Chapter 16: Managing User Accounts with Active Directory

Previous page
Table of content
Next page

Every user who accesses a network must have a user account. User accounts let you control who can access the network and who can't. In addition, user accounts let you specify which network resources each user can use. Without user accounts on your network, all your resources are open to anyone who casually drops by your network.

Basics of Windows User Accounts

User accounts are one of the basic tools for managing a Windows server. As a network administrator, you spend a large percentage of your time dealing with user accounts-creating new ones, deleting expired ones, resetting passwords for forgetful users, granting new access rights, and so on. Before I get into the specific procedures of creating and managing user accounts, this section presents an overview of user accounts and how they work.

Local accounts versus domain accounts

A local account is a user account that is stored on a particular computer and applies to only that computer. Typically, each computer on your network has a local account for each person who uses that computer.

In contrast, a domain account is a user account that is stored by Active Directory and can be accessed from any computer that's a part of the domain. Domain accounts are centrally managed. This chapter deals primarily with setting up and maintaining domain accounts.

User account properties

Every user account has a number of important account properties that specify the characteristics of the account. The three most important account properties are

  • Username: A unique name that identifies the account. The user must enter her username when logging on to the network.

    REMEMBER 

    The username is public information. Other network users can (and often, should) find out your username.

    Password: A secret word needed to access the account.

    Tip 

    You can set up Windows to enforce password policies, such as

    • The minimum length of the password

    • Whether the password must contain both letters and numerals

    • How frequently the user must change the password

  • Group membership: Indicates the group or groups to which the user account belongs. Group memberships are the key to granting access rights to users so that they can

    • Access network resources, such as file shares or printers

    • Perform network tasks, such as creating new user accounts or backing up the server

Tip 

Groups are a handy way to send e-mail to multiple users. For example, if all users in your marketing department are members of a group named Marketing, you send them all an e-mail by addressing the mail to the Marketing group.

Many other account properties record information about the user, such as her contact information and whether she's allowed to access the system only at certain times or from certain computers. I describe the most important of these features in later sections of this chapter.



Previous page
Table of content
Next page
Networking For Dummies
Networking For Dummies
ISBN: 0470534052
EAN: 2147483647
Year: 2004
Pages: 254
Authors: Doug Lowe
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
C++ How to Program (5th Edition)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
An Introduction to Design Patterns in C++ with Qt 4
Special Edition Using FileMaker 8
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy