Chapter 6. Users
6.0. Introduction
User accounts are some of the most frequently used objects in Active Directory; they create the means of authenticating and authorizing someone to access resources on your network. Because Windows 2000 and newer Windows server systems manage users primarily through Active Directory, many key issues that system administrators deal with are covered in this chapter. In particular, Active Directory manages information regarding user passwords; group membership; enabling, disabling, or expiring user accounts; and keeping track of when users have logged on to your network.
The Anatomy of a User
The default location for user objects in a domain is the cn=Users
container directly off the domain
root. You can, of course, create user
objects in other containers and organizational units in a domain, or
move them to these containers after they’ve been created. Table 6-1 contains a list of some of the
interesting attributes that are available on user
objects. This is by no means a complete
list. There are many other informational attributes that we haven’t
included.
Table 6-1. Attributes of user objects
Attribute | Description |
---|---|
| Large integer representing when the user’s account is going to expire. See Recipe 6.31 for more information. |
| Relative distinguished name of |
| Typically the full name of a user. This attribute is used in administrative tools to display a user’s descriptive ... |
Get Active Directory Cookbook, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.