Scribd Logo
Upload

Welcome to Scribd!

  • AD

    Uploaded by

    pradeepudit2009
    21 views7 pages
    ww

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ww

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views7 pages

    AD

    Uploaded by

    pradeepudit2009
    ww

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Manage Users, Groups, and

    Computers

    Manage users
    Create a new user account
    Reset a user password
    Copy a user account
    Move a user account
    Set logon hours
    Disable or enable a user account
    Map a certificate to a user account
    Change a user's primary group
    Delete a user account
    Rename a user account
    Manage groups

    Create a new group
    Add a member to a group
    Allow anonymous users to be members of the Everyone security group on a domain controller
    Convert a group to another group type
    Change group scope
    Delete a group
    Find groups in which a user is a member
    Assign user rights to a group in Active Directory

    Manage computers
    Create a new computer account
    Add a computer account to a group
    Delete a computer account
    Manage a remote computer
    Move a computer account
    Reset a computer account
    Disable or enable a computer account

    Manage Domains
    Create a new forest
    Create a new domain tree
    Create a new child domain
    Manage a different domain
    Remove a domain
    Manage the domain using a different domain controller
    Add user principal name suffixes
    Delete extinct domain metadata
    Raise the domain functional level
    Assign, change, or remove permissions on Active Directory objects or attributes
    Modify the AdminSDHolder container
    Manage Organizational Units
    Manage Domain Controllers

    Manage Domain Controllers

    Create an additional domain controller
    Demote a domain controller
    Rename a domain controller
    Disable signed or encrypted LDAP traffic
    Publish Resources
    Publish a shared folder
    Manually publish a printer in Active Directory

    Manage Operations Master Roles

    Identify operations master roles
    Using a command line
    1. Open Command Prompt.
    2. Type:

    dsquery server -hasfsmo pdc

    Transfer operations master roles
    Seize operations master roles
    Manage Trusts

    Verify a trust
    Using a command line
    1. Open Command Prompt.
    2. Type:

    netdom trustTrustingDomainName/d:TrustedDomainName/verify

    Value Description
    TrustingDomainName Specifies the DNS name of the trusting domain in the trust that is being verified.
    TrustedDomainName Specifies the DNS name of the domain that is trusted in the trust that is being verified.
    Notes
    To perform this procedure, you must be a member of the Domain Admins group or the Enterprise
    Admins group in Active Directory. As a security best practice, consider using Run as to perform
    this procedure. For more information, see Default local groups, Default groups, and Using Run as.
    To open a command prompt, click Start, point to All programs, point to Accessories, and then
    click Command prompt.
    You can verify trusts for shortcut, external, and forest trusts but not realm trusts.
    This command-line method requires the Netdom Windows support tool. For information about
    installing Windows support tools, see Related Topics.
    To view the complete syntax for this command, at a command prompt, type:

    netdom trust | more

    Remove a trust
    Using a command line
    1. Open Command Prompt.
    2. Type:

    netdom trustTrustingDomainName/d:TrustedDomainName/remove/UserD:User/PasswordD:*

    Create a shortcut trust
    Using a command line
    1. Open Command Prompt.
    2. Type:

    netdom trustTrustingDomainName/d:TrustedDomainName/add

    Value Description
    TrustingDomainName Specifies the DNS name (or NetBIOS name) of the trusting domain in the trust being created.
    TrustedDomainName Specifies the DNS name (or NetBIOS name) of the domain that will be trusted in the trust being created.
    Notes
    To perform this procedure, you must be a member of the Domain Admins group or the Enterprise
    Admins group in Active Directory, or you must have been delegated the appropriate authority. As
    a security best practice, consider using Run as to perform this procedure. For more information,
    seeDefault local groups, Default groups, and Using Run as.
    To open a command prompt, click Start, point to All programs, point to Accessories, and then
    click Command prompt.
    This command-line method requires the Netdom Windows support tool. For information about
    installing Windows support tools, see Related Topics.
    Other switches can be used to assign a password or determine the direction of the trust. For
    example, to make the above trust a two-way, transitive trust you would use the following syntax:

    netdom trustTrustingDomainName/d:TrustedDomainName/add/twoway
    To view the complete syntax for this command, at a command prompt, type:

    netdom trust | more

    Create an external trust
    Create a realm trust
    Select the scope of authentication for users
    Manage Forest Trusts

    Create a forest trust
    The command-line tool Dsmod.exe does not support the addition of security principals in one
    forest to groups that are located in another forest when both forests are joined by a forest trust.
    You can use the Active Directory Users & Computers snap-in to add security principals across a
    forest trust.

    Change the routing status of a name suffix
    Enable or disable an existing name suffix from routing
    Exclude name suffixes from routing to a local forest

    You might also like