- Identity with Windows Server 2016:Microsoft 70-742 MCSA Exam Guide
- Vladimir Stefanovic Sasha Kranjac
- 395字
- 2021-07-02 13:40:48
Creating and managing computer accounts
Computers, like users, are security principals in AD DS that have an account with a logon name and password. Unlike users, the password for computer accounts is managed by Windows Server and changes automatically on a periodic basis. Computer accounts also authenticate against the domain and belong to one or more groups in AD DS. The most common tasks for computer accounts are moving between OUs and configuring properties.
Although computer accounts are automatically created when joining a computer to a domain, the proper procedure for this task requires us to create a computer account manually in AD DS before joining the computer to the domain. The creation process is very similar to creating a user account, and like a user account, it can be done using either MMC Snap-ins or PowerShell. Using Active Directory Users and Computers, you just need to populate the Computer Name field, and all other attributes can be configured later. Using the Active Directory Administrative Center, you need to populate the Computer Name field, because that's mandatory, but you'll configure many other attributes as well. PowerShell lovers will use the following command to create a computer account:
New-ADComputer -Name Server03 -Path "OU=Computers,OU=Packt,DC=mcsacertguide,DC=local"
By default, all computer accounts that are created using the New-ADComputer PowerShell cmdlet and without the -Path switch will be stored in the Computers system container.
A computer account that's created while joining the computer to the domain will be stored in the Computers system container as well.
All management tasks on a computer account can be done using either MMC Snap-ins or PowerShell. If you want to use MMC Snap-ins, you just need to configure some properties of the computer account. If you want to make changes using PowerShell, however, you need to use the Set-ADComputer or Set-ADObject PowerShell cmdlets, depending on the attribute that needs to be changed. Like user accounts, computer accounts are not by default protected from accidental deletion. During the creation process, this can be done using the Active Directory Administrative Center MMC Snap-in by checking the Protect from accidental deletion checkbox. This parameter can also be changed using Active Directory Users and Computers or the Set-ADObject PowerShell cmdlet using the same command, as for a user account:
Set-ADObject -Identity "CN=Server03,OU=Computers,OU=Packt,DC=mcsacertguide,DC=local"-ProtectedFromAccidentalDeletion:$true
- 電子元器件檢測(cè)技能1+1點(diǎn)撥
- 室內(nèi)分布系統(tǒng)規(guī)劃設(shè)計(jì)手冊(cè)
- 移動(dòng)寬帶技術(shù):LTE
- 智能電網(wǎng)技術(shù):面向供需互動(dòng)能量?jī)?yōu)化
- 華為MPLS技術(shù)學(xué)習(xí)指南
- 艦船尾跡的電磁成像機(jī)理及特征提取技術(shù)
- 鮮棗課堂:5G通識(shí)講義
- 被動(dòng)雷達(dá)寬帶數(shù)字接收機(jī)技術(shù)
- 光網(wǎng)絡(luò)信息傳輸技術(shù)
- LED照明設(shè)計(jì)與應(yīng)用
- 5G網(wǎng)絡(luò)建設(shè)實(shí)踐與模式創(chuàng)新
- 電子元器件應(yīng)用實(shí)戰(zhàn)
- 微信小程序開發(fā)圖解案例教程(附精講視頻)(第2版)
- 典型開關(guān)電源電路分析與檢修
- Cadence高速電路板設(shè)計(jì)與實(shí)踐