Professional Documents
Culture Documents
management
Administering accounts
&Services
Managing Accounts
Active Directory in Windows Server
2003 provides three types of
accounts:
User accounts
Groups
Computer accounts
Creating DomainUser
Accounts
Managing Groups
A group is defined as a set of user accounts,
computer accounts, and groups.
A group is a collection of users, computers,
or resources that belong to various domains
in an organization.
You can simplify the task of administration
by assigning permissions to a group of
users rather than assigning permissions to
each individual user account.
Managing Groups
The various tasks that can be
performed using groups are:
Assign permissions to the entire
group to access the network
resource.
Assign rights to users and then add
members with same rights to the
group.
Create e-mail distribution lists.
Group scopes
Security and distribution groups can be further
subdivided according to the group scope. The various
types of group scopes are:
Local group: Grant permissions to resources that are
available on a local computer. Local groups cannot be
made members of any other type of group.
Domain local group: Assigns rights and permissions to
resources that belong to the domain local group. A
domain local group can contain global groups, universal
groups, and other domain local groups from its own
domain. You should use the domain local group when
you want to control users access to resources present
within a domain.
Group scopes
Global group: You can use a global group
to organize users from within a domain
who need to perform similar operations
and have similar network access
requirements. Provides access to
resources from any domain of a tree or a
forest
Universal group: Useful in multidomain
forests. Used to define roles or to manage
resources from more than 1 domain.
Modifying Groups
Windows Server 2003 enables you to
manage and maintain groups using
Active Directory
Modify group properties
Add members to a group
Move groups
Delete groups