Administering Active Directory Objectsa
The information in this chapter shows you how to locate, control access to, and delegate administrative control of Active Directory objects. It’s important to be able to find Active Directory objects if you need to perform maintenance on an object or if you need to find more information about an object by viewing its attributes. After you’ve located an object, one of your primary administrative tasks is likely to be setting access permissions, which determine which users can access the object and the specific actions that they can perform on the object. Finally, being able to delegate administrative control allows you to provide other admin-istrators, groups, or users with the ability to manage the functions in domains or containers according to their needs.
domain local group A security or distribution group often used to assign permissions to resources. You can use a domain local group to assign permissions to gain access to resources that are located only in the same domain where you create the domain local group. In domains with the domain functional level set to Windows 2000 mixed, domain local groups can contain 70-680 test questions user accounts, computer accounts, and global groups from any domain. In domains with the domain functional level set to Windows 2000 native or Windows Server 2003, domain local groups can contain user accounts, computer accounts, global groups, and universal groups from any domain, and domain local groups from the same domain.
A security or distribution group often used to organize users who share similar network access requirements. You can use a global group to assign permissions to gain access to resources that are located in any domain in the tree or forest. In domains with the domain functional level set to Windows 2000 mixed, global groups can contain user accounts and computer accounts from the same domain. In domains with the domain functional level set to Windows 2000 native or Windows Server 2003, global groups can contain user accounts, computer accounts, and global groups from the same domain.A program that allows you to run administrative tools with either local or domain 70-640 administrator rights and permissions while logged on as a normal user.
Processing your request, Please wait....
