Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Part 1: Learn at Your Own Pace > Managing Users, Groups, and Computers

Chapter 4. Managing Users, Groups, and Computers

Exam Objectives in this Chapter:

  • Create and manage user accounts (Exam 70-292).

    • Create and modify user accounts by using the Active Directory Users And Computers snap-in.

    • Create and modify user accounts by using automation.

    • Import user accounts.

  • Create and manage groups (Exam 70-292).

    • Identify and modify the scope of a group.

    • Find domain groups in which a user is a member.

    • Manage group membership.

    • Create and modify groups by using the Active Directory Users And Computers snap-in.

    • Create and modify groups by using automation.

  • Plan a user authentication strategy (Exam 70-296).

    • Plan a smart card authentication strategy.

    • Create a password policy for domain users.

  • Troubleshoot user authentication issues (Exam 70-292).

Why This Chapter Matters

To control user access to resources in a domain environment, a mechanism must first exist to identify users, and then rights and permissions must be associated with those identities. In Microsoft Windows Server 2003 Active Directory directory service, users are associated with individual user objects, which are ultimately used for authentication purposes and the configuration of user environment settings. In this chapter, you will not only learn the various ways in which user accounts can be created, but you will also learn how those accounts can be modified using a variety of tools included with Windows Server 2003.

To make the assignment of user rights, permissions to network resources, and e-mail distribution lists easier to manage, Windows Server 2003 Active Directory allows you to configure collections of objects into groups. Depending on the functional level of a domain, Active Directory supports two group types and three group scopes. These groups can then be used to aggregate user, computer, and even other group objects to lessen the administrative burden associated with managing multiple objects individually. For example, instead of assigning permissions to a resource multiple times for multiple users, you can make those users members of a single group, with permissions granted once instead. In this chapter, you will not only learn various methods used to create and manage Active Directory groups, but you will also learn the rules associated with changing the scope, type, or membership of a group.

Finally, this chapter takes a look at issues relating to planning and troubleshooting user authentication, including the configuration of account policy settings, methods of troubleshooting common authentication issues, and the implementation of smart cards.


Lessons in this Chapter:

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint