« 上一篇下一篇 »

4-00 Chapter Summary

Case Scenario Exercise
You are in the process of building your Active Directory, and have some user data from the Human Resources department that includes first and last name, address, and telephone number. Company policy states that the user logon name should be the combination of first name or initial and last name (for example, Ben Smith would be bsmith).
You have 500 users, 30 groups, and 10 OUs. In practical terms, what is the best way to get your Active Directory set up as quickly and easily as possible?
Although there is no absolutely correct answer, there are different levels of complexity to consider. A blending of methods is probably best, given the following considerations:
■ The user data can be edited as needed, but those edits are minimal, and the users can be brought into Active Directory using LDIFDE.
■ The OU construction can be part of the user construction, all from the same file, with minimal editing. For the OUs, use LDIFDE as well.
■ The groups might be another matter. Because group membership is a multivalued attribute in Active Directory, group membership must be listed, uniquely, for each group as it is created. It would be very confusing to do that within a single file, and errors would be likely. A better approach is to do the group memberships individually.
4-20 Chapter 4 Group Accounts Troubleshooting Lab
Creating individual objects (users, groups, and computers) in your Active Directory is a straightforward process, but finding objects and their associations after many objects have been created can present challenges. In a large, multiple-domain environment (or in a complicated smaller one), solving resource access problems can be difficult. For example, if Sarah can access some but not all of the resources that are intended for her, she might not have membership in the groups that have been assigned permissions to the resources.
If you have multiple domains with multiple OUs in each domain, and multiple, nested groups in each of those OUs, it could take a great deal of time to examine the membership of these many groups to determine whether the user has the appropriate membership. Active Directory Users And Computers would not be the best tool choice.
You will use the DSGET command to get a comprehensive listing of all groups of which a user is a member. For the purposes of this lab, the user Ben Smith in the contoso.com domain, the Users OU will be used.
1. Choose a user in your Active Directory to use as a test case for the steps that follow. If you do not have a construction that is to your liking, create a number of nested groups across several OUs, making the user a member of only some of the groups.
2. Open a command prompt.
3. Type the following command (substituting your selected user name and OU for Ben Smith):
dsget user "CN=Ben Smith,CN=Users,DC=contoso,DC=com" -memberof -expand
The complete listing of all groups of which the user is a member is displayed.
Chapter Summary
■ Groups may be created within any OU within the Active Directory.
■ There are two types of groups: security and distribution.
■ There are three scopes of groups: domain local, global, and universal.
■ Manual creation of groups is accomplished with the Active Directory Users And Computers MMC.
■ Automated creation of groups is accomplished with the LDIFDE command-line tool.
Chapter 4 Group Accounts 4-21 ■ Directory Services Tools such as DSQUERY, DSGET, and DSMOD can be used to list, create, and modify groups and their membership.
■ Group types can only be changed when the domain functional level is at least Windows 2000 native.
■ Advanced group nesting is only possible when the domain functional level is at least Windows 2000 native.
Exam Highlights
Before taking the exam, review the key points and terms that are presented below to help you identify topics you need to review. Return to the lessons for additional practice and review the “Further Readings” sections in Part 2 for pointers to more information about topics covered by the exam objectives.
Key Points
■ The types of groups and their available uses depending on the domain functional level
■ The scope of groups and their various nesting constructions depending on the domain functional level
■ The basic use of Active Directory Users And Computers in creating groups and modifying their membership
■ The basic use of LDIFDE for exporting groups from one directory to another, and in creating groups
■ The basic use of DSGET for listing complete group memberships for a user
Key Terms
Domain local group (scope) In mixed or interim domain functional level, these local groups are available only on domain controllers, not domainwide.
Global group (scope) A group that is available domainwide in any domain functional level.
Universal group (scope) A group that can be available domainwide in any functional level, but limited to distribution scope in Windows 2000 mixed and Windows Server 2003 interim domain functional levels.
Security group (type) Can have permissions assigned in an ACL.
Distribution group (type) Cannot have permissions assigned in an ACL.
4-22 Chapter 4 Group Accounts Questions and Answers Page 4-8
Page 4-12
Lesson 1 Review
1. What type of domain group is most like the local group on a member server? How are they alike?
Domain local groups are very similar to local groups on a member server in that they are, in a mixed or Windows Server 2003 interim domain functional level domain, limited to the comput ers on which they reside; in the case of domain local groups, the domain controller. Until the domain functional level is raised to Windows 2000 native or Windows Server 2003, the domain local groups cannot be used for permission assignment on any servers in the domain other than the domain controllers.
2. If you are using universal groups in your domain or forest, and you need to give permission-based access to the members of the universal group, what configuration must be true of the universal group?
For the universal group:
■ The domain functional level must be Windows 2000 native or Windows Server 2003.
■ The universal group must be of the type security (not distribution). 3. In a domain running in Windows Server 2003 domain functional level, what security principals can be a member of a global group?
■ Users
■ Computers
■ Universal groups
■ Global groups
Lesson 2 Review
1. In the properties of a group, which tab will you access to add users to the group?
The Members tab is used for adding members to the group.
2. You want to nest the IT Administrators group responsible for the Sales group inside the Sales group so that its members will have access to the same resources (set by permissions in an ACL) as the Sales group. From the Properties page of the IT Administrators group, what tab will you access to make this setting?
The Members Of tab is used for adding the IT Administrators group to the Sales group.
Questions and Answers 4-23 3. If your environment consists of two domains, one Windows Server 2003 and one Windows NT 4, what group scopes can you use for assigning permissions on any resource on any domain-member computer?
In a Windows Server 2003 interim domain functional level domain, which is what you must be running to support a Windows NT 4 domain, you will only be able to use global groups as secu rity principals. Domain local groups will only be useful on the domain controllers in the Windows Server 2003 domain, and universal groups cannot be used as security groups in a Windows Server 2003 interim domain functional level domain.
Page Lesson 3 Review
1. Which of the following LDIFDE commands changes the function of LDIFDE from export to import?
a. -i
b. -t
c. -f
d. -s
The correct answer is a. The -i command changes the default function of LDIFDE from exporting to importing.
2. What object classes are possible to export and import using LDIFDE?
Any object in Active Directory can be exported or imported using LDIFDE, including users, groups, computers, or OUs. In addition, any property of these objects can be modified using LDIFDE.
3. You have a database of users that is capable of exporting CSV files. Can you use such a file, or must you create an *.ldf file manually for importing?
You can use a CSV file for importing user data into Active Directory. Windows Server 2003 will fill in missing values with default values where possible, but if a mandatory item is missing from the file, then errors will occur during importing and the object will not be created.
4-18

  还没注册Payoneer的朋友可免费申请一个,现在申请Payoneer可获得25美元奖励并且直接享受1.2%全包的优惠:不仅入账免费,全币种提现只收1.2%的费用,无汇损,当你累积收款100美元时将一次性获得25美元奖励。需要注意的是,如果你直接打开Payoneer官网进行注册,是没有上述优惠的,请务必打开【野猪尖的推荐链接】进行注册。Payoneer注册咨询QQ:2822129880

Payoneer

野猪尖的推荐链接https://www.payoneer.com/zh/znp (此地址要完整地复制,建议直接点击)

【Payoneer申请教程:个人账户企业账户订购Payoneer实体卡(P卡)

Payoneer注册与使用指南(包括P卡申请、Payoneer官方、手续费、收款、提现和消费):
注册-收款工具那么多,为何选择Payoneer? | 为何申请Payoneer万事达预付卡+欧美日收款银行账号
   Payoneer有卡账户和无卡账户的区别Payoneer个人账户注册申请教程P卡公司帐户注册教程
   Payoneer欧元帐户虚拟卡) | Payoneer英镑帐户Payoneer日元帐户订购实体卡(P卡
   Payoneer卡年费啥时候扣? | Payoneer卡休眠和激活P卡到期后如何更换? | 如何注销P卡

官方-Payoneer秉承公正、公开、透明服务Payoneer官方最新政策汇总官方客服联系方式
   Payoneer官方费用表如何减少Payoneer的手续费?点此免除入账费点此降低提现费
   跨境收款服务商拷问篇——PayoneerPayoneer客户答疑手册(FAQ)Payoneer手机App

收款-跨境电商/外贸收款方式对比Payoneer可以错名收款吗
   Amazon亚马逊卖家设置Payoneer卡收款教程Payoneer可提供亚马逊KYC审核所需银行账单
   Amazon亚马逊收款方式对比(Payoneer,World First,PingPong,美国/香港银行卡)
   CJ联盟设置Payoneer卡收款ClickBank联盟设置Payoneer收款Amazon联盟设置P卡收款
   Payoneer如何从东南亚电商平台Lazada收款如何在Lazada开店
   Payoneer如何从拉美电商平台Linio收款? | Payoneer绑定非洲电商平台Jumia收款
   Payoneer支持从美国电商平台Newegg收款
   Payoneer如何从跨境移动电商Wish收款? | Wish模式正在改变电商格局
   Payoneer支持从法国乐天Priceminister收款法国电商平台CDiscount对接Payoneer收款
   如何使用Payoneer请求付款?关于Payoneer卡充值
   从PayPal提现到Payoneer卡教程及手续费用PayPal无法绑定并转账到Payoneer卡

提现-从Payoneer卡提现到国内银行账户Payoneer无法从Dating联盟收款并限制提现方式
   用P卡在中国银行ATM机取款4000元用Payoneer卡在中国建设银行ATM机取款500元

消费-Payoneer为卖家提供更便捷的VAT缴费方案用Payoneer卡在GoDaddy买域名主机教程


人在做天在看,转载请以链接的形式注明本文地址
本文地址:http://www.zhaoniupai.com/blog/archives/236.html