Scribd Logo
Upload

Welcome to Scribd!

  • 04 Group Accounts

    Uploaded by

    Kumarecit
    11 views23 pages
    ooo

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ooo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views23 pages

    04 Group Accounts

    Uploaded by

    Kumarecit
    ooo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    Revision no.

    : PPT/2K403/02

    Group Accounts

    Revision no.: PPT/2K403/02

    Lesson 1: Understanding Group Types and


    Scopes

    Groups and Group Types

    Domain Functional Levels

    Group Scopes

    Group Conversion

    Special Identities

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Groups and Group Type


    3

    Groups simplify administration by enabling you to


    assign permissions for resources

    Group
    Group
    Groups are characterized by scope and type
    The group scope determines whether the group spans
    multiple domains or is limited to a single domain
    The three group scopes are global, domain local, and
    universal
    Security

    Used to assign user rights and permissions


    Can be used as an e-mail distribution list

    Distribution

    Can be used only with e-mail applications


    Cannot be used to assign permissions

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Domain Functional Levels


    4

    Windows 2000
    mixed (default)

    Domain
    controllers
    Supported

    Windows NT
    Server 4.0,
    Windows 2000,
    Windows Server
    2003

    Group scopes Global, domain


    local
    supported

    Windows 2000
    native

    Windows 2000,
    Windows Server
    2003

    Global, domain
    local, universal

    Windows
    Server 2003

    Windows Server
    2003

    Global, domain
    local, universal

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Group Scopes
    5

    Local Groups

    Domain Local Groups

    Universal Groups

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Local Groups
    6

    Local group rules


    Member

    Local user accounts from the computer

    Can be a member of

    None

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Domain Local Groups


    7

    Domain local group rules

    Members

    Mixed mode: User accounts and global groups from any


    domain
    Native mode: User accounts, global groups, and universal
    groups from any domain in the forest, and domain local
    groups from the same domain

    Can be a member
    of

    Mixed mode: None


    Native mode: Domain local groups in the same domain

    Scope

    Visible only in its own domain

    Permissions

    Domain to which the domain local group belongs

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Global Groups
    8

    Global group rules


    Mixed mode: User accounts from same domain
    Members

    Can be a member
    of

    Native mode: User accounts and global groups from


    same domain
    Mixed mode: Domain local groups
    Native mode: Universal and domain local groups in any
    domain and global groups in the same domain

    Scope

    Visible in its own domain and all trusted domains

    Permissions

    All domains in the forest

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Universal Groups
    9

    Universal group rules


    Mixed mode: Not applicable
    Members

    Can be a member
    of

    Native mode: User accounts, global groups, and other


    universal groups from any domain in the forest
    Mixed mode: Not applicable
    Native mode: Domain local and universal groups in any
    domain

    Scope

    Visible in all domains in a forest

    Permissions

    All domains in a forest

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Group Conversion
    10

    The scope of a group is determined at the time of its creation.

    In a Windows 2000 native or Windows Server 2003 domain


    functional level domain, domain local and global groups can
    be converted to universal groups if the groups are not
    members of other groups of the same scope.

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Special Identities
    11

    There are also some special groups called special identities,


    that are managed by the operating system.

    Special identities cannot be created or deleted; nor can their


    membership be modified by administrators.

    Special identities do not appear in the Active Directory Users


    And Computers snap-in or in any other computer management
    tool, but can be assigned permissions in an ACL.

    Examples :
    - Everyone

    - Interactive

    - Network

    - Anonymous Logon

    - Authenticated Users

    - Creator Owner

    - Dialup
    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Practice: Changing the Group Type and Scope


    12

    Creating and Modifying a Group

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Lesson 2: Managing Group Accounts


    13

    Creating a Security Group

    Modifying Group Membership

    Finding the Domain Groups to Which a User Belongs

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Creating a Security Group


    14

    Active Directory Users And Computers found in the


    Administrative Tools folder can be used to create groups.

    In Active Directory Users And Computers right-click the details


    pane of the container within which you want to create the
    group, and choose New, Group.

    Select the type and Scope of group that you want to create.

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Modifying Group Membership


    15

    You can use Active Directory Users And Computers to add or


    remove members from a group.

    There are two Tabs


    Members
    Member Of

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Finding the Domain Groups to Which a


    User Belongs

    Revision no.: PPT/2K403/02

    16

    Nesting of groups is possible in Active Directory

    Examples
    Global groups can nest into other global groups, universal
    groups, or domain local groups.
    Universal groups can be members of other universal groups or
    domain local groups.
    Domain local groups can belong to other domain local groups.

    dsget user UserDN -memberof [-expand]

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Practice: Modifying Group Membership


    17

    Nesting Group Membership

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Lesson3: Using Automation to Manage Group


    Accounts
    18

    Using LDIFDE

    Creating Groups using DSADD

    Modifying Groups using DSMOD

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Using LDIFDE
    19

    Lightweight Directory Access Protocol (LDAP) Data


    Interchange Format (LDIF) is a standard used to perform batch
    operations against directories that conform to the LDAP
    standards.

    LDIFDE is a command-line utility, available on all Windows


    Server 2003 editions.

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Creating Groups using DSADD


    20

    The DSADD command is used to add objects to Active


    Directory.

    dsadd group GroupDN parameters

    Parameters :
    -secgrp {yes | no}
    -scope {l | g | u}
    -samid SAMName
    -desc Description
    -memberof GroupDN...
    -members MemberDN...

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Modifying Groups using DSMOD


    21

    The DSMOD command is used to modify objects in Active


    Directory. To modify a group, use the syntax

    dsmod group GroupDN

    The command takes many of the same switches as DSADD,


    including -samid, -desc,-secgrp, and -scope.
    -addmbr Member... adds members to the group specified in
    Group
    -rmmbr Member... removes members from the group specified
    in Group

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Practice: Using LDIFDE to Manage Group


    Accounts
    22

    Starting LDIFDE

    Exporting the Users from a Organizational Unit

    Using LDIFDE to Create a Group

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    23

    Design & Published by:


    CMS Institute, Design & Development Centre, CMS House, Plot No. 91, Street No.7,
    MIDC, Marol, Andheri (E), Mumbai 400093, Tel: 91-22-28216511, 28329198
    Email: courseware.inst@cmail.cms.co.in
    www.cmsinstitute.co.in

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    You might also like