Shulou(Shulou.com)06/01 Report--

Active Directory users and computers are important components of managing domain users

In the Active Directory user and computer directories are:

Builtin-default group for the domain

Computers-computers joined to the domain

Domain Controllers-the computer of the domain controller

ForeignSecurityPrincips--

Managed Service Accounts--

Users-Domain user

Builtin:

There are many groups, and each group has a variety of permissions to manage the permissions of users. Groups can be used to manage the permissions of a group of users.

In the new group:

1. Group scope

Local region: used to assign permissions only in the local region. Group members can be any user in the forest and can be converted to a universal group (as long as the members of the original group do not include the local domain group).

Global: permissions can be assigned throughout the forest, but group members can only be users of this domain, and users who cannot join other domains can be transferred to universal groups (as long as the original group does not belong to any global group).

Generic: permissions can be assigned throughout the forest. Group members can be any user in the forest, can be converted into cost regional groups, and can be converted to global groups (as long as the members of the original group do not contain general groups).

Why should there be conversion restrictions?

Local region: can be converted to a universal group (as long as the members of the original group do not include the local domain group)

If it is converted to a general group, and the group member has a local domain group, the group member has the permissions and characteristics of the general group.

The local group can step out of the permissions of the local group, so the definition of this address is meaningless.

Global: can be transferred to a universal group (as long as the original group does not belong to any global group)

If you change to a general group and belong to any global group, the group has the permissions and characteristics of the global group.

Then it is possible that there are non-local members in the global group.

two。 Group Typ

Security group: as the name implies, it is used to assign security permissions.

Distribution groups: permissions cannot be assigned

Properties in the group:

General:

Email: when a message is sent to this mailbox, it will be sent to the mailbox of all members of this group.

Computers:

There are computers that join the domain

Domain Controllers:

A computer with domain services in it

Pre-create a read-only controller account:

You can pre-create a read-only controller account, create an account in advance to manage the read-only controller, use a new account to manage it, and do not have to use a domain administrator account to manage it.

ForeignSecurityPrincips:

Managed Service Accounts:

Users:

Users with domain services in

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.