Information Technology Reference
In-Depth Information
exercise 5.7 (continued)
Click the Members tab and then click Add. Add the Maria D. President and John Q.
Admin user accounts to the group. Click OK to save the settings and then OK to accept
the group modifications.
6.
Select the Sales OU. Right-click the Workstation1 Computer object. Notice that you can
choose to disable the account or reset it (to allow another computer to join the domain
under that same name). From the context menu, choose Properties. You'll see the prop-
erties for the Computer object.
Examine the various options and make changes based on your personal preference.
After you have examined the available options, click OK to continue.
7.
Select the Corporate OU. Right-click the Maria D. President user account and choose
Reset Password. You will be prompted to enter a new password, and then you'll be
asked to confirm it. Note that you can also force the user to change this password upon
the next logon, and you can also unlock the user's account from here. For this exercise,
do not enter a new password; just click Cancel.
8.
Close the Active Directory Users and Computers tool.
By now, you have probably noticed that Active Directory objects have a lot of common
options. For example, Group and Computer objects both have a Managed By tab.
Windows Server 2012 R2 allows you to manage many User objects at once. For
instance, you can select several User objects by holding down the Shift or Ctrl key while
selecting. You can then right-click any one of the selected objects and select Properties to
display the properties that are available for multiple users. Notice that not every user prop-
erty is available because some properties are unique to each user. You can configure the
Description field for multiple object selections that include both users and nonusers, such as
computers and groups.
An important thing to think about when it comes to accounts is the differ-
ence between disabling an account and deleting an account. When you
delete an account, the security ID (SID) gets deleted. Even if you later cre-
ate an account with the same username, it will have a different SID num-
ber, and therefore it will be a different account. It is sometimes better to
disable an account and place it into a nonactive OU called Disabled. This
way, if you ever need to reaccess the account, you can do so.
Another object management task is the process of deprovisioning. Deprovisioning is the
management of Active Directory objects in the container. When you remove an object from
an Active Directory container, the deprovisioning process removes the object and synchro-
nizes the container to stay current.
Search WWH ::




Custom Search