Information Technology Reference
In-Depth Information
Folder Objects
When Active Directory is installed, four folder objects are created:
•
Builtin
—Houses default groups created by Windows and is mainly used to assign permis-
sions to users who have administrative responsibilities in the domain
•
Computers
—The default location for computer accounts created when a new computer or
server becomes a domain member
•
ForeignSecurityPrincipals
—Initially empty but later contains user accounts from other
domains added as members of the local domain's groups
•
Users
—Stores two default users (Administrator and Guest) and several default groups
3
These folder objects are represented in Active Directory Users and Computers with a folder
icon, but unlike an OU, a folder object's icon doesn't include the topic icon. You can't create
new folder objects, nor can you apply group policies to folder objects. You can delegate admin-
istrative control on all but the Builtin folder. All objects in a folder are subject to group poli-
cies defined at the domain level. You can move objects from the default folders (except the
Builtin folder) into OUs you have created. For example, because all computer accounts are cre-
ated in the Computers folder by default, they are subject to the same policies defined at the
domain level. If you want to apply different policies to different computers in your domain, you
create one or more OUs, move the computer accounts to the new OUs, and apply group poli-
cies to these OUs.
Domain Objects
The domain is the core logical structure container in Active Directory.
Domains contain OU and folder container objects but can also contain leaf objects, such as
users, groups, and so forth. A domain typically reflects the organization of the company in which
Active Directory is being used, but in large or geographically dispersed organizations, you can
create multiple domains, each representing a business unit or location. The main reasons for
using multiple domains are to allow separate administration, define security boundaries, and
define policy boundaries. Each domain object has a default GPO linked to it that can affect all
objects in the domain. The domain object in Active Directory Users and Computers is repre-
sented by an icon with three tower computers (refer back to Figure 3-7).
Activity 3-2: Exploring Active Directory Container Objects
Time Required:
10 minutes
Objective:
Explore Active Directory container objects.
Description:
After installing Active Directory, you want to view its structure by exploring the
default container objects in Active Directory Users and Computers.
1. Log on to the server where you just installed Active Directory as Administrator.
2. Open Active Directory Users and Computers by clicking
Start
, pointing to
Administrative
Tools
, and clicking
Active Directory Users and Computers
.
3. Click the domain object in the left pane (w2k8ad99.com in Figure 3-5).
4. If necessary, click
View
,
Detail
from the menu so that objects are displayed in the right pane
with their name, type, and description.
5. Right-click the domain object and click
Properties
. Click the
General
tab, if necessary, and
verify that both the domain functional level and forest functional level are Windows Server
2008.
6. Enter a description for your domain, such as Windows Server 2008 Domain XX, and then
click
OK
.
7. Click to expand the domain node, if necessary. Click the
Builtin
folder in the left pane to
view its contents in the right pane: a list of group accounts created when Active Directory
was installed.
8. Click the
Computers
folder in the left pane. This folder should be empty.
Search WWH ::
Custom Search