User accounts are some of the most frequently used objects in Active Directory; they create the means of authenticating and authorizing someone to access resources on your network. Because Windows server systems authenticate and authorize users primarily through Active Directory, many key issues that system administrators deal with are covered in this chapter. In particular, Active Directory manages information regarding user passwords; group membership; enabling, disabling, or expiring user accounts; and keeping track of when users have logged on to the network.
The default location for
objects in a domain is the
container directly off the domain root. You can, of course, create
user objects in other containers and
organizational units in a domain, or move them to these containers after
they’ve been created. Table 6-1
contains a list of some of the interesting attributes that are available
user objects. This is by no means
a complete list. There are many other informational attributes that we
Table 6-1. Attributes of user objects
Large integer representing when the user’s account is going to expire. See Setting a User’s Account Options (userAccountControl) for more information.
Typically the full name of a user. This attribute is used in administrative ...