Chapter 7: DesigningAccounts Access and Management

MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER

• Design a security group strategy.

  • Define the scope of a security group to meet requirements.

  • Define resource access requirements.

  • Define administrative access requirements.

  • Define user roles.

• Design a user and computer authentication strategy.

  • Identify common authentication requirements.

  • Select authentication mechanisms.

• Design a user and computer account strategy.

  • Specify account policy requirements.

  • Specify account requirements for users, computers, administrators, and services.

Forests, domains, and organizational units (OUs) make up the pieces of Active Directory that we have discussed up to this point. Starting at the highest level in the logical structure of our Active Directory infrastructure, we have made design decisions that have led us to a functional design that will allow us to have an efficient administrative structure. When combined with group policies, these decisions can ensure that the management of user, group, and computer accounts is just as efficient.

As we evaluated the administrative needs of an organization, we identified the resources that need to be managed and the employees who will manage the objects. Using this information, we can continue to build on our design by determining which accounts ”User, Group, and Computer ”need to be identified and the policies that we will use to create and manage them. This chapter introduces the options for account creation policies, group management policies, and the options for administrative control.