If you've ever managed an Active Directory domain controller, you're probably familiar with this long-standing, easy-to-use "Active Directory Users and Computers" console.
Here is a full presentation of it.
By default, only the main folders are displayed :
In the "Builtin" folder, you will find the groups created by default by Windows Server and Active Directory.
In the "Computers" folder, you will find the "computer" type objects corresponding to the client computers that you have joined to your Active Directory domain.
If you display the properties of a computer type object, you will find, for example :
In the "Operating System" tab, you will find information about the operating system installed on it :
In the "Member of" tab, you can choose in which group you want to add this computer.
By default, computer objects are members of the "Domain Computers" group.
In the "Delegation" tab, you can approve or not this computer for Kerberos or for specific services.
This tab is particularly useful when you implement dynamic migration with several Hyper-V servers.
In the "Location" tab, you can choose its location.
You can delegate management of a computer to a user in your Active Directory domain.
Although this "Managed By" tab is mostly useful for domain controllers.
Finally, in the "Dial-In" tab, you can :
In the "Domain Controllers" folder, you will find the list of domain controllers joined to this Active Directory domain.
If you display the properties of the computer object of a domain controller, you may find out :
In the case of a domain controller, a "NTDS Settings" button is present in the properties of the computer object.
In these NTDS Settings, you can choose whether or not this domain controller should act as a "Global Catalog".
In the "Connections" tab, you will find the list of domain controllers from or to which the data of your Active Directory domain are replicated.
For example, assuming that we add a new domain controller to our Active Directory domain, and that we choose our domain controller "DC" as the source, we would see a "DC2-RODC - Default-First-Site-Name" appear in the "Replicate To" list.
The "Managed By" tab is blank by default for writable domain controllers.
In the case of read-only domain controllers (RODCs), an additional "Password Replication Policy" tab will be displayed.
Still in the case of a read-only domain controller (RODC), you will be able to find the name of its delegated administrator if you defined one when you deployed this read-only domain controller (RODC).
This "ForeignSecurityPrincipals" folder looks empty by default, but actually contains several special security-related identities.
To learn all about this somewhat special folder, refer to the Microsoft site : Active Directory: Foreign Security Principals and Special Identities
To display the contents of this "ForeignSecurityPrincipals" folder, you must go to the "View" menu and click "Advanced Features".
Now, as you can see, several security identities appear, include one which is for example linked to the "NT AUTHORITY\Authenticated Users" group.
Managed Service Accounts are domain accounts whose password is automatically managed by the domain controller.
These managed service accounts are used to run specific services (the services that you find on Windows), scheduled tasks or for application pools on Microsoft IIS web servers.
In the "Users" folder, you will find by default, a list of users and groups created during the installation of Windows Server or created later during the installation of specific roles (including AD DS).
Among these users and groups, you will obviously find :
Windows Server 4/30/2021
Windows Server 11/12/2011
Windows Server 6/11/2021
Windows Server 7/16/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2020 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.