Home > Articles

  • Print
  • + Share This
This chapter is from the book

Chapter Summary

Key Terms

  • Active Directory Users and Computers

  • Organizational Unit (OU)

  • User accounts—domain and local

  • Password

  • User templates

  • Command-line tools for Active Directory tasks

  • dsadd

  • dsquery

  • dsget

  • dsmod

  • dsmove

  • dsrm

  • csvde

  • CSV (Comma Separated Value)

  • ldifde

  • LDAP Data Interchange Format

  • Account lockout

  • Disabled account

  • Expired account

  • Dial-in disallowed

  • Complexity requirements for passwords

  • User profiles—local, roaming, and mandatory

  • Properties on multiple objects

  • Group accounts

  • Domain functionality level

  • Group scope—Domain Local, Global, Universal

  • Group types—distribution and security

  • Nested groups

  • Group expansion

  • Computer accounts

  • Remote installation services

  • Managed computer

This chapter discussed many important skills—skills that you will use every day as a network administrator.

You started with creating and modifying user accounts. You used Active Directory Users and Computers first, learning how to create user accounts in the graphical user interface (GUI). You then progressed to using the command-line tools: dsadd to create a user account, dsget to inquire into an object's properties, dsmod to change properties, dsquery to find objects of any type, and dsrm to remove objects from Active Directory. Then you moved on to using csvde and ldifde to create user accounts automatically, by importing information about the new user accounts from data created from other sources, such as enrollment databases or other directories.

Next you learned about Windows Server 2003 group accounts. You discovered the two types of groups—security and distribution—and the three possible scopes a group account in a domain can have: Domain Local, Global, and Universal. Once again, you started with Active Directory Users and Computers and progressed to the command-line tools. Then you learned about using ldifde to create groups.

You also covered computer accounts. There is much less that a network administrator needs to do with computer accounts compared to user and group accounts because computer accounts are typically created automatically when the computer joins the domain and are managed automatically thereafter by the operating system. The network administrator only gets involved if RIS is in use and managed computer accounts are needed, or if a computer account needs to be reset.

  • + Share This
  • 🔖 Save To Your Account