Information Technology Reference
In-Depth Information
Creating and Managing
Active Directory Objects
Now that you are familiar with the task of creating OUs, you should find creating and
managing other Active Directory objects quite simple. The following sections will examine
the details.
Overview of Active Directory Objects
When you install and configure a domain controller, Active Directory sets up an organiza-
tional structure for you, and you can create and manage several types of objects.
Active Directory Organization
When you are looking at your Active Directory structure, you will see objects that look like
folders in Windows Explorer. These objects are containers, or
organizational units (OUs)
.
The difference is that an OU is a container to which you can link a GPO. Normal contain-
ers cannot have a GPO linked to them. That's what makes an OU a special container.
By default, after you install and configure a domain controller, you will see the following
organizational sections within the Active Directory Users and Computers tool (they look
like folders):
Built-In
The
Built-In container
includes all of the standard groups that are installed by
default when you promote a domain controller. You can use these groups to administer the
servers in your environment. Examples include the Administrators group, Backup Opera-
tors group, and Print Operators group.
Computers
By default, the
Computers container
contains a list of the workstations in
your domain. From here, you can manage all of the computers in your domain.
Domain Controllers
The
Domain Controllers OU
includes a list of all the domain con-
trollers for the domain.
Foreign Security Principals
Foreign security principals
containers are any objects to
which security can be assigned and that are not part of the current domain.
Security princi-
pals
are Active Directory objects to which permissions can be applied, and they can be used
to manage permissions in Active Directory.
Managed Service Accounts
The
Managed Service Accounts container
is a new Windows
Server 2012 R2 container. Service accounts are accounts created to run specific services such
as Exchange and SQL Server. Having a Managed Service Accounts container allows you to
control the service accounts better and thus allows for better service account security.
Users
The
Users container
includes all the security accounts that are part of the domain.
When you first install the domain controller, there will be several groups in this container.
Search WWH ::
Custom Search