Scribd Logo
Carica

Benvenuto in Scribd!

  • 05 Computer Accounts

    Caricato da

    Kumarecit
    13 visualizzazioni17 pagine
    fff

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    fff

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    13 visualizzazioni17 pagine

    05 Computer Accounts

    Caricato da

    Kumarecit
    fff

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 17

    Revision no.

    : PPT/2K403/02

    Computer Accounts
    (70-290)

    Revision no.: PPT/2K403/02

    Lesson 1:Joining a Computer to a Domain


    2

    Creating Computer Accounts

    The Computers Container vs. OU s

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Creating Computer Accounts


    3

    Creating Computer Objects Using Active Directory Users And


    Computers

    Creating Computer Objects Using DSADD

    Creating Computer Objects with NETDOM

    Joining a Computer to a Domain

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Creating Computer Objects Using DSADD


    4

    DSADD allows you to create computer objects from the


    command prompt or a batch file.
    dsadd computer ComputerDN (Where ComputerDN is
    distinguished name (DN) for new computer object)
    E.g. dsadd computer CN=Desktop123,OU=Desktops,DC=contoso,DC=com.

    The DSADD Computer Command can take the following


    optional parameters after DN parameter
    samid SAMNAME
    desc Description
    loc Location

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Creating Computer Objects with NETDOM


    5

    The NETDOM command is available as a component of the


    Support Tools, installable from the Support\Tools directory of
    the Windows Server 2003 CD.

    The command is also available on the Windows XP and


    Windows 2000 CDs.

    netdom add ComputerName /domain:DomainName


    /userd:User /PasswordD:UserPassword [/ou:OUDN]

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Joining a Computer to a Domain


    6

    A computer account alone is not enough to create the secure


    relationship required between a domain and a machine.

    You can join a domain through system properties in control


    panel.

    If you have not created a domain computer account with a


    name that matches the computers name, Active Directory
    creates an account automatically in the default Computers
    container.

    Once a domain computer account has been created or located,


    the computer establishes a trust relationship with the domain,
    alters its SID to match that of the account, and makes
    modifications to its group memberships.
    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    The Computers Container vs. OU s


    7

    The Computers container is the default location for computer


    objects in Active Directory.

    After a domain is upgraded from Windows NT 4 to Windows


    2000, all computer accounts are found, initially, in this
    container.

    When a machine joins the domain and there is no existing


    account in the domain for that computer, a computer object is
    created automatically in the Computers container.

    Unlike OUs, containers such as Computers, Users and Builtin


    cannot be linked to policies.
    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Practice: Joining a Computer to an Active


    Directory Domain
    8

    Creating Computer Accounts with Active


    Directory Users and Computers

    Creating Computer Accounts with DSADD

    Moving a Computer Object

    Join a Computer to a Domain (Optional)

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Lesson 2: Managing Computer Accounts


    9

    Managing Computer Object Permissions

    Configuring Computer Properties

    Finding and Connecting to Objects in Active Directory

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Practice: Managing Computer Accounts


    10

    Managing Computer Accounts

    Finding Objects in Active Directory

    Changing Computer Properties

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Lesson 3: Troubleshooting Computer


    Accounts
    11

    Deleting and Disabling and Resetting Computer Accounts

    Recognizing Computer Accounts Problems

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Deleting and Disabling and Resetting


    Computer Accounts
    12

    Computer accounts, like user accounts, maintain a unique SID,


    which enables an administrator to grant permissions to
    computers. Also like user accounts, computers can belong to
    groups.

    To delete a computer account using Active Directory Users


    And Computers, locate and select the computer object and,
    from the Action menu or the shortcut menu, select the Delete
    command.

    The DSRM command-line tool allows you to delete a computer


    object from the command prompt.

    DSRM ObjectDN
    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Contd
    13

    While an account is disabled, the computer cannot create a


    secure channel with the domain.

    To enable a computer account, simply select the computer and


    choose the Enable Account command from the Action or
    shortcut menus.

    To disable or enable a computer from the command prompt,


    use the DSMOD command.

    The DSMOD command modifies Active Directory objects.

    DSMOD COMPUTER ComputerDN -DISABLED YES


    DSMOD COMPUTER ComputerDN -DISABLED NO

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Contd
    14

    If a computer accounts group memberships and SID, and the


    permissions assigned to that SID, are important to the
    operations of a domain, you do not want to delete that
    account.

    So you will reset the Computer account rather than deleting it

    The Reset Account command is available in the Action and


    context menus when a computer object is selected. The
    DSMOD command can also be used to reset a computer
    account

    dsmod computer ComputerDN -reset

    The NETDOM command, also enables you to reset a computer


    account.
    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Recognizing Computer Accounts Problems


    15

    Rules that govern troubleshooting a computer account are:


    A. If the computer account exists in Active Directory, it must be
    reset.
    B. If the computer account is missing in Active Directory, you must
    create a computer account.
    C. If the computer still belongs to the domain, it must be removed
    from the domain by changing its membership to a workgroup.
    The name of the workgroup is irrelevant. Best practice is to try
    and choose a workgroup name that you know is not in use.
    D. Rejoin the computer to the domain. Alternatively, join another
    computer to the domain; but the new computer must have the
    same name as the computer account.
    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    Troubleshooting Computer Accounts


    16

    Troubleshooting Computer Accounts

    Recover from Computer Account Problems

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Revision no.: PPT/2K403/02

    17

    Design & Published by:


    CMS Institute, Design & Development Centre, CMS House, Plot No. 91, Street No.7,
    MIDC, Marol, Andheri (E), Mumbai 400093, Tel: 91-22-28216511, 28329198
    Email: courseware.inst@cmail.cms.co.in
    www.cmsinstitute.co.in

    CMS INSTITUTE, 2004. All rights reserved. No part of this material may be reproduced, stored or emailed without the prior permission of Programme Director, CMS Institute

    Potrebbero piacerti anche