Windows 2003 Active Diretory (iv)--Establish and manage user accounts (1)

Here's a look at setting up and managing user accounts.

The computer account is described later. Consider first that the purpose of establishing a domain is not ultimately for account management. Implement its functions by managing accounts.

1. New domain user account: 03 The server has two locations for storing account information:

1, the domain controller put the account information in the AD database. The path is "\%systemroot%\ntds." DIT ". (where%systemroot% "represents the folder where 03 is installed, and Windows is the default.)

2, a member server that is not a domain controller, or a stand-alone server in a workgroup, the account data is placed in the security Accounts Manager (SAM) database. The file path to the SAM database is "\%systemroot%\system32\config\sam."

Note: When a new user account is created, the system automatically assigns a SID to the account. 03 using the SID to identify the user, the same does not change with renaming or resetting the password, even if you create an account with the same name and permissions as the one that has been deleted, the SID for the new and old account is different.

The new user account is as follows.

Look above, first to introduce the functions of each container; BUILTIN: used to store built-in local groups. COMPUTERS: Used to store computer accounts in the domain, when other computers joined the domain, these computer accounts are stored in some, the previous experiment has been done. Domain controllers: is used to store DCs. That is, if there are multiple domain controllers in the domain, they will appear here. ForeignSecurityPrincipals: Stores objects from a trusted relational domain. Users: Used to store the user accounts and groups within.

Click Users, create a new account, and see a picture. Note: The user logon name is the UPN. There are several principles to establish a user: 1, the user's full name cannot be duplicated in the same container, and the UPN name cannot be duplicated throughout the domain tree and forest. User names can be in Chinese, but the UPN is best in English.