Module 5: Configuring Active Directory Objects and Trusts potx

24 317 0
Module 5: Configuring Active Directory Objects and Trusts potx

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

Module 5 Configuring Active Directory Objects and Trusts Module Overview • Delegate Administrative Access to Active Directory® Objects • Configure Active Directory Trusts Lesson 1: Delegate Administrative Access to Active Directory ObjectsActive Directory Object Permissions • What Are Effective Permissions? • What Is Delegation of Control? • The Delegation of Control Wizard • Discussion: Scenarios for Delegating Control Include standard permissions and special permissions Active Directory Object Permissions • Can be set at object level, or inherited from the parent object • Can be allowed, implicitly denied, or explicitly denied • Standard permissions are the most frequently assigned permissions • Special permissions provide a finer degree of control for assigning access to objects Demonstration: Active Directory Domain Services Object Permission Inheritance In this demonstration, you will see how: • Permissions are inherited for AD DS Objects • View effective permissions on an object What Are Effective Permissions? Effective permissions are the actual permissions that are granted to the specified user or group • Permissions are cumulative, including permissions assigned to the user account and the group account • Explicit deny permissions override inherited allow permissions • Explicit allow permissions override inherited deny permissions Use the Effective Permissions tool to view effective permissions • Special identities are not used when using the Effective Permissions tab to view special permissions • Effective Permissions tool does not take into account share permissions • Delegated administration:  Eases administration by distributing routine administrative tasks  Provides users or groups more control over local network resources  Eliminates the need for multiple administrative accounts What Is Delegation of Control? Domain OU1 OU2 Admin2 Admin2 Admin1 Admin1 Admin3 Admin3 OU3 Assigns the responsibility of managing Active Directory objects to another user or group The Delegation of Control Wizard Use the Delegation of Control Wizard to: • Automatically assign appropriate permissions to users and groups • Specify user or group to which you want to delegate control • Specify OUs and objects that you want to grant the user or group permission to control • Specify tasks that you want the user or group to be able to perform Modifying the Delegation of Control Wizard: • List of common tasks in the wizard is controlled by templates in the delegwiz.inf file • You can change the list of common tasks by modifying the delegwiz.inf file to include other templates Discussion: Scenarios for Delegating Control • What are the benefits of delegating administrative permissions? • How would you use delegation of control in your organization? Demonstration: Configuring Delegation of Control In this demonstration, you will see how to: • Configure delegation with Delegation of Control Wizard • Configure delegation using a Windows PowerShell script [...]... authentication Lab B: Configuring Active Directory Trusts • Exercise 1: Configuring AD DS Trusts Logon information Virtual machines NYC-DC1, NYC-DC2, NYC-CL1, VAN-DC1 User name Administrator Password Pa$$w0rd Estimated time: 30 minutes Lab Scenario Woodgrove Bank has several requirements for managing AD DS objects The organization frequently hires interns who must have limited permissions and whose accounts... between organizations must be limited to as few users as possible Lesson 2: Configure Active Directory Trusts • What Are AD DS Trusts? • AD DS Trust Options • How Trusts Work Within a Forest • How Trusts Work Between Forests • What Are User Principal Names? • What Are the Selective Authentication Settings? What Are AD DS Trusts? Provide a mechanism for users to gain access to resources in another domain... domain? • How would you configure a forest trust with another organization if the organization does not provide you with their administrator credentials? Module Review and Takeaways • Review questions • Considerations for managing Active Directory objects and trusts ... Domain A Domain 2 Tree Two Domain B Domain C How Trusts Work Between Forests Forest 1 Forest 2 Forest trust 6 Global catalog Global catalog contoso.com WoodgroveBank com 4 2 3 1 Vancouver EMEA.WoodgroveBank.com 5 Seattle 7 8 9 NA.Contoso.com Demonstration: Reviewing Trusts In this demonstration, you will see how to: • Review the Active Directory Domains and Trusts MMC What Are User Principal Names? • A... complete User accounts must also be configured with a standard configuration The organization also requires AD DS groups that will be used, to assign permissions to a variety of network resources The organization would like to automate the user and group management tasks, and delegate some administrative tasks to junior administrators Lab Review • After the trusts are configured as described in the lab, what...Lab A: Configuring Active Directory Delegation • Exercise 1: Delegating Control of AD DS Objects Logon information Virtual machines NYC-DC1 User name Administrator Password Pa$$w0rd Estimated time: 30 minutes Lab Scenario Woodgrove Bank has also established... defines the account domain and the resource domain • Authentication protocol – the protocol that you use to establish and maintain the trust AD DS Trust Options Forest 1 Tree/Root Trust Forest 2 Forest Trust Parent/Child Trust Domain D Domain E Forest (root) Forest (root) Domain A Domain B Shortcut Trust Domain F Domain C Kerberos Realm Realm Trust Domain P External Trust Domain Q How Trusts Work Within a... automatically disabled if the same UPN suffix is used in both forests • You can manually enable or disable name suffix routing across trusts What Are the Selective Authentication Settings? Selective authentication: • Limits which computers can be accessed by users from a trusted domain, and which users in the trusted domain can access the computer • Configured on the security descriptor of the computer object... Reviewing Trusts In this demonstration, you will see how to: • Review the Active Directory Domains and Trusts MMC What Are User Principal Names? • A UPN is a logon name that includes the user logon name and a domain suffix • The domain suffix can be the user’s home domain, any other domain in the forest, or a custom domain name • Additional UPN domain suffixes can be added • UPNs must be unique in a forest . Module 5 Configuring Active Directory Objects and Trusts Module Overview • Delegate Administrative Access to Active Directory Objects • Configure Active Directory Trusts Lesson. users as possible. Lesson 2: Configure Active Directory Trusts • What Are AD DS Trusts? • AD DS Trust Options • How Trusts Work Within a Forest • How Trusts Work Between Forests • What Are. Objects • Configure Active Directory Trusts Lesson 1: Delegate Administrative Access to Active Directory Objects • Active Directory Object Permissions • What Are Effective Permissions? • What Is Delegation

Ngày đăng: 29/06/2014, 00:20

Từ khóa liên quan

Mục lục

  • Slide 1

  • Module Overview

  • Lesson 1: Delegate Administrative Access to Active Directory Objects

  • Active Directory Object Permissions

  • Demonstration: Active Directory Domain Services Object Permission Inheritance

  • What Are Effective Permissions?

  • What Is Delegation of Control?

  • The Delegation of Control Wizard

  • Discussion: Scenarios for Delegating Control

  • Demonstration: Configuring Delegation of Control

  • Lab A: Configuring Active Directory Delegation

  • Lab Scenario

  • Lesson 2: Configure Active Directory Trusts

  • What Are AD DS Trusts?

  • AD DS Trust Options

  • How Trusts Work Within a Forest

  • How Trusts Work Between Forests

  • Demonstration: Reviewing Trusts

  • What Are User Principal Names?

  • What Are the Selective Authentication Settings?

Tài liệu cùng người dùng

Tài liệu liên quan