Lab 5-4 Creating a Dfs Root

 

 

Requirement

Excellent (10)

Incomplete (5)

Not Attempted (0)

Create folders

 

 

 

Create Dfs root

 

 

 

Set access links

 

 

 

Answered questions

 

 

 

 

Objectives of lab (List what you learned on this lab)

  1.  

 
  1.  

 
  1.  

 
  1.  

 
  1.  

 

 

Problems Completing Lab

 

Create a Dfs for Oz

 

  1. Create the following folders on computers throughout your domain. Ensure all computers are communicating (of course). You can choose where to put them, just make sure they are located in different areas within your domain.
    1. Kansas
    2. Oz
    3. Munchkin City
    4. Docs Oz
    5. Docs MC
    6. Docs Kansas
    7. Shared Oz
    8. Shared MC
    9. Shared Kansas
    10. Programs Oz
    11. Programs MC
    12. Programs Kansas
  2. Share all of these folders.
  3. Create a domain Dfs within your domain.
  4. Create DFS links for
    1. Kansas
    2. Oz
    3. Munchkin City
  5. Within those links create links for each of the other three folders that belong with the links.
    1. Kansas

                                                               i.      Docs Kansas

                                                             ii.      Shared Kansas

                                                            iii.      Programs Kansas

    1. Do the same for Oz and Munchkin City
  1. Show me your Dfs root when done.
  2. Note: Do not simply create the folders within the folders in the first place. This lab is to demonstrate that you can take folders from anywhere within a domain and make them look like they are all housed on one server.
  3. Assign the following permissions to these folders
    1. Kansas

                                                               i.      Kansas Group Full Control

                                                             ii.      Munchkin Group Read Only

                                                            iii.      Oz Group Read Only

    1. Oz

                                                               i.      Oz Group Full Control

                                                             ii.      Munchkin Group Read Only

                                                            iii.      Kansas Group Read Only

    1. Munchkin City

                                                               i.      Munchkin Group Full Control

                                                             ii.      Kansas Group Read Only

                                                            iii.      Oz Group Read Only

  1. Answer the questions.
    1. If Dorothy were to browse the Dfs root through My Network Places, draw a picture of the folder tree that she would see (include all folders).

 

 

 

    1. All of the folders that “go” with Kansas are housed on another computer in the network. How can you make it look like they are all housed on the same server?

 

 

 

    1. Why would you want to do that? What benefit does it have to your users?

 

Lab 5-5 Managing Users, Computers, and Groups in Windows 2003

 

Requirement

Excellent (10)

Incomplete (5)

Not Attempted (0)

Created OUs

 

 

 

Created groups

 

 

 

Created users

 

 

 

Put users into proper OUs

 

 

 

Set password policies

 

 

 

Tested!

 

 

 

Answer questions

 

 

 

 

 

Partners will work together in their domain. One should start up in the server, and the other in workstation.

 

Active Directory allows you to manage users and computers in your domain. Through Active Directory you can create users, join them to groups, and put users and computers into organizational units for the purpose of apply group policies.

 

You can create the following in Active Directory:

 

Icon

Object

Description

User

User

A user object is an object that is a security principal in the directory. A user can log on to the network with these credentials and access permissions can be granted to users.

Contact

Contact

A contact object is an account that does not have any security permissions. You cannot log on to the network as a contact. Contacts are typically used to represent external users for the purpose of e-mail.

Computer

Computer

An object that represents a computer on the network. For Windows NT-based workstations and servers, this is the machine account.

Organizational Unit

Organizational Unit

Organizational units are used as containers to logically organize directory objects such as users, groups, and computers in much the same way that folders are used to organize files on your hard disk.

Group

Group

Groups can have users, computers, and other groups. Groups simplify the management of large numbers of objects.

 

Group Scopes

Distribution groups are used for distributing emails in conjunction with an Exchange server.

 

Security groups are used to group users together and apply permissions on resources.

 

Types of Groups

A universal group is used primarily to grant access to resources in all trusted domains. It can only be used as a security group. A universal group can include members from any domain in the forest. In the Windows 2000 native or Windows Server 2003 domain functional level, a universal group can be granted permissions in any domain including domains in other forests with which a trust exists.

A global group is used to manage directory objects that require daily maintenance, such as user and computer accounts. A global group can be changed frequently without generating replication traffic to the global catalog because global groups are not replicated outside of their own domain. Members of global groups can include other groups and accounts only from the domain in which the group is defined and can be assigned permissions in any domain in the forest.

A domain local group is used to define and manage access to resources within a single domain. Domain local groups can have groups with global scope and universal scope, accounts, other groups with domain local scope, and a mixture of any of the above as their members. Members of domain local groups can be assigned permissions only within a domain.

Microsoft recommends using global groups or universal groups instead of domain local groups when specifying permissions on domain directory objects replicated to the global catalog.

 

UGLY=Users go into Global Groups, Global Groups go into Local Groups, Y? Because Microsoft Says SO!

Shared Folder

Shared Folder

A shared Folder is a network share that has been published in the directory.

Shared Printer

Shared printer

A shared printer is a network printer that has been published in the directory.

 

You are going to create a set of users and groups on your domain, test them, and then have me check it off.

 

  1. Open Active Directory Users and Computers.
  2. Expand your domain by clicking the +.
  3. Right click on your domain name and create a new organizational unit. Name this OU Kansas. Create two more OUs named Munchkin City and Oz. (Oh my!)
  4. Within these OUs you can create users, computers, and groups.
  5. Right click on the OU “Munchkin City” and create a new group named Munchkins and another named Lollipop Kids.
  6. Right click on the OU Kansas and create a new group named Farmhands and another named Relations.
  7. Right click on the OU Oz and create a new group named Ozians. Create another group named Wizards and another named Bad Guys.
  8. You are now going to create some users. Before you create users you need to come up with a naming convention for your domain. Most companies use last name first initial. Others use first initial last name. You should decide your naming convention before you start typing them in. It’s a hassle to have to rename later.

 

First Name

Last Name

Username

Dorothy

Gale

 

Toto

Gale

 

Scare

Crow

 

Tin

Man

 

Mayor

Munchkin

 

Lolli

Pop

 

Dandy

Lion

 

Wicked

Witch

 

T.

Wizard

 

Emily

Gale

 

Uncle

Gale

 

Huck

Smith

 

 

  1. Once you have chosen usernames, create new users in the correct OUs.
    1. In Kansas create the users:

                                                               i.      Dorothy Gale

                                                             ii.      Emily Gale

                                                            iii.      Uncle Gale

                                                            iv.      Huck Smith

    1. In Munchkin City create the users:

                                                               i.      Lolli Pop

                                                             ii.      Dandy Lion

                                                            iii.      Scare Crow

                                                            iv.      Tin Man

                                                              v.      Mayor Munchkin

    1. Put the rest of the users in Oz
  1. Choose an easy to remember password for each user. Check the “User must change password at next logon” button. When the user logs in, he/she will be prompted to change their password.
  2. Organize your users into reasonable groups.
    1. Double click on Dorothy Gale
    2. Look through the different options for each user.
    3. Click the tab “Member of”. This will bring up the area where you can join a user to a group.
    4. Locate an appropriate group for each user that makes sense (you can figure out…you’ve seen the movie, right?)

 

Test it out!

 

On the workstation, log in as different users. Change the passwords when requested. Did it work? Yay!

 

Have me check off your users and groups when you are finished!

 

Questions

  1. What is the purpose of a group?

 

 

  1. Define Organizational Unit.

 

 

  1. How can you use groups to apply permissions to resources?

 

  1. Why use a standard naming convention?

 

  1. What is the difference between a distribution group and a security group?