IT tutorials
 
Applications Server
 

Configuring Windows Server 2008 Active Directory : Creating Objects in Active Directory (part 4) - Finding Objects by Using Dsquery

11/28/2012 11:20:43 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Understanding DNs, RDNs, and CNs

Distinguished names (DNs) are a kind of path to an object in Active Directory. Each object in Active Directory has a completely unique DN. The user James Fine has the DN CN=James Fine,OU=User Accounts,DC=contoso,DC=com.

You can see what is happening: the DN is a path, starting at the object and working up to the top level domain in the contoso.com DNS namespace. CN means common name. You learned about this property earlier: When you create a user, the Full Name box is used to create the CN of the user object. As you know, OU means organizational unit. And DC means domain component.

The portion of the DN prior to the first OU or container is called the relative distinguished name, or RDN. In the case of James Fine, the RDN of the object is CN=James Fine. Not every RDN is a CN. The DN of the User Accounts OU is OU=User Accounts,DC=contoso,DC=com. The RDN of the User Accounts OU is, therefore, OU=User Accounts.

Because the DN of an object must be unique within the directory service, the RDN of an object must be unique within its container. That’s why if you hire a second James Fine, and if both user objects need to be in the same OU, you will have to give that user a different CN. The same logic applies to files in a folder: you cannot have two files with identical names in a single folder.

You will encounter DNs regularly as you work with Active Directory, just as you encounter file paths regularly if you work with files and folders. It’s very important to be able to read them and interpret them.

Finding Objects by Using Dsquery

Windows provides command-line utilities that perform functionality similar to that of user interface tools, such as the Active Directory Users And Computers snap-in. Many of those commands begin with the letters DS, so they are often referred to as the DS commands. DSQuery can locate objects in Active Directory.

DSQuery, like other DS commands, is well documented. Type dsquery.exe /? to learn its syntax and usage.

You use most DS commands by specifying the object type you want the command to work against. For example, you would type dsquery user to look for a user, whereas DSQuery computer, DSQuery group, and DSQuery ou would query for their respective object types.

If you use the DSQuery objectType command by itself, it returns the distinguished names of all the objects of the type specified by objectType in the domain. To prevent a runaway query, DSQuery limits itself to 100 results. You can use the -limit switch to specify how many results you want returned. Use -limit 0 to return all objects.

Following the objectType specifier, you can use switches to indicate the criteria for the query. For example, each object can be located by its name, with the -name switch. Most objects can be queried based on the description (-desc). Security principals can be located based on their pre–Windows 2000 logon name (-samid). To learn which properties may be queried, use dsquery objecttype /?. For example, type dsquery user /?.

For example, if you want to locate the user named Tony Krijnen, you would enter this command: dsquery user -name “Tony Krijnen”. After the property switch, -name in this case, you can enter the criteri. Criteria are not case sensitive.

DSQuery can perform searches using wildcards, such as the asterisk (*), which represents zero or more characters. The following command retrieves all users whose names start with Jam:

dsquery user -name"Jam*"

The DSQuery command returns matching objects with their DNs by default, as you can see in Figure 10.

The Dsquery command

Figure 10. The Dsquery command

If DNs are not the results you would like to see, add the -o switch to the DSQuery command. You can add -o samid, for example, to return the results as pre–Windows 2000 logon names, or -o upn to return the list as user logon names, also called user principal names or UPNs.

Finally, you can limit the scope of the search performed by DSQuery by adding the DN of an OU or container after the objectType element of the command. For example, the following command searches for users whose names begin with Dan, but only in the Admins OU:

dsquery user"ou=Admins,dc=contoso,dc=com" -name "Dan*"

By default, the search includes all sub-OUs of the base. You can use the -base parameter to limit the search further—for example, to only the specified OU without its sub-OUs.

Practice Creating and Locating Objects in Active Directory

Practice Creating and Locating Objects in Active Directory

In this practice, you create and then locate objects in Active Directory. You create OUs, users, groups, and computers, and then you create a saved query and customize the view of that saved query. The objects you create in this practice will be used in other practices in this training kit.

EXERCISE 1 Create Organizational Units

The default Users and Computers containers are provided to facilitate the setup of and migration to an Active Directory domain. It is recommended that you create OUs that reflect your administrative model and that you use these OUs to create and manage objects in your directory service. In this exercise, you create OUs for the example domain, contoso.com. These OUs will be used in practices and exercises later in this training kit.

  1. Log on to SERVER01 as Administrator.

  2. Open the Active Directory Users And Computers snap-in.

  3. Expand the domain node, contoso.com.

  4. Right-click the domain node, point to New, and then click Organizational Unit.

  5. Type the name of the organizational unit: User Accounts.

  6. Confirm that the Protect Container From Accidental Deletion check box is selected.

  7. Click OK.

  8. Right-click the OU and choose Properties.

  9. In the Description box, type Non-administrative user identities.

  10. Click OK.

  11. Repeat steps 2–10 to create the following OUs.

OU NAME

OU DESCRIPTION

Clients

Client computers

Groups

Non-administrative groups

Admins

Administrative identities and groups

Servers

Servers

EXERCISE 2 Create Users

Now that you have created OUs in the contoso.com domain, you are ready to populate the directory service with objects. In this exercise, you create several users in two of the OUs you created in Exercise 1, “Create Organizational Units.” You use a procedure similar to the procedure listed in the Creating a User Object section. For each user, create a complex, secure password. Remember the passwords you assign—you will be logging on as these user accounts in other exercises and practices in this training kit.

  1. Log on to SERVER01 as Administrator and open the Active Directory Users And Computers snap-in.

  2. In the console tree, expand the domain node, contoso.com, and click the User Accounts OU.

  3. Right-click the User Accounts OU, point to New, and then click User.

    The New Object – User dialog box appears.

  4. In First Name, type the user’s first name: Dan.

  5. In Last Name, type the user’s last name: Holme.

  6. In User Logon Name, type the user’s logon name: dholme.

  7. In the User Logon Name (Pre–Windows 2000) text box, type the pre–Windows 2000 logon name: dholme.

  8. Click Next.

  9. Enter an initial password for the user in the Password and Confirm Password boxes.

    The default password policy for an Active Directory domain requires a password of seven or more characters. Additionally, the password must contain three of four character types: uppercase (A–Z), lowercase (a–z), numeric (0–9), and nonalphanumeric (for example, ! @ # $ %). The password cannot contain any of the user’s name or logon name attributes.

    Many training resources suggest using a generic password such as P@ssw0rd. You may use a generic password for the practices in this training kit; however, it is recommended that you create unique passwords, even in a practice, so that you are using best practices even in a lab environment.

  10. Select the User Must Change Password At Next Logon check box.

  11. Click Next.

  12. Review the summary and click Finish.

  13. Right-click the user object you created and choose Properties.

  14. Examine the attributes that can be configured in the Properties dialog box. Do not change any of the user’s properties at this time.

  15. Click OK.

  16. Repeat steps 3–12 and create the following users in the User Accounts OU.

    • James Fine

      • First name: James

      • Last name: Fine

      • Full name: James Fine

      • User logon name: jfine

      • Pre–Windows 2000 logon name: jfine

    • Barbara Mayer

      • First name: Barbara

      • Last name: Mayer

      • Full name: Barbara Mayer

      • User logon name: bmayer

      • Pre–Windows 2000 logon name: bmayer

    • Barbara Moreland

      • First name: Barbara

      • Last name: Moreland

      • Full name: Barbara Moreland

      • User logon name: bmoreland

      • Pre–Windows 2000 logon name: bmoreland

    Remember the password you assign to these users; you will be logging on as these user accounts in other exercises and practices in this training kit.

  17. Repeat steps 3–12 and create a user account for yourself in the User Accounts OU. For the user logon name, use your first initial and last name—for example, dholme for Dan Holme. Create a complex, secure password.

  18. Repeat steps 3–12 and create an administrative account for yourself in the Admins OU. This account will be given administrative privileges in Exercise 5 of this lesson. Create the user object in the Admins OU rather than in the User Accounts OU. For the user logon name, use your first initial and last name, followed by _admin—for instance, dholme_admin for Dan Holme’s administrative account. Create a complex, secure password.

EXERCISE 3 Create Computers

Computer accounts should be created before joining machines to the domain. In this exercise, you create several computers in two of the OUs you created in Exercise 1. These computer objects will be used in practices and exercises later in this training kit.

  1. Log on to SERVER01 as Administrator and open the Active Directory Users And Computers snap-in.

  2. In the console tree, expand the domain node, contoso.com, and then click the Servers OU.

  3. Right-click the Servers OU, point to New, and then click Computer.

    The New Object – Computer dialog box appears.

  4. In the Computer Name box, type the computer’s name: FILESERVER01.

    Your entry automatically populates the Computer Name (Pre–Windows 2000) box.

  5. Do not change the name in the Computer Name (Pre–Windows 2000) box.

  6. Take note of the account specified in the User Or Group Field text box. Do not change the value at this time.

  7. Do not select the check box labeled Assign This Computer Account As A Pre-Windows 2000 Computer.

  8. Click OK.

  9. Right-click the computer and choose Properties.

  10. Examine the properties that are available for a computer. Do not change any attributes at this time.

  11. Click OK.

  12. Repeat steps 3–8 to create computer objects for the following computers:

    • SHAREPOINT02

    • EXCHANGE03

  13. Repeat steps 3–8 and create the following computers in the Clients OU rather than in the Servers OU.

    • DESKTOP101

    • DESKTOP102

    • LAPTOP103

EXERCISE 4 Create Groups

It is a best practice to manage objects in groups rather than to manage each object individually. In this exercise, you create several groups in two of the OUs you created in Exercise 1. These groups will be used in practices and exercises later in this training kit.

  1. Log on to SERVER01 as Administrator and open the Active Directory Users And Computers snap-in.

  2. In the console tree, expand the domain node, contoso.com, and then click the Groups OU.

  3. Right-click the Groups OU, point to New, and then click Group.

    The New Object – Group dialog box appears.

  4. Type the name of the new group in the Group Name text box: Finance.

  5. Do not change the name in the Group Name (Pre–Windows 2000) box.

  6. Select the Group Type: Security.

  7. Select the Group Scope: Global.

  8. Click OK.

    Group objects have several properties that are useful to configure. These can be specified after the object has been created.

  9. Right-click the group and choose Properties.

  10. Examine the properties available for the group. Do not change any attributes at this time.

  11. Click OK.

  12. Repeat steps 3–8 to create the following global security groups in the Groups OU:

    • Finance Managers

    • Sales

    • APP_Office 2010

  13. Repeat steps 3–8 to create the following global security groups in the Admins OU rather than in the Groups OU.

    • Help Desk

    • Windows Administrators

EXERCISE 5 Add Users and Computers to Groups

Now that you have created groups, you can add objects as members of the groups. In this exercise, you add users and computers to groups. Along the way, you gain experience with the Select dialog box that is used in some procedures to locate objects in Active Directory.

  1. Log on to SERVER01 as Administrator and open the Active Directory Users And Computers snap-in.

  2. Open the properties of your administrative account in the Admins OU.

  3. On the Member Of tab, click Add.

  4. In the Select Groups dialog box, type the name Domain Admins.

  5. Click OK, and then click OK again to close the account properties dialog box.

  6. Open the properties of the Help Desk group in the Admins OU.

  7. On the Members tab, click Add.

  8. In the Select dialog box, type Barb.

  9. Click Check Names.

    The Multiple Names Found box appears.

  10. Select Barbara Mayer and click OK.

  11. Click OK to close the Select dialog box.

  12. Click OK again to close the group properties.

  13. Open the properties of the APP_Office 2010 group in the Groups OU.

  14. On the Members tab, click Add.

  15. In the Select dialog box, type DESKTOP101.

  16. Click Check Names.

    A Name Not Found dialog box appears, indicating that the object you specified could not be resolved.

  17. Click Cancel to close the Name Not Found box.

  18. In the Select box, click Object Types.

  19. Select Computers as an object type and click OK.

  20. Click Check Names. The name resolves now that the Select box is including computers in its resolution.

  21. Click OK.

EXERCISE 6 Find Objects in Active Directory

When you need to find an object in your domain’s directory service, it is sometimes more efficient to use search functionality than to click through your OU structure to browse for the object. In this exercise, you use three interfaces for locating objects in Active Directory.

  1. Log on to SERVER01 and open the Active Directory Users And Computers snap-in.

    Open the Active Directory Users And Computers console, or a custom console with the snap-in. Do not use Server Manager, because the Active Directory Users And Computers snap-in in Server Manager does not support Saved Queries.

  2. Click the Find Objects In Active Directory Domain Services toolbar button.

  3. Make sure the In drop-down list is set to contoso.com (the domain name).

  4. In the Name box, type Barb.

  5. Click Find Now.

  6. The two users named Barbara appear in the Search results.

  7. Close the Find box.

  8. In the Active Directory Users And Computers snap-in, right-click the Saved Queries node, point to New, and then then click Query.

  9. In the Name box, type All Users.

  10. In the Description box, type Users for the entire domain.

  11. Click Define Query.

  12. On the Users tab, in the Name box, choose Has A Value.

  13. Click OK twice to close the dialog boxes.

    The results of the saved query appear. Note that it shows the users from both the User Accounts OU and the Admins OU, as well as built-in accounts from the Users container.

  14. On the View menu, click Add/Remove Columns.

  15. In the Available columns list, select Last Name and click Add.

  16. In the Displayed columns list, select Type and click Remove.

  17. Click OK.

  18. Drag the Last Name column heading so that it is between Name and Description.

  19. Click the Last Name column heading so that users are sorted alphabetically by last name.

 
Others
 
- Configuring Windows Server 2008 Active Directory : Creating Objects in Active Directory (part 3) - Finding Objects in Active Directory
- Configuring Windows Server 2008 Active Directory : Creating Objects in Active Directory (part 2) - Creating a Group Object, Creating a Computer Object
- Configuring Windows Server 2008 Active Directory : Creating Objects in Active Directory (part 1) - Creating an Organizational Unit, Creating a User Object
- Exchange Server 2010 : Standards and Protocols - Active Directory: The Foundation of Exchange 2010
- Exchange Server 2010 : Standards and Protocols - Components of an Email System, Defining the Standards
- Installing Exchange Server 2010 in an Exchange Server 2003 environment (part 2)
- Installing Exchange Server 2010 in an Exchange Server 2003 environment (part 1)
- Microsoft Dynamics CRM 2011 : Recording a Campaign Response
- Microsoft Dynamics CRM 2011 : Distributing a Campaign Activity
- Microsoft Dynamics CRM 2011 : Associating a Marketing List to a Campaign Activity
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us