Creating and Administering Groups in Active Directory on Windows Server 2012

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello again as you know I'm Eli the computer guy in today's class is creating and administrating groups in Active Directory on Windows Server 2012 so in the last class I showed you how to create a user account and basic administration of the user account now as we start to get in to to the real meat of Active Directory we need to start talking about groups so the big thing that you have to understand with Active Directory the entire point of accurate Active Directory why Active Directory is so cool why Active Directory is so awesome why Active Directory is the thing that all major enterprises are using is that Active Directory makes it easier to administer security and permissions for users and computers on the network so as I talked about before the reason why we create a domain and we have domain controllers is so that we can go to those domain controllers and add a single domain controller we can change somebody's password on the network create a user account created computer account so on and so forth we don't have to sit down at each individual computer in order to create user accounts and that type of stuff well expanding upon that groups makes administrating the network easier because what you can do is you can put users computers and even other groups into a single group and then assign permissions or security policies to the group so let's say you have a thousand people in a call center environment and all a thousand people have the same permissions and security policies for their accounts well instead of having to go into each individual user account and assign permissions and security you can simply assign permissions and security to one call center call answer a group then put the users into that group and then that's all you have to do so if you have administrators on the network you want them to be able to administer computers and Printers and all that you can create one administrators group and then simply add users to the group and it makes life easier if you want to be a pole Peoples of permissions or security you can just simply pull them out of the group and that's all you have to do you don't have to administer every single user account now you can administer groups which means when you make changes instead of making a change to one user account you can make changes to five users accounts 100 user accounts 10,000 user accounts all at one time now we're going to be going into security and permissions in the future so those are different classes but the one thing just so you guys understand what I'm talking about to make sure we're on the same level here when I talk about permissions what I'm talking about permissions I'm talking about the users or computers ability to access network resources and what they're able to do to the network resources are they able to see them are they able to read are they able to access a shared folder on the network are they be able to access a shared file on the network are they able to edit that shared file are they be a are they able to access a printer on the network we're talking about permissions we're talking about being able to access and interact with network resources we're talking about security security is an entirely different thing security is what users are able to do to their systems so are they able to access the control panel are they able to change the background settings are they able to do different types of things to computers or serves that is security so one of the things as we go along I'm going to start introducing different concepts talk about them a lot so by the time we actually get to to teaching you about them you already feel pretty comfortable but remember permissions are being able to access shared resources on the network security is actually being able to do stuff too computer itself so what you can do is you can add users or computers or even groups into groups and at one time be able to sign all of the permissions um for for whatever you need so when we are going to be administrating these groups we are going to be going back into that Active Directory users and computers and from there we will be able to to administrate groups so let's go over right now to to our Windows 2012 server so I can show you how this works so right now again we are at this Windows Server 2012 server so before previously I've turned this into a domain controller and this is the etc' v.com domain and hopefully if you've been following along you've done all the steps so far so now we are at server manager and what we're going to do is we're going to go back to tools so we click on tools and then what we're going to do is we're going to go down to Active Directory users and computers again wait a second then this is going to come up and this is going to be the same interface that we were using before so we have dealt with the computers adding a computer we can see that test PC that we add before and we have users and we can see the test user that we added before now the first thing to realize with groups is that there are built-in groups so as soon as you install Windows Server 2012 there are built-in groups these built-in groups have default security policies assigned to them so we have things like we have domain users so domain users have certain security policies we have domain administrators so domain administrators are like the root so these are the most powerful admins on the entire domain they essentially can do whatever the hell they want to on the domain and so they have though security policies so we have domain admins computers controllers Enterprise admins all kinds of different groups here and we will talk about these more as we get into the classes as we go for now if let's say we create a user account so we created a test user now when we create this test user this user is going to be able to login to the computer but that is going to be about all they can do they will not have the full access to do all the administration on the network so if you wanted to create an account that would have the full ability to administer the network what you would do is you would create the user such as I did here test user and then what we would do is we'll go to domain admins so these guys have the ability to do basically like I say whatever they want on the network so I can double click on this and when we double click on this it gives us some information in here but the main thing that I want you to look at is if you go over this members tab so this members tab says who is a member of this group so currently there is the administrator account that's the one I created and that's the only domain admin for this entire domain if I wanted to add test user what I can do is that you could do add then here it's going to ask you to plug in a name what I can do is I can plug in part of a name so I just put in test I can do check names and will automatically fill in a user account if one exists so I just put in a test and then it found test user so I can do ok now and now administrator is a domain administrator and test user will be a domain administrator now I can hit apply and then I can hit OK and now test user is a member of the domain admins group so now this test user will have the ability to add computers to the network to have the ability to log in to the server so on and so forth so if you want to add a user to one of these groups you just double click the group members you go to add and then you add the user there now let's say you want to create your own group so what we can do now if we're going to be creating groups as we go to user we right click here we go to new and then we go to group from here what we're going to do is we are just going to give our group a name so we call this let's say test group now under this it's going to have the pre Windows 2000 group name don't worry about that then it's going to say group scope again I talked a lot about how they give you options that at this point in time you don't need to worry about so group scope all you do is you leave this to the default now over here for group type again we're going to leave this to the default of security so there are two types of groups security and distribution group essentially for most of the time 99.999999 percent of the time whenever you're creating a group you're going to be creating a security group again security groups are what allow you to sign permissions and security to groups so we will just leave it there and we will click OK we now have a test group so if we double click on this test group we can see if we can put in description and all that notes if we wanted to we can do members we can say we can see whether this is a member of a different group and managed by will deal with that in the future so what we can do here is members again if we want to add a member we can just say let's say test check names we can say a test user and then do okay and now test user will be a member of the group now let's say we wanted the test group to be a member of the domain admin group we go up to domain admins we can do members we can do add again we're going to type in test we do check name this time since there's a couple of options it will give you this this multiple names found box and so what we're going to do is going to add the test group and then do okay so now the administrator the test group which means anybody in the test group and test user are all members of this group now as we go forward we will be able to assign security and permissions to that group and we don't have to worry about assigning them to individual members whenever you're taking the test just saying you know the mcse or the mcs a Microsoft best practice is to always assign permissions and security to groups not individual users now when you are out in the real world it's kind of going to depend upon the environment you are in if you are in a small environment let's say 50 people or under you may assign permissions and security to individual users because that will be easier for you again if you are in a large environment you've got a thousand users 10,000 users you are going to be wanting to create these groups and then as I said we're going to assign permissions and security to the group and not to the individual users a lot of times again even in the Microsoft world it will make sense to create a group of one so even if there's only going to be one person in the group from an administrative standpoint it's easier to create a group and then put one member into that group than it is to just assign permissions and security to one user the reason is is because again we're trying to make our life easier and the hope is the hope is that our company will be growing so if we are assigning permissions and security to one user the hope is that one user will be in an apartment that will go from one user to two years or three years or four years five years used to grow right so if you assign permissions and security to only one user and then another person got hired as their helper well then you would have to assign the exact same permissions to that that to the new user which would be more work and then to the second user the third user in the fourth user whereas if you create a group for the first person and you put that one person into the group if you hire another person instead of assigning all those permissions and security to that user account you can simply put that user into the group and it's all automatically done for you that makes sense so as we go ahead again groups aren't overly complicated but if you're brand-new but as we go ahead and we start talking about these permissions and security this stuff will start to make a lot more sense again we are also going to be talking about orgas organizational units in the future organizational units are administrative groups groups are security groups so so there they are different things but with this again like I say we you can just group these together you can add users to groups you can add computers to groups and you can add groups into groups and it's just makes administration easy so as you know I am Eli the computer guy this was creating and administrating rupes in Active Directory on Windows Server 2012 as always an enjoy teaching this class and look forward to seeing at the next one

Info

Channel: Eli the Computer Guy

Views: 351,861

Rating: undefined out of 5

Keywords: Eli, the, Computer, Guy

Id: C3UV3RTW7HI

Channel Id: undefined

Length: 14min 33sec (873 seconds)

Published: Tue Mar 26 2013