I. Introduction
In this exercise, you will learn how to
delegate tasks in server administration. Please refer to your course material
or use your favourite search engine to research for more information about this
topic.
Task 1: Delegate administration
using Delegation Wizard
1.
On DCSrv2012, upgraded
msita.local, click PowerShell on task bar. Type the following and press Enter.
+ dsadd ou “ou=Engineering,dc=msita,dc=local”
+ dsadd user “cn=Le Minh
Tuan,ou=Engineering,dc=msita,dc=local” -samid tuanlm -pwd abc123@@@
+ exit
2.
Go back to Active Directory Users and Computers.
Press F5 to refresh display. Right-click
on Engineering and choose Delegate
Control…
3.
From Welcome to the
Delegation of Control Control Wizard, click Next.
4.
In Users or Groups page,
click Add…
5.
On Select Users, Computers
or Groups, type tuanlm and click Check Names. Click OK.
6.
Back in Users or Groups,
click Next.
7.
On Tasks to Delegate,
select the following check boxes:
+ Create, delete and
manage user accounts
+ Reset user
passwords and force password change at next logon
+ Read all user
information
+ Create, delete and
manage groups
+ Modify the
membership of a group
Click Next.
8.
Click Finish to close Completing
the Delegation of Control Wizard.
Task 2: Grant “Le Minh Tuan” the
right to log on to the domain controller
1.
Click Server Manager on
taskbar. Go to Tools then select Group Policy Management.
2.
On Group Policy
Management, expand Forest: msita.local, expand Domains > msita.local >
Domain Controllers. Right-click on Default Domain Controllers Policy, choose
Edit.
3.
Expand Computer
Configuration > Policies > Windows Settings > Security Settings >
Local Policies. Click User Rights Assignment and then right-click Allow log on
locally and choose Properties.
4.
On Allow log on locally
Properties, click Add User or Group…
5.
In Add User or Group, type
MSITA\tuanlm, click OK.
6.
Click OK to save changes
in policy.
7.
Click PowerShell in task
bar and type gpupdate /force then press Enter.
8.
Sign out Adminsitrator by
typing: Shutdown /l
Task 3: Test Delegation of admin
rights
1.
Click Ctrl Alt Delete, sign
on as msita\tuanlm password is abc123@@@
2.
Click Server Manager on
taskbar. When asked for credentials type tuanlm/abc123@@@, click Yes.
3.
Go to Tools > Active
Directory Users and Computers.
4.
Right-click on
Engineering and choose New > User.
5.
On New Object – User, use
the following settings:
+ First name: DNG
+ Last name: MS
+ User logon name:
dng.ms
Click Next.
6.
Type abc123@@@ in each
text. Clear User must change password at next logon, click Next -> Finish
7.
Right-click on Users and
choose New User.
8.
From New Object – User,
use the following values:
+ First name: Sales1
+ User logon name:
Sales1
Click Next.
9.
Type abc123@@@ in each
text box, click Next.
10. Click Finish.
11.
Notice the error message
as Sales1 is creating a user outside of his delegated organizational unit,
click OK. Click Cancel to abort creating this user.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
► Download this video, lesson for FREE
► MP4 link: updating...
► PDF link: http://adf.ly/1n3zxo
► Youtube: updating...
► Alternate link: http://fas.li/6C38J
► Alternate link: http://viid.me/qWYLfj► Alternate link: http://linkshrink.net/7y1b5f
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
No comments:
Post a Comment