{"id":1021,"date":"2018-02-01T01:24:13","date_gmt":"2018-02-01T01:24:13","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=1021"},"modified":"2020-04-27T12:11:34","modified_gmt":"2020-04-27T12:11:34","slug":"what-is-active-directory-users-computers","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=1021","title":{"rendered":"3 Introduction to Active Directory Users &#038; Computers"},"content":{"rendered":"<p><a href=\"\/active-directory-and-group-policies\/\">&lt; Main Menu<\/a> | <a href=\"\/4-introduction-to-group-policy-management\/\">4 Intro to Group Policy Management &gt;<\/a><\/p>\n<h1>11: What is Active Directory Users &amp; Computers<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276670?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276670?start=0<\/a><\/p>\n<h2>Active Directory<\/h2>\n<p>Active Directory (AD) is a database (or Directory [think Phone directory]) for the following and their respective permissions:<\/p>\n<ul>\n<li>User Accounts &amp; Passwords<\/li>\n<li>Computers<\/li>\n<li>Printers<\/li>\n<li>File Shares<\/li>\n<li>Security Groups<\/li>\n<\/ul>\n<h2>Security Groups<\/h2>\n<p>Use AD and Group Policies together to define specific permissions to objects within AD<\/p>\n<ul>\n<li>User Accounts<\/li>\n<li>Computers<\/li>\n<li>Printers<\/li>\n<li>File Shares<\/li>\n<li>Other Groups&#8230;<\/li>\n<\/ul>\n<h2>The Purpose for Active Directory<\/h2>\n<ul>\n<li>is to handle <strong>security authentication<\/strong> across a domain<\/li>\n<li>Only allows authorized users to logon to network computers<\/li>\n<li>Centralized security management of network resources.\n<ul>\n<li>Stores things like user names and passwords in 1 location instead of each individual computer.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Most common Task with AD<\/h2>\n<ul>\n<li>Reset Passwords<\/li>\n<li>Create\/Delete user accounts\n<ul>\n<li>Every time a new employee is hired, they will need log in credentials<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Life without AD<\/h2>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad01.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1395\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad01.png\" alt=\"\" width=\"440\" height=\"148\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad01.png 440w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad01-300x101.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad01-150x50.png 150w\" sizes=\"auto, (max-width: 440px) 100vw, 440px\" \/><\/a><\/p>\n<ul>\n<li>User &#8220;John&#8221; requires access to several computers in the office.<\/li>\n<li>You would need to create his login on each one.<\/li>\n<li>If John lost his password, you would also need to reset it on each one.<\/li>\n<\/ul>\n<h3>With AD<\/h3>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad-02.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1396\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad-02.png\" alt=\"\" width=\"386\" height=\"314\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad-02.png 386w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad-02-300x244.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad-02-150x122.png 150w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/05\/ad-02-220x180.png 220w\" sizes=\"auto, (max-width: 386px) 100vw, 386px\" \/><\/a><\/p>\n<ul>\n<li>Setup once<\/li>\n<li>Reset in one location<\/li>\n<\/ul>\n<h2>Active Directory is a Multi-Master Database<\/h2>\n<ul>\n<li>Several computers can make changes to the database<\/li>\n<\/ul>\n<h2>Getting Started<\/h2>\n<ul>\n<li>Server Manager &gt; Tools &gt; Active Directory Users and Computers<\/li>\n<li>Nav Pane &gt; RtClck Domain &gt; New to add users and computers<\/li>\n<\/ul>\n<p>The rest is a walk through of all options in the Users and Computers admin window.<\/p>\n<p>&nbsp;<\/p>\n<h1>12: Understanding Organizational Units and Containers<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276672?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276672?start=0<\/a><\/p>\n<p>Active Directory Users and Computers &gt; domain.tld<\/p>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/adtypes.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2719\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/adtypes.png\" alt=\"\" width=\"756\" height=\"269\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/adtypes.png 756w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/adtypes-300x107.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/adtypes-150x53.png 150w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" \/><\/a><\/p>\n<h2>What are Containers?<\/h2>\n<ul>\n<li>Are structural objects that are included by default within Active Directory.<\/li>\n<li>You cannot apply Group Policy Objects (aka GPOs) to Containers *IMPORTANT<\/li>\n<li>You cannot create a Container with AD\n<ul>\n<li>(but you can use adsiedit but likely never required)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Think of Containers as Organizers<\/p>\n<h3>Computers Container<\/h3>\n<ul>\n<li>Serves as a default location for new computers that join your domain.<\/li>\n<li>When joined, a new AD Computer Account Object will be created inside this container.<\/li>\n<li>To apply GPOs to a computer, you&#8217;ll need to move that computer out of the container and into an Organizational Unit (then you can apply security policies such as custom wallpapers, etc.)\n<ul>\n<li>You can leave them in the Computers container, but generally not best practice.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>ForeignSecurityPrincipals Container<\/h3>\n<ul>\n<li>Contains Proxy Objects for Security Principals for other trusted domains.\n<ul>\n<li>Could be a user account or security group that resides inside of another domain.<\/li>\n<\/ul>\n<\/li>\n<li>If you do not establish a trust between this domain and another, you will not be using this container at all.<\/li>\n<\/ul>\n<h3>Managed Service Accounts (MSAs) Container<\/h3>\n<ul>\n<li>Holds the user accounts that are used to operate the applications or services that run on your servers or workstations.\n<ul>\n<li>apache2, www-data<\/li>\n<\/ul>\n<\/li>\n<li>These accounts do not use passwords &#8211; these are handled automatically.<\/li>\n<li>To create an MSA, you need to use the PowerShell command line. There is no Gui.<\/li>\n<\/ul>\n<h3>Users Container<\/h3>\n<ul>\n<li>Do not delete any of the default users and security groups!<\/li>\n<\/ul>\n<h2>builtinDomain<\/h2>\n<ul>\n<li>Contains a number of Security Groups required for the domain to operate<\/li>\n<li>Unlike Users, these <strong>cannot<\/strong> be deleted<\/li>\n<\/ul>\n<h2>Organizational Units (OUs)<\/h2>\n<ul>\n<li>Used to organize and separate objects within AD.<\/li>\n<li>Objects can be anything that AD can store\n<ul>\n<li>User Accounts<\/li>\n<li>Computers, Printers, blah blah<\/li>\n<\/ul>\n<\/li>\n<li>If you have a Marketing Team, you can create an OU called Marketing and store all those users there.<\/li>\n<li>You can assign specific permissions to OUs, that then automatically apply to all objects within that OU.<\/li>\n<\/ul>\n<h3>Domain Controllers OU<\/h3>\n<ul>\n<li>Only OU that comes by default.\u00a0 This cannot be deleted.<\/li>\n<li>Domain Controllers need to be placed inside this OU because there are specific policies that need to be applied to Domain Controllers for them to operate.<\/li>\n<\/ul>\n<h3>Creating a new OU<\/h3>\n<ul>\n<li>domain.tld [RtClk] &gt; New &gt; Organizational Unit\n<ul>\n<li>Name: Test OU &gt; [ Save ]<\/li>\n<li>Test OU [RtClk]\n<ul>\n<li>Delegate Control&#8230;\n<ul>\n<li>Give control of this OU to another person<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Exporting a List<\/h3>\n<ul>\n<li>Right click on an OU to export a list of it&#8217;s sub contents.<\/li>\n<li>These lists are not recursive, so the list will only be 1 level deep if you have nested OUs.<\/li>\n<\/ul>\n<h3>Deleting an OU<\/h3>\n<ul>\n<li>If you cannot delete an OU, it may be protected.\u00a0 To disable accidental deletion:\n<ul>\n<li>View &gt; Advanced Features<\/li>\n<li>Target OU [RtClk] &gt; Properties<\/li>\n<li>Click the Object tab, then deselect &#8220;Protect against accidental deletion&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Additional Notes here: <a href=\"https:\/\/wiki.thomasandsofia.com\/active-directory-users-and-computers\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wiki.thomasandsofia.com\/active-directory-users-and-computers\/<\/a><\/p>\n<h1>13: Creating User Accounts with AD<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8287548#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8287548#content<\/a><\/p>\n<h2>Create the OUs for your users and computers<\/h2>\n<ul>\n<li>[RtClk] AD Domain name (domain.tld) &gt; New &gt; Organizational Unit<\/li>\n<li>Name: domain<del>.tld<\/del>\n<ul>\n<li>Standard procedure is this should be the same to prevent misinterpretation.<\/li>\n<li>Did not use the existing &#8216;Users&#8217; container because you CANNOT apply group policies to containers!<\/li>\n<\/ul>\n<\/li>\n<li>Within this OU, create 2 sub OUs\n<ul>\n<li>&#8216;Domain Users&#8217;<\/li>\n<li>&#8216;Domain Computers&#8217;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Create a user<\/h2>\n<ul>\n<li>[RtClk] Domain Users &gt; New &gt; User<\/li>\n<li>Enter\n<ul>\n<li>First\/Last names<\/li>\n<li>Login name: first.last or however you wish<\/li>\n<li>Select domain from drop down (should only have one now)<\/li>\n<li>due to character limits in pre-2000, you can use an alt. login name<\/li>\n<li>Next &gt;<\/li>\n<li>Create \/ Confirm password<\/li>\n<li>Select password options\n<ul>\n<li>In &#8216;Production&#8217; would probably leave the &#8216;User must change at next logon&#8217; enabled.<\/li>\n<li>This is also where you disable an active directory user account.<\/li>\n<\/ul>\n<\/li>\n<li>Next &gt; Finish<\/li>\n<\/ul>\n<\/li>\n<li>Attempt to sign in with your user.<\/li>\n<\/ul>\n<h1>14: Searching for Objects in AD<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8300688#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8300688#content<\/a><\/p>\n<p>Purpose:<\/p>\n<ul>\n<li>If you have 1000&#8217;s of users or computers<\/li>\n<\/ul>\n<h2>How to find objects and users<\/h2>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/ad-find-icon.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2730\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/ad-find-icon.png\" alt=\"\" width=\"484\" height=\"164\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/ad-find-icon.png 484w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/ad-find-icon-300x102.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2018\/02\/ad-find-icon-150x51.png 150w\" sizes=\"auto, (max-width: 484px) 100vw, 484px\" \/><\/a><\/p>\n<ul>\n<li>Use the &#8216;Find&#8217; icon<\/li>\n<li>[RtClk] the domain &gt;\u00a0 Find<\/li>\n<li>Select the type of object you are looking for\n<ul>\n<li>Users, Contacts, and Groups<\/li>\n<li>Computers<\/li>\n<li>Printers<\/li>\n<li>Shared Folders<\/li>\n<li>Organizational Units<\/li>\n<li>Customer Search<\/li>\n<li>Common Queries<\/li>\n<\/ul>\n<\/li>\n<li>Select the Domain to search\n<ul>\n<li>You can use &#8216;Entire Directory&#8217; but if you have trusted domains, this search could take a very long time to complete.<\/li>\n<\/ul>\n<\/li>\n<li>Click [ Find Now ]<\/li>\n<li>When the object has been located, [RtClk] to perform common tasks\n<ul>\n<li>Rename<\/li>\n<li>delete<\/li>\n<li>add to group<\/li>\n<li>Reset Password<\/li>\n<li>Disable account<\/li>\n<\/ul>\n<\/li>\n<li>Nothing in this view will show you &#8220;Where&#8221; the located object is.<\/li>\n<\/ul>\n<h2>To find where an Object is:<\/h2>\n<ul>\n<li>View &gt; Advanced Features &gt; Enable<\/li>\n<li>Repeat &#8216;Find&#8217; steps above &gt; Properties<\/li>\n<li>Click the &#8216;Object&#8217; tab\n<ul>\n<li>Canonical name of object &#8220;tas.local\/tas\/Domain Users\/Thomas Roberts<\/li>\n<li>domain\/domainOU\/userOU\/user<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Advanced Search<\/h2>\n<ul>\n<li>Accepts RegEx<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>15: Resetting User Passwords in AD Users and Computers<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8300702#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8300702#content<\/a><\/p>\n<h2>How to reset a user&#8217;s password<\/h2>\n<ul>\n<li>Find using users First and Last name<\/li>\n<li>Double click &gt; Account tab or [RtClk] &gt; Properties &gt; Account tab\n<ul>\n<li>Make sure you ask for their Login Name<\/li>\n<li>This helps prevent accidentally resetting the WRONG user<\/li>\n<\/ul>\n<\/li>\n<li>[RtClk] User &gt; Reset Password &#8230;<\/li>\n<\/ul>\n<h2>Unlocking an account<\/h2>\n<ul>\n<li>On the account tab.\n<ul>\n<li>Can do from the Password reset screen, but will require a password change.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>16: Understanding Groups and Memberships<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8351366#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8351366#content<\/a><\/p>\n<p><strong><span style=\"color: #ff0000;\">IMPORTANT to know how groups work!<\/span><\/strong><\/p>\n<h2>Create a Group<\/h2>\n<ul>\n<li>Domain (tas.local)&gt; Domain OU (tas)&gt; Users OU (Domain Users)&gt; [RtClk] New &gt; Group\n<ul>\n<li>Group: Sales<\/li>\n<li>Select Scope (Least to most accessible)\n<ul>\n<li>Domain Local: ONLY to the local domain (tas.local)<\/li>\n<li>Global: Includes trusted domains<\/li>\n<li>Universal: Can be accessed from other forests that trust your domain<\/li>\n<\/ul>\n<\/li>\n<li>Group Types\n<ul>\n<li>Security: Used to specify permissions\n<ul>\n<li>printers<\/li>\n<li>file shares<\/li>\n<\/ul>\n<\/li>\n<li>Distribution Group\n<ul>\n<li>Only used as an Email distribution list.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Example Group: Sales<\/h3>\n<ul>\n<li>Create the group\n<ul>\n<li>Name: Sales<\/li>\n<li>Scope: Global<\/li>\n<li>Type: Security<\/li>\n<li>[ OK ]<\/li>\n<\/ul>\n<\/li>\n<li>[RtClk] Sales &gt; Properties\n<ul>\n<li>Members Tab: Add users to the group\n<ul>\n<li>[Add]<\/li>\n<li>Find User\n<ul>\n<li>Start typing &gt; Check Names<\/li>\n<li>[ OK ]<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Member Of: Add the group to another OU\n<ul>\n<li>Example: Can add Sales to the Administrators group<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>17: Disabling and Deleting User Accounts with AD<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8351662#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/lecture\/8351662#content<\/a><\/p>\n<h2>Disabling a user account<\/h2>\n<p>Often a user should not be deleted until a certain amount of time has expired.<\/p>\n<ul>\n<li>Create an OU called &#8216;Disabled Users&#8217;<\/li>\n<li>Domain (tas.local)&gt; Domain OU (tas)&gt; [RtClk] New &gt; Organizational Unit &gt; Disabled Users<\/li>\n<li>Disable the account:\n<ul>\n<li>Select the account, [RtClk] &gt; Disable User<\/li>\n<\/ul>\n<\/li>\n<li>Move account to &#8216;Disabled Users&#8221; OU\n<ul>\n<li>Select account, [RtClk] &gt; Move<\/li>\n<li>Select OU to move to<\/li>\n<li>* I tried dragging and dropping the user, but it barked at me&#8230;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Deleting a user account<\/h2>\n<ul>\n<li>Select the account, [RtClk] &gt; Disable User<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>Quiz 1: AD Quiz<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/quiz\/425420#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/active-directory-group-policy-2012\/learn\/quiz\/425420#content<\/a><\/p>\n<p>4\/27\/2020<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&lt; Main Menu | 4 Intro to Group Policy Management &gt; 11: What is Active Directory Users &amp; Computers https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276670?start=0 Active Directory Active Directory (AD) is a database (or Directory [think Phone directory]) for the following and their respective permissions: User Accounts &amp; Passwords Computers Printers File Shares Security Groups Security Groups Use AD and ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=1021\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-1021","post","type-post","status-publish","format-standard","hentry","category-active-directory"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1021"}],"version-history":[{"count":11,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1021\/revisions"}],"predecessor-version":[{"id":2736,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1021\/revisions\/2736"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}