Active Directory and UVU

8/3/2019 Active Directory and UVU

1/19

Click to edit Master subtitle style

5/1/12

Active Directory and UVU


2/19

5/1/12 Active Directory FQDN and NetBiosname FQDN ad.uvu.edu

NetBios name AD


3/19

5/1/12 What is a forest and what is a domain in

Active Directory? Forest is the outer most boundary of the directory service. Multiple

domains or a single domain can make up a forest.

Domain is a grouping of security principals and other objects thatare administered collectively.

UVU will primarily be a single domain Forest. Other Forests canbe created if needed to meet security or resource needs.

Why single forest single domain? - The single forest Exchangedesign offers the richest set of e-mail system features and also it isthe most streamlined administrative model. With all resources in a

single forest we can have a single global address list (GAL).


4/19

5/1/12 Installing Active Directory AdministrativeTools

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad

Under Control Panel in Program and Features click Turn Windowsfeatures on or off

Turn on the tools for AD DS and AD LDS Tools

Under Feature Administration tools turn on Group PolicyManagement Tools
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=enhttp://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en


5/19

5/1/12 Active Directory AdministrativeCenter You can use Active Directory Administrative Center instead

of Active Directory Users and Groups to view/manageaccounts and groups in AD.


6/19

5/1/12

Root Active Directory OU structure


7/19

5/1/12

Group Policy

OU locations

Naming Convention

Group Policies configure login, set printers, map drives, ensuresecurity settings, etc.

Group Policies that start with the name Default are managed by theAD admin and should only be modified by the admin. An examplewould be the Default LOOPBACK policy.

Default policies will be reviewed by TSC

Once you turn on a GPO setting, the only way to get it turned off isto set the opposite setting or set the setting to disabled. Justremoving the GPO from the OU will not turn off the GPO settings.


8/19

5/1/12

Using Group Policy Manager

Use inheritance for default GPOs

Block inheritance at the OUs where you do not want to usedefault GPOs


9/19

5/1/12


10/19

5/1/12

Default Domain Policy

This policy has the default settings for all computers/userson the domain.

Should only be modified by AD admin

Common settings are Password Policies, lockout policies,Deploy AD integrated Certificates, IPV6 Settings.


11/19

5/1/12


12/19

5/1/12

Adding a PC to domain

First add PC to the desired OU using AD Users and Computers

Login to PC with Administrative privileges.

Add PC to domain (make sure PC name matches name created inAD)


13/19

5/1/12

Adding a Mac to domain

Use Network Account Server setting under the AccountsPreferences

For laptops be sure to create a mobile account

After Mac is in domain, use the Directory Utility under Advanced

Options, check box to create mobile account at login.


14/19

5/1/12 Logging in with Active Directoryaccount Just type in UVID

If computer is not on the domain and you want to access aresource type in ad\UVID when prompted

/ /


15/19

5/1/12 Migrating a PC from the old UVU.EDU domain tothe new AD.UVU.EDU domain

Installing a new OS - just join it to the domain and use USMT tomigrate old profile to new OS instance.

OS staying the same but need to migrate to new AD.UVU.EDUdomain - contact Aaron Nielson to have PC and Profiles migrated

to new domain.

5/1/12


16/19

5/1/12

How to support Exchange (e-mail) within AD

Must use Exchange Management Console (EMC) Console willneed to be installed on local machine and connect remotely to theExchange servers.

Changes to accounts will be made through IDM. Only read access

will be allowed in the EMC. Most common issues will be to look at quotas and default email

address

5/1/12


17/19

5/1/12

Adding a printer to the AD Print Server

Naming convention Room number followed by PrinterBrand/Model. Use a C in the brand to denote a color printer.

Be sure to put the Room number or other information to indicatewhere the printer is located in the location section.

Assign IDM groups for printer rights if necessary or required.

Right click on Printer and select Include in Directory This allowsyou to search Active Directory for printer resources.

If desired, you can deploy the printer via Group Policy right from

the Print Server. Right click on printer and select Deploy with Group Policy

Browse for GPO that you want to use

Be sure to select the check box for The computers that this GPO

applies to (per machine)

5/1/12


18/19

5/1/12

Active Directory Print Server

Server name UVUPRINT1 and UVUPRINT2 (failover or increasecapacity)

How to add a Print Server printer to a PC

Manual Click Start and select Devices and Printers

Click Add a Printer

Select Add a network, wireless or Bluetooth printer

Select desired printer from list and click next

Click next after the printer has been added and set the printer as the default if

desired then click Finish.

Group Policy

How to manage print server

Install Administration Tools

Under Start Menu Administration Tools launch Print Management

5/1/12


19/19

Click to edit Master subtitle style

5/1/12

Questions?

Documents

Active Directory and UVU