لطفا منتظر باشید ...
Publisher| Active DirectoryTools |
administering Active Directory are the following MMC consoles, which
are also the names of the corresponding MMC snap-ins:
- Active Directory Domains and Trusts (domain.msc)
Used to administer certain aspects of domains and trusts. This tool
is discussed under DomainTools later in
this chapter.- Active Directory Sites and Services (dssite.msc)
Used to create sites and manage directory replication between them.
This tool is discussed under SiteTools
later in this chapter.- Active Directory Users and Computers (dsa.msc)
Used to create and manage Active Directory objects such as users,
computers, groups, and printers. This tool is discussed later in this
section.
- Start
Programs Administrative Tools
select the appropriate tool. - Add the appropriate snap-in to a new or existing MMC console.
- Install the WS2003 Administrative Tools Pack on an XP or WS2003
machine and use the Active Directory Management convenience console,
which contains all three of these snap-ins plus DNS. - Type the filename associated with the tool
(domain.msc, dssite.msc, or
dsa.msc) at the command prompt or use Start Run.
include:
- Active Directory Migration Tool (ADMT)
An MMC snap-in used to simplify the migration of users, groups, and
computers in NT 4.0 domains to Active Directory domains- Active Directory Schema
An MMC snap-in used to add a new class or attribute to the Active
Directory schema- adprep
A command-line tool used to prepare an existing W2K forest or domain
for upgrading to WS2003- dsadd , dsget , dsmod , dsmove , dsquery , and dsrm
New command-line tools that enable you to find and manage users,
groups, computers, and OUs- ldifde
A command-line tool that enables you to batch import/export
information to/from Active Directory using the LDAP Data Interchange
Format (LDIF) standard- Ldp
A GUI utility in \SUPPORT\TOOLS on the product
CD that allows you to perform LDAP searches against Active Directory
to view and modify information not visible in the GUI tools for
managing Active Directory- ntdsutil
A command-line tool used to perform maintenance on certain aspects of
Active Directory, such as performing an offline defragmentation to
compact the datastore
\SUPPORT\TOOLS folder on the
WS2003 product CD can be used to administer certain aspects of Active
Directory. These tools include DCDiag,
Dnscmd, DSAStat,
MoveTree, Netdom,
NETDiag, NLTest,
Repadmin, and several others that can be found
in the SUPPORT.CAB cabinet file and can be
installed using the SUPTOOLS.MSI Windows
Installer package file.
Active Directory Users and Computers
Active Directory
Users and Computers is one of the WS2003 tools you will use
frequently as an administrator. You can use this tool to create
Active Directory objects representing users, groups, computers,
printers, and shared folders. You can also use it to create OUs,
delegate authority over OUs to trusted users, link Group Policy
Objects (GPOs) to domains and OUs, and manage certain aspects of
domain controllers. The console tree of this tool displays the domain
you have selected and the hierarchy of OUs (if any) that make up the
logical structure of the domain. The console tree also includes a
number of default containers:
- Builtin
Contains various domain local groups in the domain, such as
Administrators and Users.- Computers
Contains computer accounts for member servers and workstations in the
domain.- Domain Controllers
Contains domain controllers for the domain.- Foreign Security Principals
Contains SIDs associated with objects from external trusted domains.- Users
Contains built-in user accounts, global groups, and a few domain
local groups. This container is also the default container for
accounts upgraded from downlevel NT domains.
There are also some additional hidden containers that are rarely used
in day-to-day administration of Active Directorylater in this
section I describe how to make these containers visible.New to this version is the Saved Queries folder,
which lets administrators create and save LDAP queries that search
for specific types of Active Directory objects. For example, you can
create queries to find all disabled user accounts, all users with
nonexpiring passwords, and so on. When you execute a saved query, you
can simultaneously modify all the objects found. This new bulk-edit
feature of WS2003 is much easier than the W2K approach of creating
custom ADSI scripts for similar purposes.
Action Menu
Here is a brief summary of the kinds of tasks
you can perform using the Action menu once you select a node in the
console tree or an object in the details pane:
- Active Directory Users and Computers
Select this node to connect to another domain or domain controller,
view or change the operations masters for the domain, or raise the
domain functional level.- Saved Queries
Select this node to create a new query and create subfolders for
organizing your queries. Select a query to edit it or export it as an
XML file, which can then be imported into the Saved
Queries folder of a different domain.- Any domain
Select this node to delegate authority for the domain, apply Group
Policy to the domain, invoke the Resultant Set of Policy (RSoP)
Wizard, create OUs or other objects within the domain, and perform
other tasks listed under Active Directory Users and
Computers earlier in this section.- Any OU
Select this node to delegate authority for the OU, move the OU within
the domain, apply Group Policy to the OU, or invoke the RSoP Wizard.- Any user, computer, group, or other object
The actions you can perform depend on the type of object you select.
For example, right-clicking on a computer object and selecting Manage
will open a Computer Management console with the selected computer
having the focus.
View Menu
The View menu includes a few interesting
options:
- Users, Groups, and Computers as containers
This option allows User, Group, and Computer objects to be displayed
in the console tree as containers. You might think that selecting a
Group object in the console tree would display the
group's members in the details pane, but
unfortunately, this is not so, so the feature has little usefulness.- Advanced Features
This option toggles on or off various hidden containers, including
LostAndFound, System, NTDS Quotas, and Program Data. The one of most
interest here is System, which has subcontainers representing various
networking services you have installed, such as DFS, DNS, RAS, and so
on. Don't modify anything in these containers unless
you really know what you're doing!Advanced Features also displays two hidden tabs on properties sheets
of objects:- Object tab
Displays the canonical name of the object or where it is logically
located within Active Directory, in case you're
interested.- Security tab
Lets you modify the permissions of objects in Active Directory.
Changing these without knowing what you're doing can
really cause problems!
- Filter Options
This option lets you set up a filter to display one or more types of
published objectsfor example, to display user accounts only.
Filters provide a quick way of narrowing the focus when you are
looking for something and have thousands of objects to wade through.
