2.2 - Active Directory

Overview of Active Directory

  • Active Directory (AD): A centralized database maintained by Microsoft for managing domain resources such as user accounts, computers, printers, and file shares.

    • Centralized Database: Facilitates storage of user account information including usernames, passwords, and other essential details.

    • Authentication Source: Used to verify login credentials across the network.

Role of Administrators in Active Directory

  • Administrator Responsibilities:

    • Configure access permissions for file shares and corporate printers.

    • Manage user access through the AD database.

    • Reset passwords and provide account support on help desk.

Main Components of Active Directory

  • Windows Domain: A defined grouping of users, computers, printers, etc.

    • Example: Microsoft domain, Professor Messer domain.

  • Domain Controllers: Servers that maintain the Active Directory database and contain all information related to the domain.

    • Implement a distributed database to ensure changes are replicated across all domain controllers.

Active Directory Management Tools

  • Active Directory Domain Services (ADDS): The server role that houses Active Directory functionalities including user management and policy application.

  • Server Manager: Default console displaying running services on an Active Directory server.

    • Running services include DNS, IIS, and ADDS.

Adding Computers to the Domain

  • Process to Join Domain: A system must be explicitly added to the domain with administrative rights.

    • Access through System Properties or command line automation using PowerShell.

    • Detailed steps:

    • Enter computer settings and select the option for domain or workgroup.

    • Specify the domain name (e.g., SGC.local).

    • Enter administrator credentials when prompted.

    • Restart the computer to apply changes.

Organizational Units (OUs)

  • Definition: Logical divisions within the Active Directory database to organize users, computers, and resources.

    • Utilized for policy assignment and resource management.

    • Examples of OUs can be organized by location (e.g., building, department) such as Marketing, Accounting, Shipping, etc.

  • Importance in Policy Application: Policies are generally assigned to OUs, enabling differentiated access based on department needs.

Active Directory Users and Computers Utility

  • Utilization: Allows administrators to manage the entire Active Directory tree structure.

    • Navigate to users, computers, printers, and managed objects within OUs.

    • Functions available for users include adding to groups, disabling access, and resetting passwords.

  • Moving Objects in OUs: Allows rearranging users and computers to apply different policies as needed.

Implementing Group Policies

  • Group Policy Management: The tool used to manage the policies for different OUs.

    • Examples of policies include login scripts, QoS settings, and Windows OS management.

  • Applying Group Policy Changes: Usually effective upon user re-login, or can be forced with gp update /force command.

Example Policy Change Process

  • Removing Recycle Bin Icon:

    • Create and edit a new Group Policy Object (GPO) under the relevant OU.

    • Navigate to User Configuration > Administrative Templates > Desktop and enable the relevant policy to remove the Recycle Bin icon.

    • Apply the GPO and force an update on the user's desktop via command prompt.

Automating Login Scripts

  • Creating Login Scripts: Automate tasks during user login; applicable per OU.

    • Example: Map network drives via scripts to streamline user experience.

    • Script example: net use G: \Cheyenne1\Missions for drive mapping to server.

Managing User Profiles

  • Network-Based Home Directories: Setup user profiles to utilize network drives rather than local drives for document storage.

    • Customize user profiles through OU properties.

    • Example of customization includes specifying a network path with user variable %username% for dynamic folder creation.

  • Redirecting Windows Libraries: Allow all user folders (Desktop, Documents, Downloads) to redirect to network locations for easier access and backup.

    • Utilize group policy to handle the redirection setup.

Permissions Management Using Groups

  • Advantages of Group Permissions:

    • Assign permissions collectively rather than individually, which saves time.

    • Adjust user access easily by adding/removing users from groups.

  • Built-in Windows Groups: Examples include account operators, backup operators, and performance logs.

User Properties and Permissions in Active Directory

  • Viewing User Group Membership: Accessing properties of a user to check group membership (e.g., Remote Desktop Users).

    • Adding a user to a group (via search) to extend necessary permissions rapidly.