ManageEngine ADManager Plus :: Help Documentation
ManageEngine ADManager Plus :: Help Documentation
ManageEngine ADManager Plus :: Help Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Overview<br />
<strong>ManageEngine</strong> <strong>ADManager</strong> <strong>Plus</strong> :: <strong>Help</strong> <strong>Documentation</strong><br />
The Windows Active Directory is a hierarchical framework of objects. This provides<br />
information of the various Active Directory objects, such as resources, services, user<br />
accounts, groups, and so on, and sets the access permission and security on these<br />
objects. The structure of the Active Directory network components are:<br />
• Domains: A group of computers that share a common directory database.<br />
• Domain Trees: One or more domains that share a contiguous namespace.<br />
• Domain Forests: One or more domain trees that share common directory<br />
information.<br />
• Organization Units: A container or a subgroup of domains that is used to<br />
organize the objects within a domain into a logical administrative group.<br />
• Objects: The objects represent single entities, such as computers, resources,<br />
users, applications, and so on, with their attributes.<br />
Active Directory Groups<br />
Groups are the Active Directory objects that can contain the users, computers, and other<br />
groups (nested groups). There are two types of groups, namely, Security Groups and<br />
Distribution Groups. While a security group is used to group users, computers, and other<br />
groups to assign permissions to resources, the distribution group is used only to create<br />
e-mail distribution lists. The scope of the group can be Local, Domain Local, Global, or<br />
Universal.<br />
• Local Groups: Its scope is limited only to the machine on which it exists. It can<br />
be used to grant permissions to access the machine resources.<br />
• Domain Local Groups: It has domain-wide scope, meaning, it can grant<br />
resource permissions on any of the windows machines in that domain.<br />
• Global Groups: It also has domain-wide scope, but, can be granted permissions<br />
in any domain.<br />
• Universal Groups: This group can be granted permissions in any domain.<br />
including domains in other forests (based on trust relationship).<br />
Active Directory Users<br />
A User, in order to logon to a computer or a domain, requires an user account in the<br />
Active Directory, which establishes an identity for him/her. Based on this identity, the<br />
operating system authenticates the user and grant access to the domain resources.<br />
There are two pre-defined user accounts, administrator and guest, that are used to logon<br />
initially to make the necessary configurations.<br />
Active Directory Computers<br />
Similar to user accounts, the computer accounts are used to provide necessary<br />
authorization to the computers for using the network and domain resources.<br />
Managing Security Permissions<br />
The basic security permissions supported by Windows, such as Read, Write, and Full<br />
Control, are available to each and every objects on the Active Directory. Apart form<br />
these standard permissions, AD also provides some special permissions based on the<br />
ZOHO Corp. 11