From powershell - adsiedit
more group memberships for a user makes longer time for user when loggin in.
_Template user account for easy copying in AD users and groups.
Offline domain join (clients)
Forest root is the first doamin in your forest.
The Global Catalog
--
What is it?
-Full copy of host domain objects
-Partial read-only of other domains in same forest
What benefit does it provide?
-Simpler searches across domains
-No need to contact source DCs
-User principle name authentication
-Validates forest objects
-Universal Group membership WFO
Single Domain - No burden
Multi-Domain - Consider added replication
To make a DC a GC server, go to AD sites and services.
under servers - DC name - NTDS settings - Properties
Four types of Trust
-External (one way forest trust, etc)
-Shortcut (within forest to avoid walking down the trees)
-Realm (between AD and kerberos realm)
-Forest
Federation (trust created for external domain user to access specific application)
SRV records - DNS "SRV" Entries - critical to proper function of AD
If deleted accidentally, in command prompt "nltest /dsregdns"
other useful commands - dcdiag /fix
http://cbt.gg/M6vHml
http://cbt.gg/MfofRw
--------------------
Active Directory Automating User accounts
MethodsLDIFDE - LDAP interchange format directory exchange
CSVDE -
DSADD (more common in future)
-DSMOD
-DSQUEM/DSGET
-DSMOVE
-DSRM
Powershell (more common in future)
AD Group types
Organizational Units
AD Object-contain users, groups, computers
-mostly for simplifying administration
-not for permission
-very powerful with GPO
Users + COmputers containers: Not OUs
Redirusr + Redircmp
Delegation
Configure OU permission to allow user/groupsome level of administration
Useful to narrow management
Prevents over permissions
Usefulness
-interns, smaller offices, limt admin scope
No comments:
Post a Comment