Lesson 1: Locating Active Directory Objects

Active Directory stores information about objects on the network. Each object is a distinct, named set of attributes that represents a specific network entity. Active Directory is designed to provide information to queries about directory objects from both users and programs. In this lesson, you learn how to use Find (located in the Active Directory Users And Computers console) to locate Active Directory objects.


After this lesson, you will be able to

  • Identify the types of Active Directory objects
  • Use Find to locate any type of Active Directory object

Estimated lesson time: 15 minutes


Understanding Common Active Directory Objects

Adding new resources to your network creates new Active Directory objects that represent these resources. You should be familiar with some of the common Active Directory objects. Table 19.1 describes the contents of the most common object types that you can add to Active Directory.

Table 19.1 Common Object Types and Their Contents

Object type Contents
User account This is the information that allows a user to log on to Windows 2000, such as the user logon name. This information also has many optional fields including First Name, Last Name, Display Name, Telephone Number, E-Mail, and Home.
Contact This is information about a person with a connection to the organization. This information also has many optional fields including Telephone Number, E-mail, Address, and Home Page.
Group This is a collection of user accounts, groups, or computers that you can create and use to simplify administration.
Shared folder This is a pointer to the shared folder on a computer. A pointer contains the address of certain data, rather than the data itself. Shared folders and printers exist in the registry of a computer. When you publish a shared folder in Active Directory, you create an object that contains a pointer to the shared folder.
Printer This is a pointer to a printer on a computer. You must manually publish a printer on a computer that is not in Active Directory. Microsoft Windows 2000 automatically adds printers that you create on domain computers to Active Directory.
Computer This is the information about a computer that is a member of the domain.
Domain controllers This is the information about a domain controller including an optional description, its Domain Name System (DNS) name, its pre-Windows 2000 name, the version of the operating system loaded on the domain controller, the location, and who is responsible for managing the domain controller.
Organizational Unit (OU) This contains other objects, including other OUs. It is used to organize Active Directory objects.

Using Find

To locate Active Directory objects, open the Active Directory Users And Computers console located in the Administrative Tools folder. Then right-click a domain or a container in the console tree and click Find. The Find dialog box provides options that allow you to search the global catalog to locate Active Directory objects (see Figure 19.1). The Find dialog box helps you create a Lightweight Directory Access Protocol (LDAP) query that will be executed against the directory or a specific OU. The global catalog contains a partial replica of the Entire Directory, so it stores information about every object in a domain tree or forest. Because the global catalog contains information about every object, a user can find information regardless of which domain in the tree or forest contains the data. Active Directory automatically generates the contents of the global catalog from the domains that make up the directory.

Figure 19.1 Using the Find dialog box to locate objects

Table 19.2 describes the options in the Find dialog box.

Table 19.2 Options in the Find Dialog Box

Element Description
Find A list of object types for which you can search, including users, contacts, and groups; computers; printers; shared folders; OUs; and custom search. Custom search builds the LDAP query or allows you to enter your own LDAP query based on parameters you enter. For example, the LDAP query OU=*er* (entered in the Advanced tab) searches for OU names containing "er" in the middle and returns the Domain Controllers OU.
In A list of locations in which you can search, including the entire Active Directory, a specific domain, or an OU.
Browse A button that allows you to select the path of your search.
Advanced The context-sensitive tab in which you define the search criteria to locate the object that you need. This tab provides an array of choices when you choose to find users, contacts, and groups; computers; printers; shared folders; or OUs. When you choose custom search, the Advanced tab makes you type in the query manually or create a search through the use of the most common available attributes that are organized by object type on the Custom Search tab. The Custom Search tab provides the same elements that are otherwise found on the Advanced tab.
Field A context-sensitive list of the attributes for which you can search on the object type that you select; located in the Advanced tab.
Condition A context-sensitive list of the methods available to further define the search for an attribute; located in the Advanced tab.
Value A box that allows you to enter the value for the condition of the field (attribute) that you are using to search the Directory; located in the Advanced tab. You can search for an object by using an attribute of the object only if you enter a value for the attribute. For example, if you are looking for users whose first name starts with the letter R, you select First Name in the field list, select Starts With in the condition list, and type R in the Value box.
Search Criteria A box that lists each search criteria that you have defined; located in the Advanced tab. To define a search criterion, you use the Field list, Condition list, and Value box, and then click Add. To remove search criteria, select the criteria, and then click Remove. You can add or remove search criteria to narrow or widen your search.
Find Now A button used to begin a search after search criteria are defined.
Stop A button used to stop a search. Items found up to the point of stopping the search are displayed.
Clear All A button used to clear the specified search criteria.
Results A box that opens at the bottom of the Find window and displays the results of your search after you click Find Now.

Practice: Searching Active Directory

In this practice, you search Active Directory for objects based on search criteria that you provide. First you create user accounts for the practice. Next you find a user's account based on his or her primary phone number. Finally you find a printer that is able to staple the pages it prints.

IMPORTANT


You need to have a local printer installed on your computer. However, you do not need a printing device connected to the computer. If you do not have a local printer installed, create one now. Remember that printing device refers to the physical machine that prints and that local printer refers to the software that Windows 2000 needs to send data to the printing device.

Exercise 1: Create User Accounts in a Domain

Before you can search for an object, you need to create user accounts that contain the search objects. In this exercise, you create user accounts that are used throughout this practice.

  1. Log on to your domain as Administrator, and then open the Active Directory Users And Computers console.
  2. In the console tree, click Users.
  3. On the Action menu, point to New, and then click User.

    Notice that the New Object-User dialog box shows that the new user account is being created in the Users folder of your domain.

  4. Create the user accounts shown in the following table.

User Accounts for Practice

First Name Last Name User Logon Name Password Change Password
User Twenty User20 Password Default setting
User Twentyone User21 Password Default setting
User Twentytwo User22 Password Default setting

Make each user a member of the Print Operators group or another group with the right to log on locally to a domain controller.

  1. Edit the properties of the User20 account that you created, and in the General tab of the Properties dialog box, in the Telephone Number box, type 555-1234.

Exercise 2: Find User Accounts in the Domain

In this exercise, you find a specific user account based on the account's phone number.

  1. In the console tree, right-click the name of your domain, and then click Find.

    Windows 2000 displays the Find dialog box.

    In the Find dialog box, what object type can you select for a search?

    Answer

  2. Ensure that Users, Contacts, And Groups is selected in the Find box, and then click Find Now. What do you see?

    Notice how Windows 2000 can find objects, such as user accounts, regardless of their location.

    Answer

  3. In the Find Users, Contacts, And Groups dialog box, click Clear All, and then click OK to acknowledge that you want to clear the search results.
  4. In the In list, select your domain.
  5. Click the Advanced tab.
  6. Click Field, point to User, and then scroll down and click Telephone Number.

    Notice that Windows 2000 fills in Starts with in the Condition list.

  7. In the Value box, type 555, and then click Add.
  8. Click Find Now.

    In the Find Users, Contacts, And Groups dialog box, Windows 2000 displays the User20 account for which you typed the telephone number 555-1234.

  9. Close the Find Users, Contacts, And Groups dialog box.

Exercise 3: View Printers in Active Directory Users and Computers

In this exercise, you need to find a printer that can staple the pages it prints.

  1. On the View menu, click Users, Groups, And Computers As Containers.

    By default, Active Directory Users And Computers does not show printers. You have to change the view options.

  2. In the console tree, expand Domain Controllers to view your computer.

    Active Directory Users And Computers displays your computer in the console tree. Notice that you can expand the computer because it is now shown as a container.

  3. In the console tree, click the name of your computer.

    Active Directory Users And Computers displays all printers on your computer as objects that are associated with your computer.

  4. To view the properties of a printer, double-click on the name of the printer.
  5. On the Properties dialog box for the printer, click the Staple check box to identify the printer as one that can staple, and then click OK.
  6. Minimize Active Directory Users And Computers.
  7. Click Start, point to Search, and then click For Printers.
  8. In the Find Printers dialog box, click the Features tab.
  9. Click the Can Staple check box.
  10. In the In list, select your domain, and then click Find Now.

    Windows 2000 displays the printer that you modified in the list of printers that are capable of stapling.

  11. Close the Find Printers dialog box.

Lesson Summary

In this lesson, you learned that common Active Directory objects include user accounts, contacts, groups, shared folders, printers, computers, domain controllers, and OUs. You learned to locate objects by starting the Active Directory Users And Computers console, right-clicking an object within a domain in the console tree, and clicking Find. The Find dialog box provides fields that allow you to search for Active Directory objects.

In the practice portion of this lesson, you searched Active Directory for objects based on search criteria you specified.



MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net