Create and Manage AD Users and Computers Flashcards Preview

MCSA - Windows server 2012 R2 > Create and Manage AD Users and Computers > Flashcards

Flashcards in Create and Manage AD Users and Computers Deck (36)
Loading flashcards...
1
Q

ADUC

A

Active Directory Users and Computers

2
Q

ADAC

A

Active Directory Administrative Center. Runs on top of Windows Power shell.

3
Q

UPN Suffix

A

Method of Logging on with your domain name in the user prompt. For example, (DOMAIN\username or Username@domain)

4
Q

Template User AD Account

A

Blank Password.

  • User Cannot Change Password.
  • Account disabled.
  • Password Never Expires.

Profile Path:
\file1\share1\%username%

5
Q

Last Logon date for Users (Old Way)

A

get-aduser -filter * -Properties lastlongondate | ft name, lastlogondate

6
Q

Remove disabled accounts (Old Way)

A

get-aduser -filter {enable -ne $true}

7
Q

Find Disabled accounts (New way)

A

Search-AdAccount -AccountDisabled -useronly | fl name

8
Q

Find Inactive Accounts (new Way)

A

Search-ADAccount -accountinactive -timespan 30:00:00:00 | fl name

9
Q

Find Passwords Expired on accounts (New Way)

A

Search-Adaccount -Passwordexpired

10
Q

Find Passwords that never expire (new way)

A

Search-Adaccount -passswordneverexpires

11
Q

Find Locked out AD accounts

A

Search-ADAccount -LockedOut

12
Q

CSVDE

A

Uses CSV to perform bulk operations in AD. Default is to export information. i.e, csvde -f output.csv.

13
Q

CSVDE filtering containers & objects

A

csvde -f output2.csv -d “cn=users, dc=company, dc=pri” -r “(objectclass=user)”

14
Q

CSVDE Import File

A

csvde -i -f output2.csv

15
Q

LDIFDE

A

creates, modifies, and deletes directory objects. You can extend the schema, export AD users and group information to other applications or services, and populate AD DS with data from other directory servers.

Requires admin cmd prompt, and AD DS or AD LDS roles.

output format is in ldif.

ldifde -f output3.ldf

16
Q

Import CSV for AD account creation

A

Import-CSV .\newusers.csv | New-ADUser

17
Q

Offline domain Join

A

djoin /provision /domain company.pri /machine server1 /savefile server1.txt (txt is the shared secret and keep them close at hand)

18
Q

Offline domain Join desktop operation

A

admin cmd prompt.

djoin /requestodj /loadfile server1.txt /windowspath %systemroot% /localos

Then reboot

19
Q

Create new OU with powershell

A

New-ADOrgnizationalUnit “Company Users”

20
Q

Create a new AD Group with power shell

A

New-ADGroup -name “Extremely Untrusted Users” -GroupScope global -path “ou=company users, dc=company, dc=pri”

21
Q

Add Users into group with Powershell

A

Add-AdGroupMember “Extremely Untrusted Users” jason, djones

22
Q

Group Nesting

A
  • Users go in Global Groups
  • Global groups go in Domain Local groups.
  • Assign permissions to Domain Local groups.

UGLA.

23
Q

Global Group

A

can only include objects from the same domain.

24
Q

Domain local

A

Can include objects from any domain in the forest.

25
Q

Who is a group member in AD group (Powershell Command)

A

Get-AdGroupMember “Domain Admins” | ft name

26
Q

Get memberships a user has (Powershell Command)

A

Get-ADPrincipleGroupMemberShip jason | ft name

27
Q

Recursive Match for a group and trace users indirect membership (Powershell Command)

A

Get-ADUser -Filter ‘memberof -recrusivematch “cn=domain admins, cn=users, dc=company, dc=pri”’ | ft name

28
Q

Domain Local Conversion

A

domain local groups and global groups can be converted to universal groups.

29
Q

Universal group Conversion

A

Universal groups can be converted to domain local groups or global groups.

30
Q

Domain Local Non-Conversion

A

Domain local groups cannot be converted to global groups.

31
Q

Global Group Non-conversion

A

Global groups cannot be converted to domain local groups.

32
Q

Powershell Group conversion

A

Get-ADGroup “My Universal Distribution group” | Set-ADGroup -groupScope Universal.

Get-ADGroup “My Universal Distribution group” | Set-ADGroup -groupcategory 0

33
Q

Group Policy Management Console Shortcut

A

gpmc.msc

34
Q

Delegate Control

A

Delegate control wizard. Right click on OU. I.E. give IT group access to perform various tasks.

35
Q

Find Delegation Applied

A

Turn on advanced features. Security Settings on OU. Check Security, and you will find special permissions.

36
Q

Manage Default Location for newly created computer objects

A

redircmp “ou=company computers,dc=company,dc=pri”