Upgrading and Repairing Networks (5th Edition)
If you've gotten this far into this chapter without falling asleep, it's time to put your knowledge to work. That is to say, it's time to get practical and look at a few things you can accomplish using the Active Directory. When viewing the property pages for a user account in the directory, you see that you can add much more information than was possible before. There are eight tabs on the properties page for a user object. If you select each tab and look at the different fields, you can see that the user object now contains a wealth of information that can be quickly accessed by searching the directory, including the following:
Note The Active Directory schema, which defines the objects and their attributes, can be extended. For example, if you install a product such as the newest version of Microsoft Exchange Server, you might see additional attributes in the user, as well as other objects.
The main benefit of having this information available in the directory might not become apparent at first. Most of this information could have been found in the old User Manager utility, in the Remote Access Administration utility, or in the human resources department. But now it all can be centrally located in a global, searchable directory. With the proper rights and permissions, the administrator or user can search the directory for any of the attributes associated with users. And because the Active Directory schema can be extended, you can add additional attributes that contain information specific to your business. Finding a User Account
For example, instead of being limited to queries such as "Show me everything about user John Doe," you now can execute queries such as "Show me all users that work in the accounting department in Florida" or "Show me all users who work in the accounting department in Florida that are in the Administrators group and have dial-in access." If you look at the total number of attributes associated with the user object, it's quite large. For example, suppose you want to "find" a user in the Active Directory. It's a simple thing to do by using the Active Directory Users and Computers MMC Snap-In in the Administrative Tools Folder. For example:
If that all seems too simple, it is. This simple search function on the User, Contacts, and Groups tab enables you to perform a search by specifying just a little information. Even though we've invoked the "find" dialog box in the Active Directory Users and Computers tool, you still can search for other objects in the directory. After we finish going over how to search for a user object, we'll use a similar dialog box, for example, to search for a printer. As you can see, other objects you can search for include the following:
The next field (named In) is also a drop-down menu, which enables you to further specify the container object, such as a domain, that you want to search. If you already know in what domain a user account exists, narrowing the search using this field will save time. Finally, when you've entered a user's name, and/or a description, and narrowed the search to the container object in which you want to look, click the Find Now button. However, to show you the power of the search capability in the Active Directory, let's use the Advanced tab. In Figure 30.13, you can see the same dialog box, with the Advanced tab selected. Here, the Field drop-down menu enables you to refine your search criteria to a user, a group, or a contact. Figure 30.13. The Field menu enables you to search for a user, group, or contact using the Advanced tab.
Notice in Figure 30.13, however, that when you click on User in the Field menu, a whole range of attributes is displayed that you can use to specify the search criteria. The number of attributes is so large that it won't fit on my computer screen, so there's a down arrow at the bottom that can be used to select even more attributes. There are actually more than 60 attributes you can use to specify search criteria, from the simple username, telephone number (and mobile telephone number), to the Web page address for a user or the manager of the user. Of course, the search will succeed only if you actually use these fields when you create user accounts. You don't have to fill in every attribute when you create a new user. However, the more information you store in the directory about a user, the easier it's going to be to locate that user when you have only a little information to go on. After you specify an attribute, you can enter a value that will be used for the search in the Value field. Use the Condition field to specify how this value will be evaluated in the search. These are the conditions you can set for this attribute's value in the search:
As you add search criteria (an attribute, a selection condition, and a value to use for comparison in the search), they appear in the pane at the bottom of the dialog box. After you have specified values for the attributes to be used for the advanced search, click the Find Now button. Next the dialog box expands to add another pane, which displays the results of the search. One or more entries can show up in the results pane, depending on the search conditions you used. To view the detailed attributes for objects in the results pane, simply double-click an entry and a property sheet appears for the object. Finding a Printer in the Active Directory
The directory doesn't just contain information about users; it holds information about many resource types in the network. An object that represents a printer resource might contain the name of the printer, the type of hardware associated with it, and its location. With directory services you do not even have to know the name of a printer. You can execute a query such as "Show me all printers located on the third floor of the accounting department in the Florida office," and then pick the printer you want to use, based on the information returned from the query. For example, in a Windows Server 2003 network that has the Active Directory enabled, you'll find that there's a button (Find) on the Print dialog box that wasn't there in previous versions of Windows NT. This button first appeared in Windows 2000. Note To locate a printer in the Active Directory, you must first "publish" the printer (which basically means to put the information about the printer into the directory). Windows XP and Windows Server 2003 make this a simple process. After you create a printer, select its properties pages. On the Sharing tab select List in the directory. When you click Find Printer, a dialog box similar to the one used to search for users pops up. This should be an indication to you that the Active Directory is tightly integrated into the Windows 2000 Server and Server 2003 operating systems. At the top of this dialog box, use the In drop-down menu to narrow your search. For example, you can use the default to search the entire directory, or you can use this menu to specify a particular domain or other container object. There are three tabs on the Find Printers dialog box that you can use for a search:
After you've specified the search criteria using any of these tabs, click the Find Now button and you'll get a listing of the printers that match your search. You then can select which printer to use. After you've found the printer you want to use, it's a simple matter to make a connection to the printer. In the search Results pane, just right-click on the printer and select Connect. Or, if you're in a real hurry, just double-click on the printer in the Results pane. The Active Directory is accessible from within many other applications in Windows 2000. You can search for file shares and objects that you create yourself. The important thing to remember about the Active Directory is that, after you begin to use it in your network, it is not something to be taken lightly. Use caution when making modifications to the directory. Using Start/Search
In the previous examples, we searched for users by using an Administrative Toolthe Active Directory Users and Computers Snap-In. To search for a printer, we used the Find Printer button on the print dialog box. However, there is a simpler way to find almost anything in the directory, provided that your logon account has the necessary access permissions to locate the object. Simply click Start and then Search. The Search function in Windows 2000 Server and Professional is found from the Windows Start menu and allows you to
If you use the For Printers or the For People options in the menu, you'll get dialog boxes similar to the ones used in the examples earlier in this chapter. Thus, the Active Directory is not just a tool that can be used by administrative personnel to administer the network, but it also is something that can be used by everyday users to locate objects or information they need to perform their jobs. |
Категории