Information Technology Reference
In-Depth Information
or her account as a group member, and the user loses all rights and permissions assigned to that
group. Groups are explained in more detail in Chapter 5.
Computer Accounts
A computer account object represents a computer that's a domain
controller or domain member and is used to identify, authenticate, and manage computers in the
domain. Computer accounts are created automatically when Active Directory is installed on a
server or when a server or workstation becomes a domain member. Administrators can also
create computer accounts manually if automatic account creation is undesirable. By default,
domain controller computer accounts are placed in the Domain Controllers OU, and domain
member computer accounts are placed in the Computers folder.
The computer account object's name must match the name of the computer that the
account represents. Like user accounts, computer accounts have a logon name and password,
but a computer account password is managed by Active Directory instead of an administra-
tor. A computer must have a computer account in Active Directory for users to log on to that
computer with their domain user accounts. You learn about managing computer accounts in
Chapter 5.
Other Leaf Objects
3
The following list describes other leaf objects that are commonly cre-
ated in Active Directory:
•
Contact
—A person who is associated with the company but is not a network user. You
can think of a contact object as simply being an entry in an address book, used purely for
informational purposes.
•
Printer
—Represents a shared printer in the domain. Printers shared on Windows 2000 or
later computers that are domain members can be added to Active Directory automatically.
If a printer is shared on a non-domain member or a pre-Windows 2000 computer, you
must create the printer object manually and specify the path to the shared printer.
•
Shared folder
—Represents a shared folder on a computer in the network. Shared folder
objects can be added to Active Directory manually or by using the publish option when
creating a shared folder with the Shared Folders MMC snap-in.
Both printer and shared folder objects enable users to access shared printers and folders
on any computer in the domain without knowing exactly which computer the resource was
created on. Users can simply do a search in Active Directory to find the type of resource they
want. In a large network, shared printers and folders could be located on any one of dozens
or hundreds of servers. Publishing these resources in Active Directory makes access to them
easier.
There are other leaf objects, but the previous sections cover the most
common objects you find in Active Directory.
Activity 3-3: Viewing Default Leaf Objects
Time Required:
15 minutes
Objective:
View the properties of a variety of leaf objects.
Description:
You want to learn more about Active Directory objects, so you view the properties
of several default leaf objects.
1. If necessary, log on to your server as Administrator, and open Active Directory Users and
Computers.
2. Click to expand the domain node so that folders and OUs are displayed under it, and then
click the
Builtin
folder.
3. In the right pane, right-click the
Administrators
group and click
Properties
(or double-click
the
Administrators
group).
Search WWH ::
Custom Search