Managing Computer Accounts
- Active Directory allows you to control, with great specificity, the groups or users that can join a computer to a domain computer account.
- Although the default is Domain Admins, you can allow any group (for example, a group called “Installers”) to join a machine to an account. This is most easily achieved while creating the computer object.
- When you create a computer object, the first page of the New Object–Computer dialog box (previously shown in Figure 5-1) indicates The Following User Or Group Can Join This Computer To A Domain.
- Click Change and you can select any user or group. This change modifies a number of permissions on the computer object in Active Directory.
Configuring Computer Properties
- Open a computer object’s Properties dialog box to set its location and description, configure its group memberships and dial-in permissions, and link it to a user object of the computer’s manager.
- The DSMOD command can also modify several of the properties of a computer object.
Finding Objects in Active Directory
- The Active Directory Users and Computers snap-in provides easy access to a powerful, graphical search tool.
- This tool can be used to find a variety of object types. Click the Find Objects
- In Active Directory button on the console toolbar. The resulting Find Computers dialog box is illustrated in Figure below.
Configuring computer properties
- You can select the type of object (Find), the scope of the search (In), and specify search criteria before clicking Find Now.
No comments:
Post a Comment