User accounts are some of the most frequently used objects in Active Directory; they create the means of authenticating and authorizing someone to access resources on your network. Because Windows 2000 and newer Windows server systems manage users primarily through Active Directory, many key issues that system administrators deal with are covered in this chapter. In particular, Active Directory manages information regarding user passwords; group membership; enabling, disabling, or expiring user accounts; and keeping track of when users have logged on to your network.
The default location for user objects in a domain is the
cn=Users container directly off the domain
root. You can, of course, create
objects in other containers and organizational units in a domain, or
move them to these containers after they’ve been created. Table 6-1 contains a list of some of the
interesting attributes that are available on
user objects. This is by no means a complete
list. There are many other informational attributes that we haven’t
Table 6-1. Attributes of user objects
Large integer representing when the user’s account is going to expire. See Recipe 6.31 for more information.
Relative distinguished name of
Typically the full name of a user. This attribute is used in administrative tools to display a user’s descriptive ...