Translate by Amir RajabiExam-70-640 ChalghoozAcademy.com

[email protected] : 2

Windows Server 2008 1392

1

Active Directory Domain Services

. (User Account) .

Active Directory Domain Services 2008 Active Directory Domain Controller DC forest Active Directory . Active Directory

Active 2008. Directory .

. DC Active Directory forest 8 . contoso.com DC

"Authentication" 11 "Domain Controllers" 11 "Domains and Forests" forest forest 11 . 2008 "Active

Directory Lightweight Directory Services" 11 "Active Directory Certificate Services and Public Key Infrastructures" 11 "Active Directory Rights Management Services" 11 "Active Directory

Federation Services" Active Directory Active Directory Lightweight Directory Active Directory Certificate Services and Public Key Infrastructures Active Directory Rights Management Service

Active Directory Federated Services

Active Directory o forest

1 :Active Directory Domain Services 1 : Active Directory Domain Services Server Core

:

. 2008 http://technet.microsoft.com/en- . 2008

us/windowsserver/2008/bb414778.aspx 512 . MB 10 GB . GHz 1.4 11 GHz 1 21

. . ) ( : 2008

http://www.microsoft.com/windowsserver2008

DC Identity and Access . . DC

. DC 2008 .

. ( Server Core2008 (Server Core .

. 2008 DC .
http://technet.microsoft.com/en-us/windowsserver/2008/bb414778.aspxhttp://technet.microsoft.com/en-us/windowsserver/2008/bb414778.aspxhttp://technet.microsoft.com/en-us/windowsserver/2008/bb414778.aspxhttp://www.microsoft.com/windowsserver2008



identity and 2008 DC access

Active Directory Domain Services: 1 Active Directory Domain Services (AD DS) Identity and Access (IDA . (

. 2008 Active Directory AD DS Active Directory Domain Server Manager Services . IDA Active Directory .

:

Identity and Access . Active Directory DC AD DS .

11 : Active Directory Identity and Access

IDA . IDA Active Directory : IDA . e-mail

. .

( Security Subsystem. ) ( ACL ) . ACL

. . ( Identity Store. ) ( SID )

IDA . Active Directory . DC . AD DS DC

. . IDA

( Authentication )

Active Directory Kerberos . Kerberos Active Directory

Domain Kerberos TGT (Ticket Granting Ticket . ( DC TGT Kerberos

. Service Ticket DC . Service Ticket.

. Kerberos . Service Ticket TGT

. Kerberos IDA .

. ACL.



. . IDA

(Audit) IDA .

AD DS IDA 2008. 2008 Active Directory . IDA . 1-1 .

Active Directory

Active Directory 1-1

Active Directory Domain Services(Identity) AD DS Object ) AD DS .

Management )Group Policy . AD DS

Active AD DS . AD DS . Directory 12 1 . 2008 AD

DS . "Chapter 3:Designing the Active Directory" Active Directory

net.com/Documents/007222343x_ch03.pdf-http://www.reso Windows Server 2003 Best Practices for Enterprise Deployments

AD DS

Windows Server 2008: The Complete Active Directory Domain Services Reference Ruest Ruest (McGraw-Hill Osborn. )
http://www.reso-net.com/Documents/007222343x_ch03.pdfhttp://www.reso-net.com/Documents/007222343x_ch03.pdf



Active Directory Lightweight Directory Services (Applications)AD LDS Active Directory Active Directory Application Mode (ADAM) . core AD DS AD LDS . Directory-enabled

code . AD LDS . . DC

AD LDS schema schema AD DS AD LDS .

SSL (schema Lightweight Directory Access Protocol (LDAP . workgroup AD DS AD LDS . . AD DS AD LDS AD LDS . AD LDS

. 11 AD LDS . AD DS Active Directory Certificate Services (Trust) AD CS Certificate Authority (CA)

(public key infrastructure (PKI CA . . private key

AD CS . VPN )IPSec EFS )

. AD CS . AD CS . CA AD CS

. AD DS AD CS .

. 11 AD CS . Advanced Public Key" PKI

Infrastructures" http://www.reso-net.com/articles.asp?m=8

Active Directory Rights Management Services (Integrity) ACL

(Active Directory Rights Management Services (AD RMS . . (Security Templates)

. .

DC Active Directory AD RMS. AD Microsoft SQL Server 2008 IIS 2 2000

RMS 2008 RMS-enabled IE Microsoft Office Microsoft Word Microsoft Outlook Microsoft Power Point

AD DS AD RMS . . 11 AD RMS . AD CS

Active Directory Federation Services (Partnership)AD FS IDA

. .

AD FS . (single sign-on(SSO AD DS
http://www.reso-net.com/articles.asp?m=8



Secure) 443 (HTTP)80 TCP/IP AD FS . HTTP) (HTTPS) AD DS . AD FS perimeter AD CS( Trusted ) AD FS.

. 11 AD FS . AD RMS AD LDS AD DS. IDA Active Directory PKI AD CS . AD FS AD RMS .

. Identity and Access

Active Directory IDA .

Active Directory . schema user schema user

. .

1 fine-grained password audit Group Policy . Group Policy Infrastructure 1 Group Policy Settings 8

. ( Replication ) "Sites and Replication"( . Logon Script )

configuration . 11 Active Directory 11 8 .

Active Directory ( Partial attribute set) Global Catalog .

. . Active Directory Services Interface (ADSI) LDAP .

. AD DS Active Directory DNS .

AD DS Active Directory integrated zone 2008 . Active Directory replication services

Active Directory IDA AD DS AD DS 12 . Active Directory .

Active Directory 2008 TechCenter 2008 Active Directory

us/windowsserver/2008/default.aspx-http://technet.microsoft.com/en Active Directory

. DC AD DS . DC SystemRoot%\Ntds% Ntds.dit

domain naming context Schema Configuration global catalog . : . domain

Domain Controllers
http://technet.microsoft.com/en-us/windowsserver/2008/default.aspx



Kerberos Key . AD DS DC Distribution (KDC) 11 . DC .

Domain . . DC

DC identity data . identity store DC .

. account lockout policies password complexity . . DC DC Active Directory . 11 . DC

Forest forest root domain forest. forest Active Directory

instance forest . directory schema instance forest . forest. forest Active Directory

. forest 11 . Tree

. . foresttree DNS antarctica.treyresearch.net treyresearch.net forest treyresearch.net

. namespace )DNS ) treyresearch.net proseware.com DNS . DNS

. forest ) Antarctica Trey Research Active Directory forest 1-1

Antarctica . ( Antarctica . forest Treyresearch.net DNS .

Antarctica.treyresearch.net .

Active Directory forest 1-1

Functional level . forest Active Directory

. : forest AD DS AD DS Windows 2000 native Windows Server 2003 Windows Server 2008 forest :

Microsoft Windows Server 2003 Windows Server 2008 .forest



Windows . AD DS Server 2008

. DC .

Windows Server 2008 DC Windows Server 2008 . forest 11 .

Organizational Unit Active Directory . container . container snap-in )Active Directory Users and Computers . ) container

container Users Computers Builtin . container OU . OU OU . container

GPO . (Group policy objects (GPOs . GPO 1 OU "Administration" 1 . OU

Sites Active Directory .

. . site . DC .

. .

. DC 11 . DC DC

. Active Directory .

. 2008 forest

. Active Directory AD DS DC :

DNS . DNS contoso.com contoso NetBIOS . NetBIOS NT

. DC . forest

2008 DC . Windows Server 2008 .

DNS Active Directory .DNS "Integrating Domain Name System with AD DS" 9 .

. DNS IP DC .IP DC ) static ( . DNS

IP DC . forest DNS DC . DNS . DC DNS

(Account) Administrators . ) Ntds.dit )system volume(SYSVOL) . %SystemRoot%

DC . SYSVOL NTDS C:\Windows .



AD DS . DC

http://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1- . AD DS 139e8bcc44751033.mspx-9164-4cef-54aa ws Server 2008 Technical LibraryWindo .

AD DS . . AD DS . .

2008 Server .

Manager . 2-1 .Server Manager .

. Server Manager Link )Add Role ) Roles Add Roles . . Add Roles

Server Manager 2 -1 DC

DC AD DS Active Directory Domain Services Dcpromo.exe Active Directory .

Installation .

2008 forest
http://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspxhttp://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspxhttp://technet2.microsoft.com/windowsserver2008/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx



. forest . contoso AD DS forest AD DS . 2008 . contoso.com forest DC Active Directory Domain Services

2008 : 1 . 2008

1. DVD . 2008 . . DVD ISO

. .1 DVD

BIOS DVD . DVD 1 -1 . DVD

.

1 -1 Next keyboard layout language ,regional setting .2

. 11 . 1 -1 . Install Now .1

( .x64 ) 11 ( x86 ) 21



Select The Operationg System You Want To Install 1 -1 . Next (Windows Server 2008 Standard (Full Installation .1 . Next I Accept The License Terms .1 . (Custom (Advanced .1 2008 Where Do You Want To Install Windows .8

( extend . ) Driver Options (Advanced) .

. Installing Windows 1 -1 . Next .9 . image 2008 .

.



1 -1

. .

. OK .11 Enter Confirm Password New Password Administrator .11

. : 1

A Z a z 9 0 ! @ # $

. . Administrator . OK .11 2

. TCP/IP



Initial 1 -1 . Administrator .1Configuration Tasks . .

Initial Configuration Tasks 1 -1 : .1

Time Zone : Computer Name :SERVER01 . .

. IP Configure Networking .2 Download And Install Updates .1

. . .1

subnet 10.0.0.20 10.0.0.11 mask . 255.255.255.0

. contoso.com . Network Connections . Configure Networking .11. Local Area Connection . . Change Settings Of This Connection .89. Internet Protocol version 4 (TCP/IPv4) Properties 2008 . TCP/IPv6

. 11. Use The Following IP Address : .

IP Address :10.0.0.11 Subnet Mask :255.255.255.0 Default Gateway : 10.0.0.1 Preferred Dns Server :10.0.0.11

11. OK Close .



Server manager . Add Features Add Roles .11 . . SERVER01

Initial Configuration Tasks . Do Not Show This Window At Logon .12

. oobe.exe . Close .11

. 2008 . Server Manager .

. snapshot snapshot

. AD DS 2008. 2008 forest 3

. 1 1 AD DS . Administrative Tools Server Manager .1 . Add Roles. Add Roles Roles Summary .1 . Next .2 . Next Active Directory Domain Services Select Server Roles .1 . Next Active Directory Domain Services .1 . Install Confirm Installation Selection .1

. Installation Progress Roles Summary. Close Installation Page .1

. "x" Server Manager . Active Directory Domain Services . 8 -1 Server Manager Active Directory Domain Services . Dcpromo.exe

Server Manager Active Directory Domain Services 1 -8

2008 forest 4



2008 forest (Active Directory Domain Services Installation (Dcpromo.exe . OK Dcpromo.exe Run .1

AD DS dcpromo Dcpromo.exe . Server Manager AD DS

. AD DS . 11. Active Directory Domain Services

. Next .1 2008 DC Operating System Compatibility .2

. Next Create A New Domain In A New Forest Choose a Deployment Configuration .1

Next . . Next contoso.com Name The Forest Root Domain .1

. NetBIOS DNS . Next 2008 Set Forest Functional Level .1

2008 forest. Details 2008 forest

. 11. 2008 . DNS Server . Additional Domain Controller Options

Active Directory Domain Services Installation DNS AD DS . DC forest global catalog(GC) DC ( RODC. )

. Next .1 IPv6 . IP

IPv6 1 IPv4 IPv4 . .

( ) IP. Yes .8 DNS . . DNS

. 9 . Yes .9. Next SYSVOL Location For Database Log Files .11

. AD DS .

Password Directory Services Restore Mode Administrator Password .11 .. Next. Confirmed Password

. .11 . Back

. Next .12 Reboot On Completion . . AD DS .

Active Directory identity and access . AD DS IDA . AD DS

.



. 2008 AD DS Server Manager .

Dcpromo.exe AD DS DC .

CD . 1

. . " " ) ( DC .1

A. DNS B. NetBIOS C. DHCP IP DC D. DNS

forest . Litware Trey Research .1 2008 DC Trey Research Forest . Litware Litware DC 2003 2008 DC .

. A. forest 2008 2008 Litware B. forest 2003 2008 Litware C. forest 2008 2003 Litware D. forest 2003 2003 Litware

Server Core Active Directory Domain Services: 2 DC

- 2008 . . Server Core -

Server Core Windows Explorer Microsoft .NET Framework . Server Core .

DC( . Local )Server Core . DC .

: . Server Core

Server Core . AD DS .

11 : Server Core

111 2( Server Core) 2008 Server Core .

.



Server Core . .

Server Core . 9 Active Directory Domain Services

Active Directory Lightweight Directory Services (AD LDS)

Dynamic Host Configuration Protocole (DHCP) DNS Streaming Media ( IIS( . )Dynamic )ASP.NET Hyper-V (Windows Server Virtualization) : 11 Microsoft Failover Cluster

Network Load Balancing

UNIX Multipath I/O

) Removable Storage) ( Bitlocker) Simple Network Management protocol(SNMP)

Windows Internet Naming Service(WINS)

Telnet ) QOS) Server Core

Server Core . 1 1 Server Core Server Core 9-1 ) )Windows Explorer .

Administrator . Administrator DVD 2008

.



Install Windows Operating Systems 1 -9

Initial Configuration Tasks 2008 1-1 . Server Core

?/ . .

Server Core 1-1 Ctrl+Alt+Del Administrator

. :

Net user administrator Netsh interface ipv4 1 IP

Cscript c:\windows\system32\slmgr.vbs (Activate) ato

Netdom Server

Core Ocsetup.exe

.

Oclist.exe



Remote Desktop Cscript c:\windows\system32\scregedit.wsf /AR 0

DC Dcpromo.exe DNS Dnscmd.exe DFS Dfscmd.exe

. AD DS . Server Core Ocsetup.exe . Dcpromo.exe AD DS

Server Core AD DS Dcpromo.exe AD DS Server Core AD DS

. ?/ Dcpromo.exe . dcpromo.exe /?:promotion : DC .

-8535-46fb-402d-http://technt2.microsoft.com/windowsserver2008/en/library/bcd896598da1feb8d4111033.mspx .

Server Core AD DS " Server Core DC " 2 .

DC DC . DC . Dcpromo.exe DC . Active Directory

DC . AD DS DC DC dcpromo.exe /?:demotion Server Core .

DC Administrator AD DS .

Server Core DC . 1 forest contoso.com DC

. 1 . DC Server Core DC Server Core 1

. Server Core 1. DVD . 2008

. . DVD ISO . .1

DVD DVD . DVD BIOS . DVD

Next keyboard layout language ,regional setting .2. . Install Now .1 . Next (Windows Server 2008 Standard (Server Core Installation .1 . Next I Accept The License Terms .1 . (Custom (Advanced .1
http://technt2.microsoft.com/windowsserver2008/en/library/bcd89659-402d-46fb-8535-8da1feb8d4111033.mspxhttp://technt2.microsoft.com/windowsserver2008/en/library/bcd89659-402d-46fb-8535-8da1feb8d4111033.mspx



2008 Where Do You Want To Install Windows .8 Driver ( extend . )

Options (Advanced) . . Next .9 . Administrator . .11 Confirm New Password Administrator . .11

Password Enter . : 1

A Z a z 9 0 ! @ # $

. . Administrator . OK .11

Server Core 2 . TCP/IP

. netdom renamecomputer %computername% /newname:Server02 .1"Y" . . Ipv4 .1

Netsh interface ipv4 set address name="Local Area Connection" Source=static address=10.0.0.12 mask=255.255.255.0 Gateway=10.0.0.1 Netsh interface ipv4 set dns name="Local Area Connection" Source=static address=10.0.011 primary

. ipconfig/all IP .2 . shutdown r t 0 .1 . Administrator .1 . netdom join %computername% /domain:contoso.com .1 . Administrator shutdown r t 0 .1 . oclist .8

.DNS-Server-Core-Role : DNS . Enter ocsetup .9

. Server Core ! . OK .11 ocsetup DNS-Server-Core-Role .11

. . DNS oclist .11

Server Core DC 3 . Server Core AD DS Dcpromo

. Enter ?/ Dcpromo.exe .1 .



. Enter dcpromo.exe /?:Promotion .1 .

: AD DS .2Dcpromo /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:contoso.com /Confirmgc:Yes /Username:CONTOSO\Administrator /Password:* /safeModeAdminPassword:P@sword

. OK contoso Administrator .1 . AD DS

DC 4 . Server Core AD DS

. Server Core Administrator .1 password dcpromo /unattend /AdministratorPassword:password .1

Administrator ( Strong ) AD DS . Enter .

2008 Server Core Server Core 2008

. Server Core . Ocsetup.exe Server Core AD DS . AD DS

Dcpromo.exe . DC Dcpromo.exe /unattend .

CD . 1

. contoso.com DC. SERVER02 Administrator .1

. DC . Server Core A. Administrator B. Domain Admins C. Domain Controllers D. DNS

1. SERVER02 Server Core . AD DS . Active Directory Certificate Services(AD CS) .

A. AD CS . B. AD FS . C. AD RMS . D. Windows Server 2008 (Full Installation) .



Active Directory Users And Computers AD DS Active Directory IT . OU

. " " 1 . :

. Active Directory

SERVER01 . 2008 . 1 . contoso.com DC

OU Active Directory Users and Computers snap-in . .

. snap-in( MMC (Microsoft Management Console

. . OU

" Active Directory "

Active Directory snap-in: 1 . Active Directory snap-in

. Active Directory snap-in .

MMC . MMC Administrative Tools ( . Windows Explorer . )

. 1-1 . Actions Show/Hide Action Pane Show/hide Console Tree

Customize View . . snap-in

MMC ) snap-in . ( . snap-in Administrative Tools . MMC Computer Management . Task Scheduler Event Viewer Services

Computer Management . . Task Scheduler Event Viewer Services

Actions . actions MMC Action .

. Actions .



MMC 1 -1 : . MMC

. user . . .

Active Directory . snap-in Active Directory

Active Directory Users and Computers . Active Directory .

Active Directory Site and Services ."Site and Replication" 11 .

Active Direcroty Domains and Trusts trust forest . "Domains and Forests" 12 .

Active Directory Schema Active Directory . schema Active Directory . . . Server . AD DS Active Directory

Manager Active Directory Users and Computers Active Directory Sites and Services features RSAT DC Active Directory.

Server Manager 1 . 2008 .

Active Directory . Server Manager Roles and Active Directory Domain Services

Administrative . Administrative Tools Tools Home System and Maintenance . Administrative Tools

. Administrative Tools .

. Properties .1 . Customize .1

details pane

Show/Hide console tree Show/Hide actions pane

Console tree Actions pane



Display On The System Administrative Tools .2All Programs Menu And The Start Menu Display On The All Programs Menu .

. Display Administrative Tools . OK .1

.

. . Administrator .

. Run As Administrator . Run As Administrator MMC User Account 1-1 . Shift

Control .

. Account Control 1 -1 . .1 . OK .1 .

properties .Advanced Run As Administrator . . User Account Control

Active Directory snap-in



. : MMC

.

. . .

mmc.exe Start Search . MMC MMC Add/Remove Snap-in File . Enter . " MMC " 2 "MMC " 1 " MMC " 1

.

Option File . User author .

User . User . . User-Full Access .

User-Limited Access ( Multiple WindowSingle Window ( .

Author User .

Administrative Tools . msc. Start Menu .

:%userprofile%\AppData\Roaming\Microsoft\Windows\StartMenu .

Start Menu .

. access-denied .

. .

. USB . mmc.exe

. RSAT snap-in . snap-in

. User . Author .

MMC

. . MMC .



MMC 1 Computer Active Directory Users And Computers Active Directory Schema

Management MMC . Active Directory DC . . SERVER01 Administrator .1 . Enter mmc.exe Start Search .1

MMC . 1 -2 Add Or Remove Snap-ins . Add/Remove File .2

.

Add Or Remove Snap-ins 1 -2 . RSAT

Active Directory Users And Available Snap-ins Add Or Remove Snap-ins .1Computers .

Active Directory . Selected Snap-ins Add .1Schema AD DS RSAT .

. OK .1 . cmd.exe Start Search .1 Active DLL . regsvr32.exe schmmgmt.dll .8

Directory Schema . . . OK. .9 . Active Directory Schema 1 1 .11 . File Add/Remove Snap-in .11



Computer Managenent Available Snap-ins Add Or Remove Snap-ins .11 .

1 -1 . Add .12 .

1 -1

Local Computer . Another Computer .

. Browse 11. Another Computer SERVER01 . . Finish .11 . OK .11 . MyConsole.msc .11 . .18

MMC 2 DC 1 Event Viewer

. . MyConsole.msc .1 . Add/Remove Snap-in File .1 . Event Viewer Available Snap-ins Add Or Remove Snap-ins .2 . Add .11. Another Computer SERVER01 . . OK .1



. OK .1 . .8

MMC 3 . extension .

1. MyCosole.msc . . Add/Remove Snap-in File .1 . Event Viewer Selected .2 . Move Up .11. Active Directory Schema . . Remove .1 . Computer Management Selected .1 . Extension. Edit Extensions .89. Enable Only Selected Extensions . 11. Event Viewer . . OK .11 . .11

4 . user

. MMC 1. MyConsole.msc . . Options File .1 . User Mode Full Access Cosole Mode .2 . OK .1 . .1 . .1 . Add/Remove Snap-in. File .1 . .8 . Author .9 . Add/Remove Snap-in author File .11 . .11

MMC . Active Directory Users And Computers

Administrative Tools Server Manager Active Directory .

. . Run As Administrator



MMC . .

user .

Active Directory Users. Contoso, Ltd .1

and Computers . Access Denied . .

A. Server Manager . B. dsa.msc . C. Run As Administrator .

. D. . DSMOD USER

P .

Active Directory: 2 Active Directory

. OU . . . OU

Active Directory Active Directory " Active Directory "

. .

: OU OU Active Directory Users and Computers

11 :



( OU(Organizational Unit OUcontainer Active Directory OU . OU .

OU . . .

OUcontainer . : OU

1. Active Directory Users and Computers snap-in Organizational New OU OU Domain .1

Unit . OU .2 Protect Container From Accidental Deletion .1 . OU . OK .1

. . Properties OU .1

OU . OU Description. Managed By . OU

Select . Name Change . OU User,Contact,Or Group . .

Select User,Contact,Or Group . Groups Object Types Name Managed By .

Managed By. . OU

. OK .1. Protect Container From Accidental Deletion : 2008

OU . OU : Everyone::Deny::Delete Everyone::Deny::Delete Subtree . . . OU

: OU . OU Advanced Features View Active Directory Users And Computers snap-in .1 Properties OU .1 Advanced Features Object . Object .2

. Protect Container From Accidental Deletion .1 . OK .1 . delete OU .1 . Yes . OU .1 OU OU .8

Confirm Subtree Deletion . Yes .

. Active Directory .1. Active Directory Users And Computer snap-in .



container OU( contoso.com ) .1 ( .Users )

. User New container OU .2 . New Object-User 1-1

. First Name .1 . middle Initials .1 . Last Name .1 Full Name . Full Name

CN . CN OU container . OU container.

. Full Name

New Object - User 1 -1 User Logon Name .1

. @ UPN( User Principle Name ) ( ) Active Directory

. Smith-Bates O'Hara

Active Directory Domains And Trusts UPN . . Properties snap-inActive Directory Domains And Trusts .

Active Directory DNS . UPN Suffixs .

1111 (User Logon Name (Pre-Windows 2000 .8 .

"" 2 . Next .9



. Confirm Password Password .11 . User Must Change Password At Next Logon .11

IT .

. .

. Next .11 . finish .12

. New Object User . Active Directory

. . Properties .11 . .11

" " 8 2 . .

OK .11 .

. .

. :

1. Active Directory Users And Computers snap-in . container OU( contoso.com . ) .1

. . Group New OU container .2 . Group Name .1

. . . 2000

. (Group Nmae(Pre-Windows 2000 .1 . .1

o Security . .



. Distribution

New Object - Group 1 -1

( .Group Scope ) .1o Global o Domain Local

. . o Universal .

. "" 1 Interim Mixed

Security Domain Local Global 12 . . "Forests " . OK .8

. . Properties .9 . .11

. Member Of Members

. 1 . Active Directory Users And Computers snap-in Description

. . Notes . Name Change . Managed By

,Select User . Groups Object Type Contact, Or Group .

. Name Managed By Managed By



Manager Can Update Membership List . . Name

(Delegation . 2 . ( . OK .11

. Active Directory

. ( Join ) (. Desktop101$)

: Active Directory . 1. Active Directory Users And Computers snap-in . container OU( contoso.com . ) .1

( .Users ) . Computer New OU container .2 .. Computer Name .1

. ( Computer Name (Pre-Windows 2000 . (Computer Name(Pre-Windows 2000 .1 Domain Admins . User Or Group .1

. Change . .

. "" 1 join . Assign This Computer Account As A Pre-Windows 2000 Computer

. NT 4.0

New Object - Computer 1 -1

OK .1 .

. Properties .8



. .9 .

) ( Description .

Active Directory Users And Computers snap-in Description .

DNS Name DC Type Site . Operating System Name Version Service Pack .

. . Name Change . Managed By

,Select User . Groups Object Type Contact, Or Group . Managed By . Managed By . Name

. . . OK .11

Active Directory . Active Directory

: . Active Directory o . o .

. o ) Linked Properties . )

Managed By . . Managed By .

o Active Directory . Active Directory

. . Active Directory Users And Computers

Active Directory Users And Computers . View Add/Remove Columns .

. User Logon Name ) OU

. Type( .

Last . Windows Explorer . Name .

DN . . Active Directory Users And Computers Saved Queries 2003

. : OU Active Directory Users And Computers .1

Server Manager Active Directory Users And Computers



Active Directory Users And Computers .

Query New Saved Queries .1 .2 . Description .1 Browse .1

. OU .

Define Query .1 Find Common Queries .1

. . OK .8

Active Directory Users And Computers (dsa.msc ( .

. ( import( )export) XML

. Last Name .

OU OU OU Last Name . .

. . .

http://www.petri.co.il/saved_queries_in_windows_2003_dsa.htm

Select Users, Contacts, Computers, Or Groups ,Select Users

Contacts, Computers, Or Groups . 8-1 Select . Properties Members . Add
http://www.petri.co.il/saved_queries_in_windows_2003_dsa.htmhttp://www.petri.co.il/saved_queries_in_windows_2003_dsa.htm



Select Users, Contacts, Computers, Or Groups 1 -8 . Enter The Objects Names To Select OK . 8-1 ";" Check Names . . 9-1

Check Names 1 -9 OK . dan jfine 8-1 . . Check Names

Dan . 9-1 jfine Multiple Names Found . 11 -1 OK .

. 9 -1

Multiple Names Found 1 -11 . Select

. Location ( Local)



( Select Users, Contacts, Computers, Or Groups) Select . . Managed By . . Select .

Object Types 11 -1 Objects Types OK . -1 . Select Advanced 11 Common Queries . . Object Types .

Object Types 1 -11



Select 1 -11

Find . Active Directory Active Directory Find Objects In Active Directory Domain Services

Users And Computers 12 -1 . . Find

. In .

. In Find .

Find 1 -12



. . Custom Search Find . OU " *OU=*main " . LDAP Advanced OUDomain controllers . "main" . Domain "main"

. ( wildcard)

. Find Now . Properties Move Delete Add Printer Wizard . Search Active Directory . . OpenQueryWindow rundll dsquery .

Dsquery Active Directory Users And Computers Dsquery . DS "DS"

DS . ?/ dsquery.exe . DS dsquery userdsquery computerdsquery group .

dsquery ou OU . description . name . . ( samid-) 1111 . (desc-) . ?/ dsquery objecttype *dsquery user name jam "jam" name .

dsquery. .. 1 "*" . DN 11 -1

Dsquery 1 -11 o samid . o DN . o upn 1111

CNDNRDNDN Active Directory . Active Directory DN . DN CN=James Fine,OU=People,DC=contoso,DC=com James Fine DN top-level DNS . CN

common name Full Name CN .OU OU DC . RDN (relative distinguished name (RDN container OU DN DNOUPeople . CN RDN .CN=James Fine

OU=People,DC=contoso,DC=com RDN OU=People.



. container RDN DN : . CN OU . . DNs Active Directory . .

Active Directory OU . Active Directory

. . .

OU 1 Users and Computers container Actvie Directory .

OU . OU . OU. contoso.com . SERVER01 Administrator .1 . Active Directory Users And Computers .1 . Domain .2 . Organizational Unit New Domian .1 . People OU .1 . Protect Container From Accidental Deletion .1 . OK .1 . Properties OU .8 . Non-administrative user identities Description .9 . OK .11 . OU 11 1 .11

OU OU Clients Client computers

Groups Non-administrative groups

Admins Administrative identities and groups

Servers Servers

2 . OU Active Directory Users And Computers Server01 Administrator .1

. . People OU " " .1

. . People OU( contoso.com ) Domain .2



. User New People OU .1 . Dan First Name .1 . Holme Last Name .1 . dholme User Logon Name .1 . dholme (User Logon Name (Pre-Windows 2000 .8 . Next .9 . .11 . User Must Change Password At Next Logon .11 . Next .11 . Finish .12 . Properties .11 . . Properties .11 . OK .11 . People OU 11 2 .07

James Fine

o First name: James

o Last name: Fine

o Full name: James Fine

o User logon name: jfine

Barbara Mayer

o First name: Barbara

o Last name: Mayer

o Full name: Barbara Mayer

o User logon name: bmayer

o Pre-Windows 2000 logon name: bmayer

Barbara Moreland

o First name: Barbara

o Last name: Moreland

o Full name: Barbara Moreland

o User logon name: bmoreland

o Pre-Windows 2000 logon name: bmoreland

. People OU 11 2 .18 .

. Admins OU 11 2 .19 . admin_ .

3 OU . join

. . 1



Active Directory Users And Computers Server01 Administrator .1 .

. Servers OU ( contoso.com ) Domain .1 . Computer New Servers OU .2 . FILESERVER01 Computer Name .1 . (Computer Name (Pre-Windows 2000 .1 . . User Or Group Field .1 . OK .1 . Properties .8 . .9 . OK .11 . 8 2 .11

SHAREPOINT02

EXCHANGE03

. Clients OU 8 2 .11 DESKTOP101

DESKTOP102

LAPTOP103

4 . OU . Active Directory Users And Computers Server01 Administrator .1

. . Groups OU( contoso.com ) Domain .1 . Group New Groups OU .2 . Finance Group Name .11. Group Type Security . 1. Group Scope Global . . OK .1 . Properties .8 . . .9 . OK .11 : Groups OU global 8 2 .11

o Finance Managers

o Sales

o APP_Office 2007

: Admins OU global 8 2 .11o Help Desk



o Windows Administrators

5 .

. Select . Active Directory Users And Computers Server01 Administrator .1

. . Admins OU Properties .1 . Member Of .2 . Add .1 . Domain Admins Select Groups .1 . OK .1 . OK .1 . Admins OU Help Desk Properties .8 . Members .9 . Add .11 . Barb Select .11 . Check Names .1112. Barbara Mayer OK . . OK .11 . OK .11 . Groups OU APP_Office 2007 Properties .11 . Members .11 . Add .18 . DESKTOP101 Select .19 . Check Names .11 . Name Not Found Cancel .11 . Object Types Select .1112. Computers OK . . Check Names .11 . OK .11

Active Directory 6

. .



Active Directory Users And Computers Server01 Administrator .1 .

. Find Objects In Active Directory Domain Services .1 . contoso.com In .2 . Barb Name .1 . Find Now .1 . Barbara .1 . .1 . Network .8 . Search Active Directory .9 . 1 2 .11 New Saved Queries Active Directory Users And Computers .11

. Query . All Users Name .11 . Users for the entire domain Description .12 . Define Query .11 . Has A Value Name Users .11 . OK .1111. View Add/Remove Columns . . Add Available Last Name .18 . Remove Displayed Type .19 . OK .11 . Description Name Last Name .11 . Last Name .11

OU container .

OU. .

. Properties.

Description Managed By Notes .



OU . View Advanced Features . Properties OU Object

.

OU Dsrm. elevated .1

Dsrm Failed: Access. James Is Denied .

A. Administrators . B. Administrators OU . C. ( owner . ( D. OU .

Active Directory (Delegation) : 2 . OU . Administrators

. Administrators . . . Active Directory( ACL) :

Active Directory . Active Directory

(effective ) OU 21:

. . . . Active Directory

.



access control entries (ACEs) ( ) .ACE discretionary access control list (DACL) .DACL ACL

. ( Auditing) ( SACL) . Active

Directory . . Active Directory ACL

ACL Active Directory . ACL : Active Directory Users And Computers .1 View Advanced Features .1 Properties .2 Security .1

. Properties Security Advanced Features . 11 -1 Properties Security

Active Directory Properties Security 1 -11 Advanced .1

Security



. Active Directory Advanced Advanced Security Settings .

11 -1

1 -11 Advanced Security Settings ACE . DACL Permission . DACL ACE . . ACE

. Edit entry entry ACE .1 11 -1 entry ACE Permission Entry .



Permission Entry 1 -11

DACL 11 -1 . .

. . . . . reset . reset . . ACEAllow::Modify Permissions . . ( Child) .

OU ACEAllow::Create Computer Objects. OU . . Apply To Properties Object

Advanced Security Settings . James Fine Delegation . DACL ACE

Of Control OUUsers . ACTIVE DIRECTORY USERS AND COMPUTERS .1 Advanced Features View .1



Properties .2 Security .1 Advanced .1 Add .1

Add Edit .

. Select .1 . .

. OK .8 . Permission Entry

. .9 . Allow::Reset Password Object . OK .11

.

OU . OU . OU OU .

. container OU. OU container . . Include Inheritable Permissions From This Object's

Parent 11 -1 . . . OU Apply To .

Permission Entry . : . ( container OU ) : Advanced Include Inheritable Permissions From This Object's Parent : .

Security Settings . . . . ( explicit)

explicit . explicit . ( deny) ( .allow) . . explicit

Delegation Of Control Permission Entry DACL . . Delegation Control . . ACTIVE DIRECTORY USERS AND COMPUTERS .1 Delegation Control ( OU ) .1

. . OU .



. . Next .2 . Add Users or Groups .1 . OK Select .11. Next . . Force Password Reset User Passwords . Tasks To Delegate .1

Change at Next Logon . . Next .8 ACE . Finish .9

. . Advanced Security Settings and Permission Entry DACL . DN . Dsacls.exe : OUPeople .

Dsacls.exe "ou=people,dc=contoso,dc=com" : syntax . dsacls

Dsacls.exe /?

Advanced .

Security Settings Permission Entry . Advanced Security Settings Restore Default . schemaActive Directory

s/ Dsacls. DACL explicit . . t/

OUPeople : Dsacls "ou=people,dc=contoso,dc=com" /resetdefaultdacl

(effective) explicit ACE OU . . Allow::Reset . explicit ACE

. ACE . .

. . .

. ( deny) . . . . . .



. explicit . explicit .

explicit Advanced Security Settings Effective Permissions . Dsacls . . . Active Directory Windows: .

Administration Resource Kit:Productivity Solutions for IT Professionals ) (.1118

OU containerOU (visibility) . : . OU PeopleOU . OU . OUPeople . .

. OUPeople . .

. Admins OU . . OUPeopleOU . OUClients . Server Administration OUServers Active Directory . OU Active Directory . OU. OU . OU OUClients .

. . . OU

. Active Directory. 1 ActiveACL contoso.com

Directory " 1 . Active Directory" .OU .

1 . OUPeople .Active Directory Users And Computers SERVER01Administrator .1



Delegate Control OUPeople( contoso.com) Domain .1 .Delegation Of Control

. Next .2 . AddUsers Or Groups .1 . OKHelp Desk Select .1 . Next .1 Reset User Passwords And Force Password Change At Next LogonTask To Delegate .1

. . Next .8 . Finish .9 2 . . Active Direcotry Users And Computers SERVER01Administrator .1 . Properties OUPeople .1

Advanced Features. Security . Properties Security

. Properties OK .2 . Advanced Features View .1 . Properties OUPeople .1 . Security .1 . Advanced .1 . Help Desk Permission Entries .8 . Edit .9 . OK Permission Entry .11 . Help Desk 11 8 .11 Help Desk 11 1 OUPeople ACL .11

. .Enter "dsacls "ou=people,dc=contoso,dc=com .12 . Help Desk .11 Active Directory

. ACE DACLActive Directory . DACLAdvanced Security Settings Properties . Delegation of Control ACL . Advanced Security Settings Dsacls/resetDefaultDACL

. OU .OUOU . explicit

. explicit .

explicit . explicit .



. reset .1A. Delegation of Control Wizard B. DSACLS C. DSUTIL D. Advanced Security Settings

2

identity and access (Active Directory Domain Services(AD DS " " 1

. identity . .

. " " 1

. . Microsoft Windows PowerShell .

. .

Windows PowerShell Microsoft Visual Basic Script (VBScript) .

. .

Active Directory

o Active Directory o Active Directory :

: 1 1 :Windows PowerShell VBScript : 2

. contoso.com DC SERVER01

. 1



. . .

. .

. .

: 1 . Active Directory Users And Computers 1

1 . .

: ( Templates. ) CSVDE LDIFDE

21 :

. ( home folders ) ( roaming )

. .

. NT 4.0 .

.

.. Copy Object User . Copy

. Properties .

: . General . Address .

. Account ) home drive )

. Organization . Member Of . .



Active Directory Users And Computers . assistant division

Active . ( employee ID( )employee type)Directory Users And Computers View Advanced Features .

. Attribute Editor Properties assistant division.

.

Active Directory schema . 827832 Knowledge Base .

http://support.microsoft.com/kb/827832 . .

(DS )Comma-Seperated Values data Exchange(CSVDE ) LDAP Data Interchange Format Data Exchange (LDIFDE) Windows PowerShell

. .

Active Directory DS . DS . Dsquery.exe 1

: 2008 Dsadd Dsget Dsmod Dsmove OU container Dsrm Dsquery

o DN. dn user principle samid dn, rdn, upn name(UPN) dn (rdn )pre-Windows 2000 logon names(security account manager ID) .

. DN DS : Mike Fitzmaurice

Dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"

) DN . DN . user Mike Fitzmaurice )DN : .

Dsrm user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"

Dsmod.exe Dsquery.exe Dsget.exe DS . DN .

. Dsget user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" -hmdir
http://support.microsoft.com/kb/827832http://support.microsoft.com/kb/827832



Active hmdir DS Directory Users And Computers .

Dsadd DSADD USER UserDN. Active Directory

. :

Dsadd user "user dn" -samid pre-windows 2000 logon name pwd {password | *} -

mustchpwd yes

. "*". pwd mustchpwd .

DSADD USER . DSADD. company email -profile

USER : DSADD USER /? Help And Support Center 2008 .

. SAM ID %username% webpg email -hmdir -profile DSADD USER

: -hmdir \\server01\users\%username%\documents

CSVDE

Active Directory (comma-delimited comma-separated csv . (

. Microsoft Office Excel Notepad CSVDE Access Excel

. : CSVDE

Csvde [-i] [-f Filename] [-k]

Active Directory. i k. f .

CSVDE Object Already Exist Constraint Violation Attribute Or Value Already Exists .

( txt. csv. ) . LDAP : .

DN,objectClass,SamAccountName,sn,givenName,userPrincipleNam

"cn=Lisa Andrews,ou=People,dc=contoso,dc=com",user,lisa.andrews ,

Lisa,Andrews,[email protected]

. OU People Lisa Andrews CSVDE .

. .
file://server01/users/%25username%25/documents



. "" 1 "" 1 Help and ?/ csvde CSVDE

Support Center . 2008 LDIFDE

LightWeight Directory. Active Directory Access Protocol Data Interchange Format (LDIF)

LDIF. LDAP LDIFDE.

. LDIF . LDIF

":" . Tony Krijnen April Stewart .

: LDIF . Dn: CN=April Stewart,OU=People,DC=contoso,DC=com

ChangeType: add

CN: April Stewart

Objectclass: user

sAMAccountName: april.stewart

userPrincipleName: [email protected]

givenName: April

sn: Stewart

displayName: Stewart, April

mail: [email protected]

description: Sales Representative in the USA

Title: Sales Representative

Department: Sales

Company: Contoso, Ltd.

Dn: CN=Tony Krijnen,OU=People,DC=contoso,DC=com

ChangeType: add

CN: Tony Krijnen

Objectclass: user

sAMAccountName:tony.krijnen


givenName: Tony

sn: krijnen

displayName: Krijnen, Tony


description: Sales Representative in the Netherlands


Department: Sales


ChangeType. DN )(. delete)( modify)( add :

LDIF . LDIF
mailto:[email protected]:[email protected]:%[email protected]:%[email protected]



. LDIFDE LDIF : . ?/ ldifde

-I . Active Directory .

-f FileName LDIF . . Active Directory Newusers.ldf

Ldifde -I -f newusers.ldf

. 1-2. LDIFDE 1 -2

-i -f filename

-s servername DC -c FromDN ToDN FromDN ToDN

-v Verbose

-j path Log ?-

-d RootDN LDAP .

-r Filter LDAP .(objectClass=*)

-p SearchScope . subtree (container onelevel( container) base( (container (

-l list .

-o list .

-k Constraint Violation Object Already Exists

. LDIFDE CSVDE 640-70

Active Directory. LDIFDE . I Active Directory

Dsadd . .



LDIFDE CSVDE . .

.

. contoso.com OU People OU Groups global security OU Groups Sales 1

. .

. Administrator SERCER01 .1 . Active Directory Users And Computers .1 . User New OU People .2 . Sales_ First Name .1 . Template Last Name .1 . Next salestemlate_ User Logon Name .1 . Confirm Password Password .1

. Finish Next . Account Is Disabled .8 . OU People "_"

. . Properties .9 . Organization .11 .Sales Department .11 . Contoso,Ltd Company .11 . Member Of .12 . Add .11 . OK Sales .11 . Profile .11 . %Server01\profiles\%username\\ Profile Path .1118. OK .

. .

. copy Sales_ .19 . Object-User

.Jeff First Name .11 .Ford Last Name .11 . Next jeff.ford User Logon Name .11 . Confirm Password Password .12 . Account Is Disabled .11
file://Server01/profiles/%25username%25



11. Next Finish . Jeff Ford properties .11

Dsadd 1 . OU People Mike Fitzmaurice Dsadd

. .1 : Enter .1

Dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" samid mike.fitz pwd * -

mustchpwd yes -hmdir \\server01\users\%username%\documents -hmdrv u:

. 1. .2. Mike properties Active Directory Users And Computers .1

. CSVDE 2

comma-delimited . .

Bullet . bullet. Notepad .1 .

DN,objectClass,sAMAccountName,sn,givenName,userPrincipleName

"cn=Lisa Andrews,ou=People,dc=contoso,dc=com",user,lisa.andrews,Lisa,Andrews,lisa.andre

[email protected]

"cn=David Jones,ou=People,dc=contoso,dc=com",user,david.jones,David,Jones,david.jones@con

toso.com

. Newusers.txt Documents .1 . .2 . Enter cd %userprofile%\Documents .1 . Enter csvde I f newusers.txt k .1

. . . Active Directory Users And Computers .1

. refresh 2000 UPN .1

NewUsers.txt . LDIFDE 1 .

. . . Notpad .1

Dn: CN=April Stewart,OU=People,DC=contoso,DC=com

ChangeType: add

CN: April Stewart

Objectclass: user

sAMAccountName: april.stewart


givenName: April
file://server01/users/%25username%25/documentsmailto:[email protected]



sn: Stewart

displayName: Stewart, April


description: Sales Representative in the USA


Department: Sales


Dn: CN=Tony Krijnen,OU=People,DC=contoso,DC=com

ChangeType: add

CN: Tony Krijnen

Objectclass: user

sAMAccountName:tony.krijnen


givenName: Tony

sn: krijnen

displayName: Krijnen, Tony


description: Sales Representative in the Netherlands


Department: Sales


. Newusers.ldf Documents .1Notepad .txt .

ldf LDIF .

. .2 . Enter cd %userprofile%\Documents .1 . Enter ldifde I f newusers.ldf k .1

. . Active Directory Users And Computers .1

. refresh . NewUsers.ldf .1

Active Directory .

. . .

. Dsadd . comma-delimited CSVDE . LDIFDE Active Directory .

LDIF .
mailto:[email protected]:%[email protected]:%[email protected]



. 1111 Excel .1

. .

A. . B. LDIFDE I . C. CSVDE I D. DSADD USER .

. .1A. LDIFDE B. Dsmod C. DEL D. CSVDE

VBScript PowerShell: 2 . 1

. VBScript PowerShell PowerShell.

. :

Windows PowerShell . 2008 PowerShell cmdlets variables aliases namespaces

providers . PowerShell . VBScript .

11 : PowerShell

PowerShell 2008 . 640-70 . PowerShell Active ( ) cmdlets PowerShell Directory . PowerShell Windows

PowerShell Scripting Guide Ed Wilson .2008) ) PowerShell 121 cmdlet .

. cmdlet command shell cmd.exe BASH

Microsoft .NET Framework PowerShell .

PowerShell . 2008 Server Manager . . Add Features



Windows PowerShell Windows PowerShell. cmd.exe PowerShell. Pin To Start Menu

PowerShell 1 -2 . PS prompt .

Windows PowerShell 2 -1 shell

PowerShell . PowerShell PowerShell . . PowerShell cmd.exe PowerShell cmdlet copy dir cmd.exe . xcopy attrib.exe

. cmdlet. cmdlets PowerShell . - Cmdlet.

. Start-Service Get-Service . cmdlet

Cmdlets PowerShell ) *.PSL )PowerShell .

NET. instance NET. . Get-Service . .

cmdlet PowerShell cmdlet . . properties

. startup . .



. stop start( . . method ) .

. NET. cmdlet cmdlet Get-Service PowerShell .

cmdlet . 1 -2

Get-Service cmdlet 2 -1

-2 Format-List Get-Service . . 2

. Ger-Service Format-List cmdlet 2 -2

. cmdlet Get-Service cmdlet Format-List cmdlet. cmdlet Get-Service .

cmdlet cmdlet Format-List. .



.

"formt list" cmd.exe . . "get-service"

cmdlet Format-List "*" . .

Get-service | format-list -property *

cmdlet Get-Help PowerShell

PowerShell . cmdlet Get-Help cmdlet :

Get-help get-service

get-help get-command detailed . full detailed . get-help get-command full

PowerShell . -cmdlet Get DNS$ . ( $ )

Service DNS : $DNS=get-service DNS

. object reference : DNS cmdlet( status . )

$DNS.status

pipeline variable . pipeline pipeline variable . : "_$"

Get-services- | where=object { $_.status eq "Running"}

. cmdlet Where-Object . Running pipeline variable

cmdlet where-object. cmdlet

where : . Get-service | where {$_.status eq "Running"}

cmdlet . PowerShell cmdlet Dir cmdlet . Get-ChildItem

. UNIX Ls alias cmdlet

Alias dir

. Get-Children Dir cmdlet PowerShell

Cmd.exe . dir/s . dir recurse PowerShell

PSDrive Provider



Cmdlet . . . . provider .

PowerShell PowerShell provider . provider

drive letter . PSDrive provider powerShell . map

PowerShell PSDrive drive letter . PowerShell PSDrive .

HKCU HKLM Hive HKEY_CURRENT_USER HKEY_LOCAL_MACHINE PowerShell . .

: Cd hklm:\software

Dir

PSDrive. environment . get-psdrive

PowerShell . Active Directory PowerShell

PowerShell : $objOU=[ADSI]"LDAP://OU=People,DC=contoso.com"

$objUser=$objOU.Create("user",CN=Mary North")

$objUser.Put("sAMAccountName","mary.north")

$objUser.SetInfo()

: PowerShell Active Directory . OU container .1 . RDN Create container .1 . Put .2 . Active Directory SetInfo .1

. Active Directory container

. container container . PowerShell Active Directory Services Interface (ADSI) ( type adapter. ) Active Directory Active diectory. PowerShell NET Framework. . : DN //:LDAP LDAP

$objOU=[ADSI]"LDAP://OU=People,DC=contoso.com"

PowerShell ADSI OU People objOU.

. "$" Create

Create container . OU People objOU$ RDN. RDN: .



. RDN CN=object name. container RDN OU OU=organizational unit name RDN DC=domain name .

. RDN CN=Mary North $objUser=$objOU.Create("user",CN=Mary North")

. objUser$

LDAP . 2000.

sAMAccountName . sAMAccountName Put :. Put.

$objUser.Put("sAMAccountName","mary.north")

Active (Security Identifier (SID Directory .

SetInfo : SetInfo

$objUser.SetInfo()

. sAMAccountName . Put .

: $objUser.put("sAMAccountName",$samAccountName)

$objUser.put("userPrincipalName",$userPrincipleName)

$objUser.put("displayName",$displayName)

$objUser.put("givenName",$givenName)

$objUser.put("sn",$sn)

$objUser.put("description",$description)

$objUser.put("company",$company)

$objUser.put("department",$department)

$objUser.put("title",$title)

$objUser.put("mail",$mail)

$objUser.SetInfo()

SetInfo. . . .

. ()GetInfo. ()SetInfo Active Directory Users And Computers Attribute Editor LDAP Attribute Editor . View Advanced Features .

: . LDAP $objUser.psbase.properties

$objUser | get-mamber

.

PutEx() .



PowerShell user array PutEx

SetPassword Put :

$objUser.SetPassword("C0mp!exP@ssw0rd")

. . LDAP Kerberos PowerShell

.. Put ( flag . )

: $objUser.psbase.invokeSet("AccountDisabled",$false)

$objUser.SetInfo()

PowerShell 640-70

PowerShell cmdlet. .

Excel. Excel CSV. . PowerShell( CSV. ) comma-delimited

: Newusers.csv csv.. Newusers.csv

Cn,sAMAccountName,FirstName,LastName

John Woods,john.woods,Johnathan,Woods

Kim Akers,kim.akers,Kimberly,Akers

. LDAP .

PowerShell : $dataSource=import-csv "newusers.csv"

: foreach . Foreach($dataRecord in $datasource)

{

# do whatever you want to do

}

dataRecord$ ForEach Cmdlet $dataRecord . $dataRecord . :

$dataRecord.FirstName

: $givenName=$datarecord.FirstName

. LDAP :

$objUser.Put("givenName",$givenName)

. givenName LDAP .

.



: Userimport.psl

$objOU=[ADSI]"LDAP://OU=People,DC=contoso,DC=com"

$dataSource=import-csv "NewUsers.csv"

Foreach($dataRecord in $datasource) {

#map variables to data source

$cn=$dataRecord.cn

$sAMAccountName=$dataRecord.sAMAccountName

$givenName=$dataRecord.FirstName

$sn=$dataRecord.LastName

$displayName=$sn + ", " + $givenName

$userPrincipleName=$givenName + "." + $sn + "@contoso.com"

#create the user object

$objUser=$objOU.Create("user","CN="+$cn)

$objUser.Put("sAmaccountName",$sAMAccountName)

$objUser.Put("userPrincipleName",$userPrincipleName)

$objUser.Put("displayName",$displayName)

$objUser.Put("givenName",$givenName)

$objUser.Put("sn",$sn)

$objUser.SetInfo()

$objUser.SetPassword("C0mp!P@ssw0rd")

$objUser.psbase.InvokeSet("AccountDisabled",$False)

$objUser.SetInfo()

}

. container . foreach . dataRecord$ . .

LastName, FirstName displayName$. . [email protected] userPrincipleName$

. OU Create . PowerShell

. PowerShell : PowerShell

Set-executionpolicy remotesigned

PowerShell . .

PowerShell http://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/run.mspx#EXC .

. . scriptname\. .

: .\UserImport.psl

VBScript
mailto:[email protected]://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/run.mspx#EXChttp://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/run.mspx#EXC



VBScript . vbs Notepad VBScript .

Wscript.exe :

Cscript.exe scriptname

automation (Windows Scripting Host (WSH Cscript.exe Wscript.exe framework VBScript .

VBScript VBScript Active Directory ADSI VBScript . : PowerShell

Set obj=Getobject("LDAP://OU=People,DC=contoso,DC=com")

Set objUser=objOU.Create("user","CN=Mary North")

objUser.Put "sAMAccountName","mary.north"

objUser.SetInfo()

GetObject VBScript. OU container ADSI DN . VBScript Set .

DN Create OU PowerShell . Set . . VBScript Put Po

Translate by Amir RajabiExam-70-640 ChalghoozAcademy.com

Documents

Transcript of Translate by Amir RajabiExam-70-640 ChalghoozAcademy.com