Scribd
Upload
44 views

Managing Users Computers and Groups 2011-09-29

Managing-Users-Computers-and-Groups

Uploaded by

Suryami Geoffrey
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
44 views

Managing Users Computers and Groups 2011-09-29

Managing-Users-Computers-and-Groups

Uploaded by

Suryami Geoffrey
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Managing Users,

Computers, & Groups


IN THE
AGNET.TAMU.EDU
ACTIVE DIRECTORY DOMAIN

Active Directory Administrative Center


Managing Computers
Managing Users & Groups
Managing Organizational Units

Introduction to Active Directory


Active Directory (AD) is a network

directory service for centrally storing


and managing security and
information about the users and
devices on a network.
Individual records for users,

computers, groups, etc., are called


objects and they are organized into
containers called Organizational
Units.

Intro to AD, continued


Active Directory can manage security policies and

user interfaces as well as store user credentials and


other information.
Copies of the entire database
can be stored and replicated on
Domain Controllers, which are
distributed throughout an
enterprise.
AD allows for as much
centralization of management and support as an
organization requires.

Intro to AD, continued


In an Active Directory domain, user accounts are

stored on the domain controller instead of on each


workstation. By default, any domain user can log
onto any domain computer as long as they enter the
correct username and password. Individual
computers still have local user accounts, but they
arent used except in special circumstances.

Before a domain user can log into a computer, the

computer must join the domain. Joining links a


computer to a computer object in the AD database
much like a user account.

Active Directory Administrative Center


Active Directory Administrative Center is the primary tool you

will use to manage the computer, user, and group objects for
your organization. It will only work on Windows 7 Professional
or higher. Home and Starter editions will not work.
Download & install

Remote Server
Administrative Tools
(RSAT) for Windows 7
from Microsofts
Download Center.
(Be sure to download the 32-bit or
64-bit version to match your
installed OS.)

Installing ADAC, continued

Open Programs from the Control Panel and select Turn

Windows features on and off.

Expand the feature tree to Remote

Server Administration Tools\Role


Administration Tools\AD DS and
AD LDS Tools\AD DS Tools and
install Active Directory
Administrative Center.

Installing ADAC, continued


To launch ADAC, run dsac.exe, or

select it from your Administrative


Tools.
Click on Add Navigation Nodes
in the toolbar.
Browse through the columns of Organizational Units to your
local site. Highlight it and click the double arrow then OK.

You now have a shortcut to your site OU in the Navigation Pane.

Managing Computers
In Active Directory, computers use accounts and
passwords just like users. A computer must join the
domain (become associated with a computer account)
before a person can use it to log into their own
account. After the initial migration, this is the process
you will use to add computers to the domain.
First, create a computer account object in AD.
1. In ADAC, select the appropriate OU
2. Click New then Computer from the Tasks pane.
3. Enter the computers name.
(Make sure computer names are recognizably associated with your
organization!)

Log into the computer with a local administrator

account.

Computers, continued

Right click on Computer (My Computer

in XP) and select Properties.


Click on Change settings (except in
XP) and click on the Change button.
Make sure the computer name exactly
matches the computer account you
created in ADAC.
Select the Domain radio button and
enter agnet.tamu.edu as the domain
name. Click OK.

Computers, continued

Enter the username and password of an Active Directory account

that is authorized to join computers to the domain. Click OK.


Welcometotheagnet.tamu.edudomain.
Acknowledge the Welcome message and close the properties

window.
Restart the computer.
***If you reinstall the OS on a computer, you must rejoin the domain!***

Computers, continued
Joining a Mac to the domain
For Leopard or Snow Leopard, create a computer account as
described above. (Some users still have difficulties joining Snow Leopard to the domain.)
On the Mac, open the System Preferences and go to Accounts.
Click on the Login Options on the bottom left.
On the right, click the Edit button for the Network Account
Server.
Click on the + button and enter agnet.tamu.edu.
Authenticate with an AGNET account that is authorized to join
computers to the domain.

Managing Users & Groups


Creating a user account
In ADAC, select the appropriate OU.
Click New then User from the Tasks

pane on the right.


Enter the persons first and last
name.
Enter the users logon name in the
User UPN logon field.
(Logon name should be First.Last or FirstM.Last.)

Enter a password and other

information as necessary.

Users & Groups, continued

Resetting a users password


Highlight the user account in ADAC
and click Reset password from the
Tasks pane.
Enter the new password twice and
check the Unlock account box if
necessary. Click OK.

Users & Groups, continued


Creating a user group
Select the appropriate OU.
Click New then Group from the Tasks pane.*
Enter a group name that can be readily associated
with your organization.
Add a description and comments if appropriate.
* There are two ways
to create a new object:
First, click "New" in
the Tasks pane;
Second, right-click in
the center pane and
select New.

Users & Groups, continued


Adding a user to a group
From the User account object

Highlight the user account object.


Click on Add to group in the Tasks
pane.
Type the group name and click OK.

From the Group object

Open the Group object properties.


Scroll down to the Members section (or click on Members in the Navigation pane.)
Click the Add button.
Type the name of the user or group you want to add. Separate multiple object
names with a semicolon.

Managing Organizational Units


Organizational Units are containers in Active

Directory, used for grouping similar objects together.


All end user, computer, and group accounts in
agnet.tamu.edu are stored in a tree of OUs under a
top-level OU called AgriLifeEmployees.
Under your departments OU, there are three subOUs for computers, groups, and users.
You may create new OUs under
those three to suit your own
organizations needs.

Managing OUs, continued

To create a new sub-OU, navigate to the appropriate

location of the directory tree in ADAC, right-click in


the center pane, and select New, then Organizational
Unit.
or select New then Organizational Unit from the
Tasks pane.

Managing OUs, continued


Enter a name and description for your new OU.

Click OK

Document Update History


2010.11.23

Jay Carper

Added graphics, corrections

2010.11.23.1

Jay Carper

Added info on OU management

2011.07.01

Jay Carper

Modified Mac OSX information.

You might also like