Maintain Active Directory Accounts


The most important task that network administrators need to perform is the management of Active Directory users, computers, and groups. A properly configured system ensures that only properly authenticated users and computers can logon to the network and access the resource. Windows Server 2008 provides many tools such as Server Manager and Active Directory Users and Computers to manage AD accounts.

The Active Directory Users and Computers snap-in allows you to create, modify, and delete AD objects which are nested inside Organizational Units. The Active Directory should be designed considering the security in mind. You may have separate OUs for each department that has different policies or different department with same kind of policies can be a part of just one OU.

AD objects in Server 2008 have meaningful names and include a Description column that tells you what each default object does. Each object is made up of a group of properties, which describe the object and what it can do. The properties windows of the object can be viewed by right-clicking the object and selecting Properties from the menu that appears. The most important objects of AD are Computers, Users and Groups.

The Computer object allows you to find out the computers on the network and the rights that each computer has on the network. It contains domain controllers, member servers, and workstations. However, the domain controllers are found in the Domain Controllers container. Member servers and workstations appear in the Computers container. Properties window of a computer object allows you to manage the computer object. The User object describes about the users of your organization. The properties window of each user allows you to configure the properties of the user.

There are different types of group objects in the Active Directory. For example, the security distribution group, which allows you to manage access rights for multiple users all at once. The other kind of group is the distribution group that is used solely for email distribution. Most of the maintenance tasks are performed with Active Directory Users and Computers. Some of the common tasks that you can perform with Active Directory Users and Computers include: