IT tutorials
 
Applications Server
 

Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 3) - Understanding Groups, Filtering and Advanced Active Directory Features

12/7/2014 8:23:07 PM
- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

3. Understanding Groups

Now that you know how to create user accounts, it's time to learn how to create group accounts. As instructors, we are always amazed when students (who work in the IT field) have no idea why they should use groups. This is something every organization should be using.

To illustrate their usefulness, let's say we have a Sales department user by the name of wpanek. Our organization has 100 resources shared on the network for users to access. Because wpanek is part of the Sales department, he has access to 50 of the resources. The other 50 are used by the Marketing department. If the organization is not using groups, and wpanek moves from Sales to Marketing, how many changes do we have to make? The answer is 100. We have to move him out of the 50 resources he currently can use and place his account in the 50 new resources that he now needs.

Now, let's say that we use groups. The Sales group has access to 50 resources and the Marketing group has access to the other 50. If wpanek moves from Sales to Marketing, we only need to make two changes. We just have to take wpanek out of the Sales group and place him in the Marketing group; after this is done wpanek can access everything he needs to do his job.

3.1. Group Properties

Now that you understand why you should use groups, let's go over setting up groups and their properties. When you are creating groups, it helps to understand some of the options that you need to use.


Group Type

You can choose from two group types—Security groups and Distribution groups.

  • Security groups can have rights and permissions placed on them. For example, if you wanted to give a certain group of users access to a particular printer, but you wanted to control what the were allowed to do with this printer, you'd create a Security group and then apply certain rights and permissions to this group.

  • Security groups can also receive emails. If someone sent an email to the group, all users within that group would receive it.

  • Distribution groups are used for email only. You cannot place permissions and rights for objects on this group type.


Group Scope

When it comes to group scopes, your choices depend on what domain function level  you are working with. If you are in Native mode (Windows 2000 Native, 2003, or 2008) you will have three choices:


Domain local groups

Domain local groups are groups that remain in the domain in which they were created. You use these groups to grant permissions within a single domain. For example, if you create a domain local group named HPLaser, you cannot use that group in any other domain and it has to reside in the domain in which you created it.

You can create domain local groups in domain Mixed or Native modes.


Global group

Global groups can contain other groups and accounts from the domain in which the group is created. In addition, you can give them permissions in any domain in the forest.

Global groups can be created in domain Mixed or Native modes.


Universal groups

Universal groups can include other groups and accounts from any domain in the domain tree or forest. You can give universal groups permissions in any domain in the domain tree or forest.

You can create universal groups only if you are in a domain Native mode.

3.2. Creating Group Strategies

When you are creating a group strategy, think of this acronym that Microsoft likes to use during the exam: AGDLP (or AGLP). This acronym stands for a series of actions you should perform. It always applies in Mixed mode and you can also apply it in Native mode. Here is how it expands:

A = Accounts (Create your user accounts.)

G = Global groups (Put user accounts into global groups.)

DL = Domain local groups (Put global groups into domain local groups.)

P = Permissions (Assign permissions like Deny or Apply on the domain local group.)

Another acronym that stands for a strategy you can use is AUDLP (or AULP). This is always used in native mode. Here is how it expands:

A = Accounts (Create your user accounts.)

U = Universal groups (Put the user accounts into universal groups.)

DL = Domain local groups (Put universal groups into domain local groups.)

P = Permissions (Place permissions on the local group.)

3.3. Creating a Group

To create a new group, open the Active Directory Users And Computers snap-in. Click the OU where the group is going to reside. Right-click and choose New and then Group. After you create the group, just click the Members tab and choose Add. Add the users that you want to reside in that group, and that's all there is to it.

4. Filtering and Advanced Active Directory Features

The Active Directory Users And Computers tool has a couple of other features that come in quite handy when you are managing many objects. You can access the Filter Options dialog box by clicking the View menu in the MMC and choosing Filter Options. You'll see a dialog box similar to the one shown in Figure 1. Here, you can choose to filter objects by their specific types within the display. For example, if you are an administrator who works primarily with user accounts and groups, you can select those specific items by placing check marks in the list. In addition, you can create more complex filters by choosing Create Custom. Doing so provides you with an interface that looks similar to that of the Find command.

Another option in the Active Directory Users And Computers tool is to view Advanced options. You can enable the Advanced options by choosing Advanced Features in the View menu. This adds two top-level folders to the list under the name of the domain.

The System folder (shown in Figure 2) provides additional features that you can configure to work with Active Directory. You can configure settings for the Distributed File System (DFS), IP Security (IPSec) policies, the File Replication Service (FRS), and more. In addition to the System folder, you'll see the LostAndFound folder. This folder contains any files that may not have been replicated properly between domain controllers. You should check this folder periodically for any files so that you can decide whether you need to move them or copy them to other locations

Figure 1. The Filter Options dialog box

Figure 2. Advanced Features in the System folder of the Active Directory Users And Computers tool

As you can see, managing Active Directory objects is generally a simple task. The Active Directory Users And Computers tool allows you to configure several objects. Let's move on to look at one more common administration function—moving objects.

 
Others
 
- Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 2) - Managing Object Properties
- Administering Active Directory 2008 : Creating and Managing Active Directory Objects (part 1) - Overview of Active Directory Objects
- Sharepoint 2010 : Windows PowerShell Remoting (part 2) - Entering a Remote Session, Running SharePoint 2010 Cmdlets Remotely
- Sharepoint 2010 : Windows PowerShell Remoting (part 1)
- Sharepoint 2010 : Windows PowerShell Scripts (part 3) - Writing Comment-Based Help Topics in Scripts,Using Functions in Scripts , Customizing Windows PowerShell with Profile Scripts
- Sharepoint 2010 : Windows PowerShell Scripts (part 2) - Executing Scripts, Using Parameters in Scripts
- Sharepoint 2010 : Windows PowerShell Scripts (part 1) - Setting the Execution Policy
- Sharepoint 2010 : Windows PowerShell Functions
- Sharepoint 2013 : Security and Policy - SharePoint Users
- Sharepoint 2013 : Security and Policy - Permissions and Permission Levels (part 2) - Creating Custom Permission Levels
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS