1 / 31

Chapter 5 Computer Accounts

Chapter 5 Computer Accounts. Create and manage computer accounts in an Active Directory environment Troubleshoot computer accounts Diagnose and resolve issues related to computer accounts by using the Active Directory Users and Computers MMC snap-in Reset a computer account. Pg 5-1.

mabyn
Télécharger la présentation

Chapter 5 Computer Accounts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5Computer Accounts • Create and manage computer accounts in an Active Directory environment • Troubleshoot computer accounts • Diagnose and resolve issues related to computer accounts by using the Active Directory Users and Computers MMC snap-in • Reset a computer account Pg 5-1

  2. Chapter 5Computer Accounts • Lesson 1: Joining a Computer to a Domain • Lesson 2: Managing Computer Accounts • Lesson 3: Troubleshooting Computer Accounts Pg 5-1

  3. Chapter 5Lesson 1: Joining a Computer to a Domain • Create computer accounts using Active Directory Users And Computers • Create computer accounts using the Dsadd command-line tool • Create computer accounts using the Netdom command-line tool • Join a computer to a domain by changing the network identification properties • Understand the importance of creating computer accounts prior to joining a domain Pg 5-3

  4. Any Questions?

  5. Chapter 5Lesson 1: Joining a Computer to a Domain • Default behavior of Windows PCs is to be in Workgroup mode • Computers in a Workgroup have a local user database in the Security Accounts Manager (SAM) database • Local Log In only • To access shares, you are asked for a username and password Pg 5-3

  6. Lesson 1: Joining a Computer to a Domain • When a computer is in Domain • Uses domain user account as created in last chapter • Computers have accounts in Active directory • Name, password, SID Pg 5-3

  7. Creating Computer Accounts • Must be Administrators or Account Operators group • Can also delegate admin duties • Users can also join computers • Authenticated users can join up to 10 computers into Computers OU Pg 5-3-4

  8. Creating Computer Objects using Active Directory • Select the container or OU where you want to create the computer • New Action or right-click Pg 5-4

  9. Creating Computer Objects using DsAdd • dsadd computer ComputerDN • where ComputerDN is the distinguished name (DN) of the computer, such as: • CN=Desktop123,OU=Desktops,DC=contoso, DC=com • Using dsadd, you can: • By piping a list of DNs from another command, such as Dsquery. • By typing each DN on the command line, separated by spaces. • By leaving the DN parameter empty, at which point you can type the DNs, one at a time, at the keyboard console of the command prompt. Press ENTER after each DN. Press CTRL+Z and ENTER after the last DN. Pg 5-5

  10. Creating Computer Objects using Netdom • Netdom is a command line tool available in support tools from the install CD • Network Domain? • netdom add ComputerName / domain:DomainName /userd:User / PasswordD:UserPassword [/ou:OUDN] Pg 5-5

  11. Joining a Computer to a domain • Open Computer name properties • Click Change Computer Name • Must be a LOCAL admin • Click domain and enter the domain name • Click OK • You will then be prompted for a username and password • This is DOMAIN user, not local Pg 5-6

  12. Joining a Computer to a domain • If a computer account doesn’t exist, one will be created • Netdom can also be used • Netdom join command Pg 5-7

  13. Any Questions?

  14. Computer Container vs. OUs • Computer Container is default location • If a machine joins that isn’t already in Active Directory, this is where is goes • Containers cannot be linked to Policies • Best Practice-Create at leas one OU for computers • Can create multiple for computers used by different functional groups in a company • Default OU for domain controllers Pg 5-8

  15. Computer Container vs. OUs • If you need to move • Action-Move • Drag and drop • dsmove ObjectDN [-newname NewName] [-newparent ParentDN] Pg 5-8

  16. Any Questions?

  17. Chapter 5 Lesson 2Managing Computer Accounts • Configure the permissions of a new Active Directory computer object • Configure the properties of an Active Directory computer object • Find and manage computer accounts using Active Directory Users And Computers Pg 5-13

  18. Managing Computer Object Permissions • Can created groups that can add computers to domain • Deployment team • When pre-staging the computer object (createing it before it is added) • Choose “following users of group can join this computer to a domain) Pg 5-13

  19. Managing Computer Object • Similar actions to the users and groups • Delete the computer. • Rename the computer. • Disable or enable the computer. • Move the computer to another OU. • Add the computer to a security group. • Reset the computer account Pg 5-14

  20. Configuring Computer Properties • Like users, many other properties than listed when you create Pg 5-14

  21. Configuring Computer Properties Pg 5-14

  22. Configuring Computer Properties Pg 5-14

  23. Finding and connecting to objects • Complex Active Directory layouts can be hard to navigate • Even easy ones have lots of built in users and groups • Active Directory Users and Group snap-in has powerful search tool • Practice using it-you WILL see it on exam Pg 5-15

  24. Any Questions?

  25. Chapter 5 Lesson 3Troubleshooting Computer Accounts • Understand the important difference among deleting, disabling, and resetting computer accounts • Recognize the symptoms of computer account problems • Troubleshoot computer accounts by deleting, disabling, resetting, or rejoining, using both command-line and user-interface tools Pg 5-19

  26. Deleting and Disabling and Resetting Computer Accounts • Computer Objects have a Security ID • This means that permissions can be granted to a computer • When deleted • Group memebership and SID are lost • Delete from Action Menu • OR • dsrm objectDN Pg 5-19

  27. Deleting and Disabling and Resetting Computer Accounts • Disable accounts for computers that are not in use • Good security allows minimum required access • Disable from Action Menu • Or • DSMOD COMPUTER ComputerDN -DISABLED YES • DSMOD COMPUTER ComputerDN -DISABLED NO Pg 5-20

  28. Deleting and Disabling and Resetting Computer Accounts • Reseting will reset passwords • Maintains all object properties • Group memberships, etc • Use it when replacing a computer • Unplug old PC • Reset account in domain • Plug in new PC • If it has the same NAME it will use the account • Can use action menu • Dsmod • Netdom Pg 5-21

  29. Recognizing Computer Account Problems • Reinstalling an OS will rest the SID of the computer • Restored from an old backup • Passwords may have changed • Cannot contact domain controller • No computer account • Event log errors about trusts • Missing account in active directory Pg 5-20

  30. Recognizing Computer Account Problems A. If the computer account exists in Active Directory, it must be reset. B. If the computer account is missing in Active Directory, you must create a computer account. C. If the computer still belongs to the domain, it must be removed from the domain by changing its membership to a workgroup. The name of the workgroup is irrelevant.Best practice is to choose a workgroup name that you know is not in use. In scenarios involving computer failure or the deployment of a new system to a user, you accomplish this step by installing or reinstalling the operating system using the same computer name as the previous system. D. Rejoin the computer to the domain. Alternatively, join another computer to the domain; but the new computer must have the same name as the computer account. Pg 5-22-23

  31. Any Questions?

More Related