www.technocorp.co.

in

Active Directory
Administering Active Directory Securely and Efficiently

Module Overview
www.technocorp.co.in

Work with Active Directory Administration Tools Custom Consoles and Least Privilege Find Objects in Active Directory Use Windows PowerShell to Administer Active Directory

Work with Active Directory Administration Tools

www.technocorp.co.in

MMC Console Active Directory Administration Snap-Ins What Is the Active Directory Administrative Center? Find Active Directory Administration Tools Demonstration: Perform Administrative Tasks by Using Active Directory Administrative Tools

MMC Console
www.technocorp.co.in

Show/Hide Console Tree

Show/Hide Actions Pane

Console Tree

Details Pane

Actions Pane

Active Directory Administration Snap-Ins

www.technocorp.co.in

Active Directory Users and Computers

Manage most common day-to-day objects, including users, groups, computers, printers, and shared folders

Active Directory Sites and Services

Manage replication, network topology, and related services

Active Directory Domains and Trusts

Configure and maintain trust relationships and the domain and forest functional level

Active Directory Schema

Administer the Schema

What Is the Active Directory Administrative Center?

www.technocorp.co.in

Task-oriented tool based upon Windows PowerShell

Find Active Directory Administration Tools

www.technocorp.co.in

Active Directory snap-ins are installed on a domain controller

Server Manager: Users and Computers, Sites and Services Administrative Tools folder

Install the RSAT on a member client or server

Windows Server 2008
Server Manager Features Add Feature Remote Server Administration Tools

Windows Vista SP1, Windows 7

Download RSAT from www.microsoft.com/downloads Double-click the file, then follow the instructions in the Setup Wizard Control Panel Programs And Features Turn Windows Features On Or Off Remote Server Administration Tools

Secure Administration with Least Privilege, Run As Administrator, and User Account Control Maintain at least two accounts
www.technocorp.co.in
A standard user account An account with administrative privileges

Log on to your computer as a standard user

Do not log on to your computer with administrative credentials

Start administrative consoles with Run As Administrator

1. Right-click the console and click Run As Administrator 2. Click Use another account 3. Enter the user name and password for your administrative account

Find Objects in Active Directory

Scenarios for Finding Objects in Active Directory Demonstration: Use the Select Users, Contacts, Computers, or Groups Dialog Box Options for Locating Objects in Active Directory Users and Computers Demonstration: Control the View of Objects in Active Directory Users and Computers Demonstration: Use the Find Command Determine Where an Object Is Located Demonstration: Use Saved Queries Demonstration: Find Objects by Using Active Directory Administrative Center
www.technocorp.co.in

Scenarios for Finding Objects in Active Directory

www.technocorp.co.in

When you assign permissions to a folder or file

Select the group or user to which permissions are assigned

When you add members to a group

Select the user or group that will be added as a member

When you configure a linked attribute such as Managed By

Select the user or group that will be displayed on the Managed By tab

When you need to administer a user, group, or computer

Perform a search to locate the object in Active Directory, instead of browsing for the object

Demonstration: Use the Select Users, Contacts, Computers, Service Accounts, or Groups Dialog Box
www.technocorp.co.in

In this demonstration, you will see: How to select users with the Select dialog box

Options for Locating Objects

www.technocorp.co.in
Sorting: Use column headings to find the objects based on the columns Searching: Provide the criteria for which you want to search

Demonstration: Control the View of Objects in Active Directory Administrative Tools

www.technocorp.co.in

In this demonstration, you will see: How to add or remove columns in the details pane How to sort objects based on columns in the details pane

Demonstration: Use the Find Command

www.technocorp.co.in

In this demonstration, you will see: How to search for objects in Active Directory using the Find command

Determine Where an Object is Located

1. 2. 3. 4. 5. or
www.technocorp.co.in

Ensure that Advanced Features is enabled Find the object Open its Properties dialog box Click the Object tab View the Canonical name of object In the Find dialog box, click View, click Choose Columns, and then add the Published At column

Demonstration: Use Saved Queries

www.technocorp.co.in

In this demonstration, you will see: How to create a saved query How to distribute a saved query Why saved queries are an efficient and effective tool for administration

Demonstration: Find Objects by Using Active Directory Administrative Center

www.technocorp.co.in

In this demonstration, you will see: How to find objects using the Active Directory Administrative Center How to save queries using the Active Directory Administrative Center

Use Windows PowerShell to Administer Active Directory

www.technocorp.co.in

What Is Windows PowerShell? Installation Requirements for Windows PowerShell 2.0 Overview of the Windows PowerShell Syntax Windows PowerShell Cmdlets for Active Directory Demonstration: Manage Users and Groups by Using PowerShell

What Is Windows PowerShell?

www.technocorp.co.in

Windows PowerShell is not a scripting language

At least, it is not only a scripting language

PowerShell is an engine designed to run commands that perform administrative tasks, for example:
Creating user accounts Configuring services Deleting mailboxes

PowerShell provides a foundation upon that Microsoft GUI-based administrative tools can build upon
Actions can be accomplished in the command-line console Actions can also be invoked within GUIs by running PowerShell commands in the background

Installation Requirements for Windows PowerShell 2.0

Windows PowerShell is pre-installed by default in Windows Server 2008 R2 and Windows 7 Windows PowerShell is a Web download for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 Windows PowerShell requires Microsoft .NET Framework 2.0 with Service Pack 1 Active Directory Module for Windows PowerShell is included with Windows Server 2008 R2 Active Directory Module for Windows PowerShell is installed with AD DS or AD LDS
www.technocorp.co.in

Overview of the Windows PowerShell Syntax

All Windows PowerShell cmdlets use the same syntax

www.technocorp.co.in

Verb
Get Set Get

Noun
ADUser ADUser ADUser

Parameters
<string>

Example
Get-Aduser Don Set-Aduser Department Marketing

-Filter

Get-Aduser Filter Name like *

Cmdlets can be pipelined to other cmdlets:

Get-ADuser Don | Set_Aduser Department Marketing

Windows PowerShell Cmdlets for Active Directory

www.technocorp.co.in

PowerShell provides cmdlets to assist in the following:

User, Computer, and Group Management Organizational Unit Management Password Policy Management Searching and Modifying Objects Forest and Domain Management Domain Controller and Operations Master Management Managed Service Account Management