70-410 Objective 5.2 – Creating and Managing User and Computer Objects in Windows Server 2012 R2
In this video we explore the ways to create and manage User and Computer objects in Windows Server 2012 R2 Active Directory. We first look at the differences between local authentication and domain authentication. We then look at the security guidelines we should follow for the Administrator account and the Guest Account. We then explore some of the GUI or graphical based methods for creating user accounts. Such as the Active Directory Administrative Center and the Active Directory Users and Computers MMC. We also look at User Templates, which I will follow-up with a lab on to be released later. We then explore some of the command line tools for user creation such as: dsadd.exe, Windows PowerShell, CSVDE.exe (Comma Separated Value Data Exchange) and LDIFDE.exe (Lightweight Data Interchange Format Directory Exchange). We then focus on the relevance of joining a computer account to Active Directory. We begin to understand why we need to join the computer account to AD and how a trust is made so that the computer can authenticate. We then look at creating Computer Accounts in an Active Directory domain and the tools used to do so. Many of these tools are the same for adding user accounts such as dsadd, Active Directory Users and Computers and the Active Directory Administrative Center. With differences being the PowerShell command of New-ADComputer and using netdom join to join a computer to the domain and sub sequentially creating the account when it joins. We then cover the rights to join the domain, which is something that nobody really knows is out there. However, the average non-privileged user can join up to 10 workstations to the domain without any special privileges. We then look at the Offline Domain Join utility called djoin and how it can be used to domain join a computer that is not directly connected to Active Directory. Lastly we look at Managing Disabled Accounts and what it means to disable an account. Such as a User or a Computer object and how to do this via PowerShell.
Limit the number of workstations a user can join to the domain: https://support.microsoft.com/en-us/kb/243327
Differences between Local Accounts and Domain Accounts – 0:14
Basic security guidelines for the Administrator and Guest Account – 1:14
GUI based user creation tools – 2:33
Command line user creation tools – 3:34
Relevance of Joining a Computer to a Domain – 4:42
Creating Computer Accounts – 5:40
Non-Privileged user rights for joining computer accounts – 6:50
Offline Domain Join – 7:50
Managing Disabled Accounts – 10:15