70-292_01.QXD 8/21/03 12
271_70-292_01.qxd 8/21/03 12:40 PM Page 22 Chapter 1 • Managing Users, Computers, and Groups
Introduction
It seems natural to start a book for network administrators with the nuts and bolts of
administration—groups and accounts.Windows Server 2003 follows in the footsteps of
Windows 2000 Server by providing network administrators with intuitive and easy-to-use
tools that can be used to accomplish these tasks within a graphical user interface (GUI).
Windows Server 2003 also has the ability to perform these tasks from the command line
using interactive commands, or pre-written scripts and batch files.
This chapter works extensively with users and groups, and presents the information
required for the “Managing Users, Computers, and Groups” objective of the 70-292 exam.
Additionally, this chapter examines some common user authentication issues.
Extended Command Line Functionality
Some of the biggest improvements in Windows Server 2003 are the significant
enhancements made to the command line utilities. The following new command
line tools have been added to make the administrator’s job easier:
■
dsaddCan be used to add new objects into Active Directory such as
contacts, computers, groups, organizational units, and users.
■
dsmodCan be used to modify an existing object in Active Directory.
■
dsrmCan be used to remove an existing object from Active Directory.
■
dsmoveCan be used to move a single object in Active Directory within
the same domain from one location to another. Can also be used to
New & Noteworthy ...
rename an object without moving it.
■
dsqueryCan be used to query Active Directory per the specified cri-
teria to locate a specific object or object type.
■
dsgetCan be used to display the properties of a specific object in
Active Directory.
Creating and Managing Groups
EXAM