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Zoho Corporation
 
7 - User Administration in Red Hat
7 - User Administration in Red Hat7 - User Administration in Red Hat
7 - User Administration in Red Hat
Shafaan Khaliq Bhatti
 
Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptx
johncenafls
 
itft_system admin
itft_system adminitft_system admin
itft_system admin
Swati Aggarwal
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Chapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networkingChapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networking
Raja Waseem Akhtar
 
Monitoring & Administerng System & Network Security.pptx
Monitoring & Administerng System & Network Security.pptxMonitoring & Administerng System & Network Security.pptx
Monitoring & Administerng System & Network Security.pptx
aytenewbelay1
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
PortalGuard dba PistolStar, Inc.
 
pdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxpdf to ppt window configuration .pptx
pdf to ppt window configuration .pptx
TadeseBeyene
 
Configuring and administrate server
Configuring and administrate serverConfiguring and administrate server
Configuring and administrate server
Gera Paulos
 

Similar to CREATING AND MANAGING USER ACCOUNTS.pdf (20)

chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdfchapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03
 
Mcts chapter 5
Mcts chapter 5Mcts chapter 5
Mcts chapter 5
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Null talk
Null talkNull talk
Null talk
 
Windows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl KullanılırWindows Small Business Server 2011 Nasıl Kullanılır
Windows Small Business Server 2011 Nasıl Kullanılır
 
SBS 2011 Kullanimi
SBS 2011 KullanimiSBS 2011 Kullanimi
SBS 2011 Kullanimi
 
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxUNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
 
Necto 16 training 17 - administration
Necto 16 training 17 - administrationNecto 16 training 17 - administration
Necto 16 training 17 - administration
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
 
7 - User Administration in Red Hat
7 - User Administration in Red Hat7 - User Administration in Red Hat
7 - User Administration in Red Hat
 
Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptx
 
itft_system admin
itft_system adminitft_system admin
itft_system admin
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Chapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networkingChapter08 -- network operating systems and windows server 2003-based networking
Chapter08 -- network operating systems and windows server 2003-based networking
 
Monitoring & Administerng System & Network Security.pptx
Monitoring & Administerng System & Network Security.pptxMonitoring & Administerng System & Network Security.pptx
Monitoring & Administerng System & Network Security.pptx
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
pdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxpdf to ppt window configuration .pptx
pdf to ppt window configuration .pptx
 
Configuring and administrate server
Configuring and administrate serverConfiguring and administrate server
Configuring and administrate server
 

Recently uploaded

Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 

Recently uploaded (20)

Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 

CREATING AND MANAGING USER ACCOUNTS.pdf

  • 1. Managing a Microsoft Windows Server 2003 Environment Chapter 3: Creating and Managing User Accounts
  • 2. 2 Objectives • Understand the purpose of user accounts • Understand the user authentication process • Understand and configure local, roaming, and mandatory user profiles • Configure and modify user accounts using different methods • Troubleshoot user account and authentication problems
  • 3. 3 Introduction to User Accounts • A user account is an Active Directory object • Represents information that defines a user with access to network (first name, last name, password, etc.) • Required for anyone using resources on network • Assists in administration and security • Must follow organizational standards
  • 4. 4 User Account Properties • Primary tool for creating and managing accounts is Active Directory Users and Computers • Active Directory is extensible so additional tabs may be added to property pages • Major account properties that can be set include: • General • Address • Account • Profile • Sessions
  • 5. 5 Activity 3-1: Reviewing User Account Properties • Objective is to review properties of user accounts through main tabs of Active Directory Users and Computers • Start  Administrative Tools  Active Directory Users and Computers  Users  AdminXX account  Properties • Explore tabs and values as directed
  • 6. 6 The Account Tab of Properties
  • 7. 7 User Authentication • The process by which a user’s identity is validated • Used to grant or deny access to network resources • From a client operating system • Name, password, resource required • In Active Directory environment • Domain controller authenticates • In a workgroup • Local SAM database authenticates
  • 8. 8 Authentication Methods • Two main processes • Interactive authentication • User account information is supplied at log on • Network authentication • User’s credentials are confirmed for network access
  • 9. 9 Interactive Authentication • The process by which a user provides a user name and password for authentication • For domain logon, credentials compared to centralized Active Directory database • For local logon, credentials compared to local SAM database • In domain environments, users normally don’t have local accounts
  • 10. 10 Network Authentication • The process by which a network service confirms the identify of a user • For a user who logs on to domain, network authentication is transparent • Credentials from interactive authentication valid for network resources • A user who logs on to local computer will be prompted to log on to network resource separately
  • 11. 11 Authentication Protocols • Windows Server 2003 supports two main authentication protocols: • Kerberos version 5 (Kerberos v5) • NT LAN Manager (NTLM) • Kerberos v5 is primary protocol for Active Directory environments but is not supported on all client systems • NTLM is primary protocol for older Microsoft operating systems
  • 12. 12 Kerberos v5 • Primary authentication protocol used in Active Directory domain environments • Supported by Windows 2000, Windows XP, Windows Server 2003 • Protocol followed: • Log on request passed to Key Distribution Center (KDC), a Windows Server 2003 domain controller • KDC authenticates user and, if valid, issues a ticket- granting ticket (TGT) to client system
  • 13. 13 Kerberos v5 (continued) • When client requests a network resource, it presents the TGT to KDC • KDC issues a service ticket to client • Client presents service ticket to host server for network resource • Every domain controller in Active Directory environment holds role of KDC • Not all clients follow this protocol
  • 14. 14 NTLM • A challenge-response protocol • Used with operating systems running Windows NT 4.0 or earlier or with Windows 2000 or Server 2003 when necessary • Protocol followed: • User logs in, client calculates cryptographic hash of password • Client sends user name to domain controller
  • 15. 15 NTLM (continued) • Domain controller generates random challenge and sends it to client • Client encrypts challenge with hash of password and sends to domain controller • Domain controller calculates expected value to be returned from client and compares to actual value • After successful authentication, domain controller generates a token for user for network access
  • 16. 16 User Profiles • A collection of settings specific to a particular user • Stored locally by default • Do not follow user logging on to different computers • Can create a roaming profile • Does follow user logging on to different computers • Administrator can create a mandatory profile • User cannot alter it
  • 17. 17 User Profile Folders and Contents
  • 18. 18 Local Profiles • New profiles are created from Default User profile folder • User can change local profile and changes are stored uniquely to that user • Administrator can manage various elements of profile • Change Type • Delete • Copy To
  • 19. 19 Activity 3-2: Testing Local Profile Settings • Objective is to configure and test a local user profile • Start  Administrative Tools  Active Directory Users and Computers  Users  New  User • Follow directions to create a new user profile • Explore and configure properties • Test by logging in as new user
  • 20. 20 Roaming Profiles • Roaming profiles • Allow a profile to be stored on a central server and follow the user • Provide advantage of a single centralized location (helpful for backup) • Configured from Profiles page of Active Directory Users and Computers • Changing a profile from local to roaming requires care – should copy first
  • 21. 21 Activity 3-3: Configuring and Testing a Roaming Profile • Objective: To configure and test a roaming user profile • Create a shared folder, copy a local profile to folder, and configure properties of user account to use roaming folder • Follow directions in book to create, configure, and test the new roaming profile
  • 22. 22 Mandatory Profiles • Local and roaming profiles allow users to make permanent changes • Mandatory profiles allow changes only for a single session • Local and roaming profiles can both be configured as mandatory • ntuser.dat  ntuser.man
  • 23. 23 Activity 3-4: Configuring a Mandatory Profile • Objective: To configure and test a mandatory user profile • Start  My Computer • Follow directions to make previously created test profile mandatory by renaming file • Test that no permanent changes can be made by user
  • 24. 24 Creating and Managing User Accounts • Standard tool is Active Directory Users and Computers • Also a number of command line tools and utilities
  • 25. 25 Active Directory Users and Computers • Available from Administrative Tools menu • Can be added to a Microsoft Management Console • Can be run from command line (dsa.msc) • Graphical tool • Can add, modify, move, delete, search for user accounts • Can configure multiple objects simultaneously
  • 26. 26 Activity 3-5: Creating User Accounts Using Active Directory Users and Computers • Objective: Use Active Directory Users and Computers to create user accounts • Start  Administrative Tools  Active Directory Users and Computers • Follow directions to create a number of new user accounts
  • 27. 27 User Account Templates • A user account that is pre-configured with common settings • Can be copied to create new user accounts with pre- defined settings • New account is then configured with detailed individual settings
  • 28. 28 Activity 3-6: Creating a User Account Template • Objective: Create a user account template and use the template to create a new user account • Start  Administrative Tools  Active Directory Users and Computers • Create a new user account template • Use a variable that will automatically populate the profile path with the name of user account • Follow directions to create and explore a new user account from template
  • 29. 29 Command Line Utilities • Some administrators prefer working from command line • Can be used to automate creation or management of accounts more flexibly
  • 30. 30 DSADD • Allows object types to be added to directory • Computer accounts, contacts, quotas, OUs, users, etc. • Syntax for user account is • DSADD USER distinguished-name switches • Switches include • -pwd (password), -memberof, -email, -profile, -disabled
  • 31. 31 Activity 3-7: Creating User Accounts Using DSADD • Objective: Use the DSADD USER command to create new user accounts • Start  Run • Follow directions to enter DSADD command • Check using Active Directory Computers and Users • Enter new DSADD command and again check results
  • 32. 32 DSMOD • Allows object types to be modified from the command line • Computer accounts, users, quotas, OUs, servers, etc. • Syntax for modifying user account is • DSMOD USER distinguished-name+ switches+ • Can modify multiple accounts simultaneously
  • 33. 33 Activity 3-8: Modifying User Accounts Using DSMOD • Objective is to modify existing user account properties using the DSMOD USER command • Start  Run • Follow directions to enter DSMOD command for a single user • Check using Active Directory Comp. and Users • Enter new DSMOD command for multiple users • Check results using Active Directory
  • 34. 34 DSQUERY • Allows various object types to be queried from command line • Supports wildcard (*) • Output can be redirected to another command (piped) • Example: return all user accounts that have not changed passwords in 14 days • dsquery user domainroot –name * -stalepwd 14
  • 35. 35 DSMOVE • Allows various object types to be moved from current location to a new location • Allows various object types to be renamed • Only moves within the same domain (otherwise use MOVETREE) • Example: to move a user account into a marketing OU • dsmove "cn=Paul Kohut,cn=users,dc=domain01, dc=dovercorp,dc=net" –newparent "ou=marketing, dc=domain01,dc=dovercorp,dc=net"
  • 36. 36 DSRM • Allows objects to be deleted from directory • Can delete single object or entire subtree • Has a confirm option that can be overridden • Example: to delete the Marketing OU and all its contained objects without a confirm prompt: • dsrm –subtree –noprompt –c "ou=marketing, dc=domain01,dc=dovercorp,dc=net "
  • 37. 37 Bulk Import and Export • Allows an organization to import existing stores of data rather than recreating from scratch • Allows an organization to export data that is already structured in Active Directory to secondary databases • Two command line utilities for import and export • CSVDE • LDIFDE
  • 38. 38 CSVDE • Command-line tool to bulk export and import Active Directory data to and from comma- separated value (CSV) files • CSV files can be created/edited using text-based editors • Example: • csvde –f output.csv
  • 39. 39 LDIFDE • Command-line tool to bulk export and import Active Directory data to and from LDIF files • LDAP Interchange Format • Industry standard for information in LDAP directories • Each attribute/value on a separate line with blank lines between objects • Can be read in text-based editors • Common uses: extending AD schemas, importing bulk data to populate AD, manipulating user and group objects
  • 40. 40 Activity 3-9: Exporting Active Directory Users Using LDIFDE • Objective is to export Active Directory user accounts using LDIFDE • Start  Run • Follow directions to enter LDIFDE command • Check exported results using Notepad editor
  • 41. 41 Troubleshooting User Account and Authentication Issues • Normally creating and configuring user accounts is straightforward • Issues do arise related to • Configuration of account • Policy settings
  • 42. 42 Account Policies • Authentication-related policy settings • Configured in Account Policies node of Group Policy objects at domain level • Account lockout, passwords, Kerberos • Default Domain Policy • Accessed from Active Directory Computers and Users • Configures policies for all domain users
  • 43. 43 Password Policy • Configuration settings • Password history and reuse • Maximum password age • Minimum password age • Minimum password length • Complexity requirements • Encryption policy
  • 44. 44 Account Lockout Settings • Configuration settings • Account lockout duration • Account lockout threshold • Reset account lockout counter after
  • 45. 45 Kerberos Policy • Configuration settings • Enforce user logon restrictions • Maximum lifetime for service ticket • Maximum lifetime for user ticket • Maximum lifetime for user ticket renewal • Maximum tolerance for computer clock synchronization
  • 46. 46 Auditing Authentication • Audit account logon event • Configured in Group Policy object linked to Domain Controllers OU (Default Domain Controllers Policy) • Default is to log only successful logons • Event viewable in Security log (use Event Viewer) • Can choose to edit failed logons • May be helpful for troubleshooting • Codes provide information about type of failure
  • 47. 47 Resolving Logon Issues • Some common logon issues (and fixes) • Incorrect user name or password (administrative reset) • Account lockout (manual unlock) • Account disabled (administrative enable) • Logon hour restrictions (check account restrictions) • Workstation restrictions (check account restrictions) • Domain controllers (check configured DNS settings) • Client time settings (check client clock synchronization)
  • 48. 48 Resolving Logon Issues (continued) • Down-level client issues (install Active Directory Client Extensions) • UPN logon issues (check Global Catalog server) • Unable to log on locally (set policy on local server) • Remote access logon issues (check access on Dial- up properties) • Terminal services logon issues (check allow logon to terminal server permission)
  • 49. 49 Summary • A user account is an object stored in Active Directory • Information that defines user and access to network • Primary tools to create and manage user accounts • Active Directory Users and Computers • Command line utilities (DSADD, DSMOD, DSQUERY, DSMOVE, DSRM) • Two main authentication processes • Interactive authentication • Network authentication
  • 50. 50 Summary (continued) • Two main authentication protocols • Kerberos v5, NTLM • User profiles used to configure and customize desktop environment • Local, roaming, mandatory • Utilities for bulk importing and exporting user data to and from Active Directory • LDIFDE and CSVDE