UEU-co logo


Previous Page Next Page

Working with Active Directory Objects

Thus far, we have discussed only one type of Active Directory object: the user account object. However, in this discussion of user accounts, we have looked at some of the basic possibilities for manipulating other Active Directory objects, such as computer accounts and domain printers.

The ways in which you manipulate objects in the Active Directory is fairly uniform across the various object types in the Active Directory schema. We look at additional Active Directory objects in Hour 9 and Hour 14, “Working with Network Printing” (which includes a discussion of how to publish a printer to the Active Directory).

A feature worth noting is that the Windows Server 2008 Active Directory Users and Computers snap-in now enables you to select multiple objects in the Details pane. This enables you to manipulate a number of user accounts at once or nest multiple user groups in a particular Organizational Unit.

For example, you might want to quickly disable a number of domain user accounts because of some type of security issue. In the Active Directory Users and Computers snap-in, you would expand the Domain node in the snap-in tree and then select the Users node. A list of your users would appear in the Details pane. You then would select the first with a click of the mouse and then hold down the Ctrl key when selecting other users. After selecting the users, you would right-click (see Figure 8.16). Notice that you can select Disable from the shortcut menu (as well as Delete).

Figure 8.16. You can select multiple objects in the Active Directory.

[View full size image]

Selecting multiple users is extremely useful when you want to add users to a particular group or groups. Users can be identified, selected, and then added to the group or groups en masse.

Searching for Objects in the Active Directory

The Active Directory Users and Computers snap-in makes it easy for you to find objects in the Active Directory. The Find feature provides a number of built-in queries for searching for particular objects (such as users who have passwords that never expire), and it also enables you to set up search queries and then save them for later use.

To use the Find feature, select a particular node in the snap-in tree (such as Users) and then select the Action menu; then select Find appears (see Figure 8.17).

Figure 8.17. The Find feature enables you to select the object and location for a search.

[View full size image]

Use the Find drop-down list to specify the object type you want to find, such as Users, Contacts, and Groups; Computers; or Printers. After specifying the object type, use the In drop-down box to specify the container for the search, such as a particular Active Directory node or another location such as an Organizational Unit.

Did you Know?

You can change the container for the search by clicking the Browse button and selecting a node, folder, or other container from the list provided.

After specifying the object and the location for the search, you can provide additional search parameters, such as a particular username or name of a printer. You then click Find Now to complete the search.

Creating Your Own Queries

Although the Find feature provides a fast way to locate particular user accounts or other Active Directory objects, you might want to create specific queries that locate certain objects. You can then save these queries and reuse them when needed. The Saved Query folder is not available when you run the Active Directory Users and Computers snap-in via the Server Manager. Open the Active Directory Users and Computers snap-in in the Microsoft Management Console (MMC): click Start, Administrative Tools, and then Active Directory Users and Computers. Then follow these steps:

1. Select the Saved Query folder in the Active Directory tree. Then select the Action menu, point at New, and select Query. The New Query dialog box opens (see Figure 8.18).

Figure 8.18. Search queries can be created and saved.

2. Type a name and a description (optional) for the new query. Then click the Define Query button. The Find Common Queries dialog box opens. Tabs are provided for Users, Computers, and Groups. Use any of these tabs to specify the parameters for the query.

3. Define the variables for your query (on the Users, Computers, or Groups tabs), using the Name and Description drop-down boxes. These enable you to specify that the query find names or descriptions that start (or end) with a particular character string.

4. Check boxes are also included on the Users, Computers, and Groups tabs. For example, on the Users tab, two check boxes are provided that enable you to search for disabled accounts or accounts that have nonexpiring passwords. A drop-down box is also provided that enables you to search based on the last time the user logged on (see Figure 8.19).

Figure 8.19. Set the criteria for the query.

After setting the criteria, click OK. Click OK again to close the dialog box.

5. The new query is displayed in the Saved Queries folder. To see the results of the query in the Details pane, select the query in the snap-in tree (see Figure 8.20).

Figure 8.20. Query results are displayed in the Details pane.

[View full size image]

Saving various queries enables you to quickly filter information in the Active Directory. After you click the query in the tree, results are immediately displayed in the Details pane.

Previous Page Next Page

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.


apply_now Pepperstone Group Limited