5. Moving, Renaming, and Deleting Active Directory Objects
One of the extremely useful features of the Active
Directory Users And Computers tool is its ability to easily move users
and resources.
Exercise 3
walks you through the process of moving Active Directory objects. In
this exercise, you will make several changes to the organization of
Active Directory objects. In order to complete this exercise, you must
have first completed Exercise 1.
Open the Active Directory Users And Computers tool, and expand the name of the domain. Select
the Sales OU (Under the New York OU), right-click Workstation1, and
select Move. A dialog box appears. Select the RD OU, and click OK to
move the Computer object to that container.
Click the RD OU, and verify that Workstation1 was moved. Close the Active Directory Users And Computers tool.
|
In addition to moving objects within Active
Directory, you can also easily rename them by right-clicking an object
and selecting Rename. Note that this option does not apply to all
objects. For example, in order to prevent security breaches, Computer
objects cannot be renamed.
You can remove objects from Active Directory by right-clicking them and choosing Delete.
|
Deleting an Active Directory object is an
irreversible action. When an object is destroyed, any security
permissions or other settings made for that object are removed as well.
Because each object within Active Directory contains its own security
identifier (SID), simply re-creating an object with the same name does
not place any permissions on it. Before you delete an Active Directory
object, be sure that you will never need it again.
|
|
|
Windows Server 2008 has a check box, "Protect
container from accidental deletion," for all OUs. If this check box is
checked, to delete or move an OU, you must go into the Active Directory
Users And Computers Advanced options. Once you are in Advanced options,
you can uncheck the box to move or delete the OU.
|
|
6. Resetting an Existing Computer Account
Every computer on the domain establishes a discrete
channel of communication with the domain controller at logon time. The
domain controller stores a randomly selected password (different from
the user password) for authentication across the channel. The password
is updated every 30 days.
Sometimes the computer's password and the domain
controller's password don't match, and communication between the two
machines fails. Without the ability to reset the computer account, you
wouldn't be able to connect the machine to the domain. Fortunately, you
can use the Active Directory Users And Computers tool to reestablish
the connection.
Exercise 4
shows you how to reset an existing computer account. You should have
completed the previous exercises in this chapter before you begin this
exercise.
Open the Active Directory Users And Computers tool and expand the name of the domain.
Click the RD OU, and then right-click the Workstation1 computer account.
Select Reset Account from the context menu. Click Yes to confirm your selection. Click OK at the success prompt.
When
you reset the account, you break the connection between the computer
and the domain, so after performing this exercise, reconnect the
computer if you want it to continue working on the network.
