Shulou(Shulou.com)06/02 Report--

Build with environment, domain users and groups

First, build a domain environment

1. Domain and domain controller

(1) Domain: the computers in the network are logically organized together for centralized management. this centralized management environment is called domain.

(2) domain controller (DC): in a domain, there is at least one domain controller, in which the user account number and security database of the entire domain are stored. A computer with an active directory is called a domain controller, and the domain administrator can control the behavior of each / domain user.

2. Active Directory (AD-Active Directory)

(1) active Directory: a directory database that stores information about objects in the entire Windows network. It is also a service that can perform various operations on the data in the active directory.

(2) the characteristics of active directory

① centralized management and convenient access to network resources (user / group accounts, shared folder printers, etc.)

② users can access the entire domain network with a single login

③ scalability

3. Domain trees and forests

(1) Domain tree: multiple domains with contiguous namespaces

(2) Forest: composed of one or more domain trees, each domain tree in the forest has a unique namespace and is discontinuous.

(3) the root domain of the forest: the root domain of the first domain tree.

Create an AD domain

1. Set network parameters

IPconfig / all

2. Install Active Directory

Add roles and features-role-based or feature-based installation-select servers from server pool-check Active Directory-- domain services and DNS servers-install

3. Active Directory configuration Wizard

AD DS-click "more"-promote this server to domain controller-add new forest (root domain name)-select forest functional level and domain functional level (level can only be raised but not lowered, so select lowest level)-configure restore password-perform installation

4. Add the client to the domain

(1) the conditions for the client to join the domain:

The ① computer IP address and DNS are configured correctly

② ensures that the computer is connected to the domain controller

Ping DC's ip nslookup domain name (test whether it can be resolved)

(2) add the client to the domain

Client-right-click this computer-- Properties-- change settings to the right of the computer name-- computer name-- change-- confirm domain membership-- OK-- enter computer name and domain name-- OK

III. Domain users and groups

1. Create a domain user account

(1) Domain user accounts are stored in the active Directory database

(2) tools for creating domain users-Active Directory users and computers

(3) create an organizational unit (OU)

Right-click the domain name-create a new organizational unit XXX (such as business department, etc.)

(4) create a domain account

Right-click organizational unit-- New-- user

(5) display name

Should be unique within the same organizational unit (OU)

(6) user login name

Unique and up to 20 characters in the entire domain

2. Configure domain user attributes

Login time, login, account expiration

IV. Management of Group and OU

1. The type of group account in the domain

(1) Security Section

Used to set user permissions and can also be used for e-mail communications

(2) Distribution group

For email communications only

2. Scope of the group

(1) Local domain group

Create local domain groups for resources in this domain

Members that can be included are: ① user account; ② local domain group; ③ global group; ④ universal group.

(2) Global group

The scope of action is the whole forest and trust domain

Create a global group by logical relationship

Global groups can be used according to Agdlp rules

(3) General Group

The scope of action is the whole forest and trust domain

The difference between global groups and universal groups

The membership of ① general group is in the global catalog, and the login or query speed of general group members in ② multi-domain environment is fast.

The membership of the ③ global group is in each domain.

3. Organizational Unit (OU)

(1) concept

-Container: effectively organize active Directory objects-Group Policy

(2) Design method

The design types of department-based OU, geographic location-based OU, object type-based OU, and OU can also be mixed.

(3) creation method

-- New-- organizational unit

(4) Delete OU

View-Select Advanced Features-right-click the OU property-object-cancel to prevent accidental deletion to delete the OU directly.

(5) appointment of OU

Why does ① need delegation

The administrator assigns a certain range of administrative tasks to the appropriate users and groups, thus reducing the administrator's workload

② implementation method

Open [Active Directory users and computers], right-click OU → delegation control, and add the account or group to delegate the task.

(6) Delete delegation

View-Advanced featur

Right-click the delegated OU- attribute-Security-Advanced-Delete the delegated user

5. Install DC

1. Prerequisites for installing DC

(1) Local administrator privileges (2) the operating system version must meet the conditional Windows Server version.

(3) have TCP/IP setting (4) have enough free disk space

(5) NTFS partition (with at least one NTFS partition) (6) requires DNS support

Select a new domain in the new forest

Database and log folders are saved by default at c:\ windows\ NTDS

The location of the Sysvol folder must be a NTFS partition

Enter the Administrator password for the directory service restore mode

Domain controllers supported at the domain functional level

Windows 2000 Native Mode Windows 2000 Server Windows Server 2003

Windows Server 2008

Windows Server 2003 Windows Server 2003 Windows Server 2008

Windows Server 2008 Windows Server 2008 Windows Server 2012

Windows Server 2012 Windows Server 2012

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.