Thông tin tài liệu
Contents
Overview 1
Introduction to Administering
Active Directory 2
Managing Active Directory Objects 3
Publishing Resources in Active Directory 7
Locating Objects in Active Directory 11
Lab A: Managing, Publishing, and
Locating Objects in Active Directory 18
Controlling Access to Objects 29
Delegating Administrative Control 34
Lab B: Delegating Administrative
Control in Active Directory 39
Best Practices 47
Review 48
Module 3: Adminis
tering
Active Directory
Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
??1999 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, PowerPoint, and Windows are either registered trademarks or
trademarks of Microsoft Corporation in the U.S.A. and/or other countries.
The names of companies, products, people, characters, and/or data mentioned herein are fictitious
and are in no way intended to represent any real individual, company, product, or event, unless
otherwise noted.
Other product and company names mentioned herein may be the trademarks of their respective
owners.
Project Lead and Instructional Designer: Mark Johnson
Instructional Designers : Aneetinder Chowdhry (NIIT Inc.), Kathryn Yusi
(Independent Contractor)
Lead Program Manager: Ryan Calafato
Program Manager: Joern Wettern (Wettern Network Solutions)
Graphic Artist: Julie Stone (Independent Contractor)
Editing Manager: Tina Tsiakalis
Substantive Editor: Kelly Baker (Write Stuff)
Copy Editor: Wendy Cleary (S&T OnSite)
Online Program Manager: Nikki McCormick
Online Support: Arlo Emerson (MacTemps)
Compact Disc Testing: Data Dimensions, Inc.
Production Support: Arlene Rubin (S&T OnSite)
Manufacturing Manager: Bo Galford
Manufacturing Support: Mimi Dukes (S&T OnSite)
Lead Product Manager, Development Services: Elaine Nuerenberg
Lead Product Manager: Sandy Alto
Group Product Manager: Robert St ewart
Module 3: Administering Active Directory iii
Introduction
This module provides students with the knowledge and skills to administer
Active Directory
™
directory service by managing Active Directory objects and
by delegating administrative control of Active Directory objects.
In the hands-on labs in this module, students will have a chance to manage,
publish, and locate Active Directory objects and to assign Active Directory
permissions. In the first lab, students will create an organizational unit (OU)
structure based on a scenario and move Active Directory objects within a
domain. Next, students will publish shared folders and printers in Active
Directory. Then students will search for objects in Active Directory by using
several methods, and use the search results to access objects. In the second lab,
students will review Active Directory permissions and delegate administrative
control by using the Delegation of Control wizard.
Materials and Preparation
This section provides you with the materials and preparation needed to teach
this module.
Materials
To teach this module, you need the following materials:
?? Microsoft® PowerPoint® file 1558a_03.ppt
Preparation
To prepare for this module, you should:
?? Read all the materials for this module.
?? Complete the labs.
?? Study the review questions and prepare alternative answers to discuss.
?? Anticipate questions that students may ask. Write out the questions and
provide the answers.
?? Read appendices A and B.
?? Read the white paper, Active Directory Technical Summary on the Student
Materials compact disc.
?? Read the white paper, Microsoft Windows Active Directory: An Introduction
to the Next Generation Directory Services on the Student Materials
compact disc.
?? Read the white paper, Microsoft® Active Directory Service Interfaces: ADSI
Open Interfaces for Managing and Using Directory Services on the Student
Materials compact disc.
?? Read the technical walkthrough, Managing the Active Directory on the
Student Materials compact disc.
?? Read the technical walkthrough, Using the Delegation of Control Wizard on
the Student Materials compact disc.
Presentation:
75 Minutes
Labs:
75 Minutes
iv Module 3: Administering Active Directory
Instructor Setup for the Labs
Perform the following setup on your instructor computers for the labs.
Lab A: Managing, Publishing, and Locating Objects in
Active Directory
??To prepare for the lab
Ensure that the instructor domain contains a user account named Suzan Fine.
This user account should have been created during classroom setup.
Lab B: Delegating Administrative Control in Active
Directory
No setup required for the instructor computer.
Module 3: Administering Active Directory v
Module Strategy
Use the following strategy to present this module:
?? Introduction to Administering Active Directory
In this topic, you will introduce the concept of centralized management and
decentralized administration in Active Directory. Emphasize that centralized
management allows you to access network resources from a single location,
and decentralized administration allows you to delegate administrative
control of portions of your network. Do not spend too much time explaining
these concepts because they were covered earlier in the course.
?? Managing Active Directory Objects
In this topic, you will introduce organizing Active Directory objects by
using OUs. Explain the planning factors involved in creating an OU and
why each of the given planning factors is important. Demonstrate how to
create an OU by using Active Directory Users and Computers. Illustrate
how to move objects within a domain. Point out to students how
permissions are affected when you move objects.
?? Publishing Resources in Active Directory
In this topic, you will introduce publishing resources. Emphasize that
resources should be published in Active Directory if the information is
important to the users. Explain how to publish shared folders. Demonstrate
how to publish a shared folder in Active Directory and how to add a
description and keywords to the published shared folder. Show students
some examples of meaningful descriptive words and keywords. Illustrate
how to publish printers. Emphasize that Microsoft® Windows® 2000
automatically publishes a printer in Active Directory. You need to manually
publish a printer in Active Directory only if the printer is on a computer that
is not running Windows 2000.
?? Locating Objects in Active Directory
In this topic, you will introduce how the global catalog locates objects in
Active Directory. Provide examples when telling students about the
attributes for objects contained in the global catalog. Illustrate how to
perform a basic search operation by using the Find command in Active
Directory Users and Computers. Emphasize that you can administer objects
from the Results box once they have been located. Demonstrate how to
perform an advanced search operation by using the Find command in
Active Directory Users and Computers. Explain to students that different
objects have different attributes available to search for in an advanced
search operation. Demonstrate how to search Active Directory to locate
objects by using Windows Explorer. Emphasize that this technique of
locating objects is for users and that you can search for only specific types
of objects by using Search and My Network Places.
?? Lab A: Managing, Publishing, and Locating Objects in Active Directory
Prepare students for the lab in which they will create an OU structure based
on a scenario, move Active Directory objects within a domain, publish
shared folders and printers in Active Directory, search for objects in Active
Directory, and connect to objects in Active Directory search results. Make
sure that students run the command file for the lab and tell them that they
will work with their partners’ computers. After students have completed the
lab, ask them if they have any questions concerning the lab.
vi Module 3: Administering Active Directory
?? Controlling Access to Objects
In this topic, you will introduce the purpose of Active Directory
permissions. Tell students that only an administrator or the owner of an
object can assign permissions for the object. Demonstrate how to set
permissions for objects and attributes of objects. Demonstrate how to view
special permissions by using the Access Control Settings dialog box.
Explain how to prevent inheritance of permissions. Emphasize that when
you prevent inheritance, Windows 2000 prompts you to either assign new
permissions to the object or copy the previously inherited permissions.
?? Delegating Administrative Control
In this topic, you will introduce the purpose of delegating administrative
control of objects. Explain that you can decentralize administration by
delegating specific tasks to other administrators. Delegation of
administrative control at the OU level enables you to easily track
permissions. Demonstrate how to assign permissions at the OU level by
using the Delegation of Control wizard. Explain all of the options that are
available under Predefined tasks and Custom task. Emphasize that you
normally select delegation tasks from a predefined list, but that you can
customize delegation tasks. Explain guidelines for delegating administrative
control of objects.
?? Lab B: Delegating Administrative Control in Active Directory
Prepare students for the lab in which they will review Active Directory
permissions and delegate administrative control by using the Delegation of
Control wizard. Make sure that students run the command file for the lab.
After students have completed the lab, ask them if they have any questions
concerning the lab.
?? Best Practices
Present best practices for administering Active Directory. Emphasize the
reason for each best practice.
Module 3: Administering Active Directory vii
Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
The labs in this module are also dependent on the classroom
configuration that is specified in the Customization Information section at the
end of the Classroom Setup Guide for course 1558A, Advanced Administration
for Windows 2000.
Lab Setup
The following list describes the setup requirements for the labs in this module.
Setup Requirement 1
The labs in this module require that the Log on locally right on domain
controllers be assigned to the Everyone group. To prepare student computers to
meet this requirement, perform one of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Assign the right manually.
Setup Requirement 2
The labs in this module require a South OU and a North OU. To prepare student
computers to meet this requirement, perform one of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Create the OUs manually.
Setup Requirement 3
The labs in this module require the
C:\MOC\Win1558A\Labfiles\Lab03\Documents folder, shared as Documents,
and the C:\MOC\Win1558A\Labfiles\Lab03\Documents2 folder, shared as
Documents2. To prepare student computers to meet this requirement, perform
one of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Create the folders manually and share them.
Setup Requirement 4
The labs in this module require a Package Handling OU and a Human
Resources OU with several computer and user objects in it. To prepare student
computers to meet this requirement, perform one of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Create the OUs manually.
Important
viii Module 3: Administering Active Directory
Setup Requirement 5
The labs in this module require a printer called Laser Printer on each student
computer. To prepare student computers to meet this requirement, perform one
of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Create the printer manually.
Setup Requirement 6
The labs in this module require shortcuts to Active Directory Users and
Computers, Active Directory Sites and Services, and Active Directory Domains
and Trusts on the desktop for All Users. To prepare student computers to meet
this requirement, perform one of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Create the shortcuts manually and place them in
C:\Winnt\Profiles\All Users\Desktop.
Setup Requirement 7
The labs in this module require a regular user account for the student. To
prepare student computers to meet this requirement, create the user
account manually.
Setup Requirement 8
The labs in this module require the following user accounts in the default Users
container in Active Directory: User 1, User 2, User 3, User 4, User 5, and
User 6. To prepare student computers to meet this requirement, perform one of
the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Create the user accounts manually.
Setup Requirement 9
The labs in this module require the following computers in the default
Computers container in Active Directory: Computer 1, Computer 2,
Computer 3, Computer 4, Computer 5, and Computer 6. To prepare student
computers to meet this requirement, perform one of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0301.cmd.
?? Create the computers manually.
Setup Requirement 10
The labs in this module require a Security1 OU and the Assistant1 and
Secretary1 user accounts in this OU. The labs also require a Security2 OU and
the Assistant2 and Secretary2 user accounts in this OU. To prepare student
computers to meet this requirement, perform one of the following actions:
?? Run C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab0302.cmd.
?? Create the OUs and user accounts manually.
Module 3: Administering Active Directory ix
Lab Results
Performing the labs in this module introduces the following configuration
changes:
?? Students move user accounts and computers to the North and South OUs.
?? Students move the Laser Printer printers to the North and South OUs.
?? Students change the Location attribute of the Laser Printer printer.
?? Students change the Active Directory permissions for the Security1 and
Security2 OUs.
You can run
C:\MOC\Win1558A\Labfiles\Lab03\Setup\Lab03Rm.cmd to remove most
configuration changes introduced during the course of the labs in the module.
Remove the Log on locally right from the Everyone group manually. Remove
the Laser Printer printer manually.
Important
[...]... in Active Directory ?? Control access to Active Directory objects ?? Delegate administrative control of Active Directory objects ?? Apply best practices for administering Active Directory 2 Module 3: Administering Active Directory Introduction to Administering Active Directory Active Directory Allows Administrators to: Slide Objective To identify the tasks involved in administering objects in Active. .. other OUs 4 Module 3: Administering Active Directory Organizing Active Directory Objects Slide Objective To explain how to organize Active Directory objects by using OUs Lead-in ? Use OUs to Define Administrative Boundaries ? Set Up an OU Hierarchy to Group Active Directory Objects for Simplified Administration Use an OU Hierarchy to Create an Administrative Model ? Active Directory Active Directory. . .Module 3: Administering Active Directory 1 Overview Slide Objective To provide an overview of the module topics and objectives ? ? Publishing Resources in Active Directory ? Locating Objects in Active Directory ? Controlling Access to Objects ? Delegating Administrative Control ? In this module, you will learn to administer Active Directory by managing and delegating administrative control of Active. .. that Active Directory Users and Computers displays 18 Module 3: Administering Active Directory Lab A: Managing, Publishing, and Locating Objects in Active Directory Slide Objective To introduce the lab Lead-in In this lab, you will create an OU structure based on a scenario, move Active Directory objects within a domain, publish shared folders and printers in Active Directory, search for objects in Active. .. from Active Directory and then used the UNC path to connect to the shared folder Because you changed the UNC path in Active Directory, Windows Explorer can connect to the new shared folder 8 Close all Windows Explorer windows Do not close Active Directory Users and Computers Module 3: Administering Active Directory 25 Exercise 4 Publishing Printers in Active Directory Scenario You are responsible for administering. .. add more than one keyword for a shared folder 10 Module 3: Administering Active Directory Publishing Printers Slide Objective Server1 To describe how to publish printers Active Directory Printer Publish to Active to Active Directory Directory Lead-in By default, computers running Windows 2000 that belong to a domain publish all shared printers in Active Directory You publish printers that are on a computer... automatically published in Active Directory However, you can publish these shared printers in Active Directory by performing the following steps: 1 In Active Directory Users and Computers, right-click the OU where you want to publish the printer 2 Point to New, and then click Printer 3 Type the UNC name of the printer that you want to publish in Active Directory Module 3: Administering Active Directory 11 ? Locating... Microsoft Windows 2000, Student Materials compact disc Module 3: Administering Active Directory 3 ? Managing Active Directory Objects Slide Objective To introduce the topics related to managing Active Directory objects Lead-in Active Directory provides administrators with a way to centrally organize and manage network resources ? Organizing Active Directory Objects ? Creating Organizational Units ? Moving... Microsoft Windows 2000, Student Materials compact disc Module 3: Administering Active Directory 7 ? Publishing Resources in Active Directory Slide Objective To introduce the topics related to publishing objects in Active Directory Lead-in To enable you to locate resources centrally, you publish resources in Active Directory by adding Active Directory objects that point to the location of the resource... objects in Active Directory ?? Connect to objects in Active Directory search results Prerequisites Before working on this lab, you must have: ?? Knowledge about how to move objects in Active Directory ?? Experience connecting to shared folders and shared printers ?? Knowledge of Active Directory objects and object attributes ?? Experience creating and editing Ac tive Directory objects Module 3: Administering .
Introduction to Administering
Active Directory 2
Managing Active Directory Objects 3
Publishing Resources in Active Directory 7
Locating Objects in Active Directory. Active Directory 1
Overview
? Introduction to Administering Active Directory
? Managing Active Directory Objects
? Publishing Resources in Active Directory
?
Ngày đăng: 24/01/2014, 10:20
Xem thêm: Tài liệu Module 3: Administering Active Directory pptx, Tài liệu Module 3: Administering Active Directory pptx