User Tools

Site Tools


viewing_samba_ad_content

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

viewing_samba_ad_content [2015/06/29 12:10] (current)
Line 1: Line 1:
 +**Viewing Samba Active Directory Content**
 +
 +====== Viewing Samba Active Directory Content ======
 +
 +  -  When logged on as a Domain Administrator,​ start the Active Directory Users and Computers Snap-In, either by clicking Start -> Programs\Administrative Tools\Active Directory Users and Computers, or by clicking Start -> Run '​dsa.msc'​
 +  - Expand the redtic.uclv.cu tree to see existing objects in the domain.
 +
 +{{samba4dsa.png?​500|}}
 +
 +**Note:** You can also manage users using the normal Windows AD user management tools.
 +
 +
 +===== Enabling the "​Advanced Features"​ view =====
 +----
 +
 +Most of the RSAT tools hide content and menu options in their default setting. To enable all features and display the whole content in each program, go to the "​View"​ menu and activate "​Advanced Features"​. Typically this option is only visible, when you've marked the root of the tree view. E. g. in ADUC, you see the option in the "​View"​ menu only when you have clicked to the "​Active Directory Users and Computers"​ node.
 +
 +{{:​aduc_enabling_advanced_features.png|}}
 +
 +
 +
 +====== Setting Up Roaming Profiles ======
 +----
 +
 +See Implementing [[samba_and_windows_profiles#​implementing_roaming_profiles_with_samba|Windows Roaming Profiles]] wiki web page.
 +
 +====== Adding Organization Units (OU) Into a Samba Domain ======
 +----
 +
 +The Organizational Unit (OU) is a powerful feature in Active Directory. This is a type of container which allows you to drag & drop users and/or computers into it.
 +
 +We can link several types of group policies to an OU, and the settings will push out to all users/​computers that sit under the OU. Within a single domain, you can have as many OUs and sub-OUs as you'd like. The result is that it can greatly reduce administrative overhead since you are able to manage everything via an OU. The implementation of Group Policy will be discussed in the next chapter.
 +
 +Before we create an OU, we must know what one looks like. By default we can see a sample OU called '​Domain Controllers',​ which uses a different icon in the Windows management tools than the '​users'​ and '​computers'​ containers. We can deploy Group Policy to the users or the computers container.
 +
 +  - To create an OU as the Domain Administrator,​ click Start -> Run -> dsa.msc
 +  - Right click your domain.
 +  - Select New -> Organizational Unit
 +  - Type '​REDTIC_Users'​
 +  - You will see a new OU appear, with the name '​REDTIC_Users'​.
 +  - You can drag the user '​demo'​ into the new OU (Don't move other users! Unless you want to get stuck!).
 +  - Right click '​REDTIC_Users',​ a sub-OU can be created with New -> Organizational Unit.
 +
 +Normally OUs are created according to the department setup of your organization. Be careful not to confuse Groups and OUs. Groups are used to control permissions,​ OUs are used for deploying settings to all users/​computers within the OU.
 +
 +
 +====== Implementing Group Policies (GPO) in A Samba Domain ======
 +----
 +
 +Samba Active Directory has support for Group Policies, and can create the Group Policy on the fly. The basic idea of Group Policies is:
 +  - Group Policies have two kinds of settings: computers and users.
 +  - Computer settings apply to computers, while user settings apply to users.
 +  - We link the group policy to a particular OU, and the group policy will effect all computers/​users under the OU.
 +  - To add a group policy, right click '​REDTIC_Users'​ OU->​properties.
 +  - Choose group policy.
 +  - Press new, and name it as 'GP Demo'.
 +  - Press edit to modify the policy.
 +  - Here will demonstrate how to block users from access to the control panel. Open the tree 'User Configuration'​->'​Administrative Templates'​->'​Control Panel'​.
 +  - Double click on '​Prohibit access to the Control Panel'​.
 +  - Press enabled and then press OK. Now the all users under '​REDTIC_Users'​ won't able to access to the control panel.
 +  - Make sure that the user '​demo'​ is inside the '​REDTIC_Users'​ (You can drag and drop it).
 +  - You'll find user '​demo'​ is not able to access control panel.
 +
 +
 +====== Notes ======
 +----
 +
 +  * User configuration will take effect once you logout and login.
 +  * Computer configuration will take effect when you restart the computer.
 +  * GPO Password Policies are not read by Samba when assigning passwords, to change the policy that Samba uses you must use **samba-tool domain passwordsettings**
 +
 +To learn more about managing and implementing organizational units, group policies, and Active Directory, try a web search for Google in Windows 2003 Active Directory implementation.
 +
 +
 +
  
viewing_samba_ad_content.txt ยท Last modified: 2015/06/29 12:10 (external edit)