Hack Attacks Testing How to Conduct Your Own Security Audit 7

Figure 1.9 Active Directory admin utility.

Managing Domain Controllers

To find a domain controller by using the Active Directory admin utility, follow these

steps:

Step 1. In the Console Tree, right-click any node or folder; then click Find.

Step 2. Under Find, click Computers; in Role, click Domain Controller (see

Figure 1.10). If you know which folder contains the domain controller, click the

folder in the In field; to search the entire directory, click Entire Directory.

Step 3. Click the Find Now button.

Figure 1.10 Searching for a domain controller

You can delegate administrative control of a particular domain or organizational

unit to individual administrators who are responsible for only that domain or organizational

unit. To delegate control by using the Active Directory admin utility, follow

these steps:

Step 1. In the Console Tree, double-click the domain node to expand the domain

tree.

Step 2. Right-click the folder that you want another user or group to control; then

click Delegate Control to start the Delegation of Control wizard, whose welcome

page is shown in Figure 1.11. You can grant users permission to manage users,

groups, computers, organizational units, and other objects stored in Active

Directory. Click Next to begin the wizard.

Step 3. Click Add and/or select one or more users or groups to which you want

to delegate control (see Figure 1.12); then click Next.

Figure 1.11 Delegation of Control wizard.

Figure 1.12 Selecting to whom to delegate control.

Step 4. Select from the common-task list shown in Figure 1.13 or select Create a

custom task to delegate to customize your own. When you’re finished, click

Next and then Finish to complete the control delegation.

Figure 1.13 Selecting control from the common tasks list.

By default, domain controllers are installed in the Domain Controllers folder. Certain

properties (e.g., Name, Role, and Operating System) are automatically assigned

when the computer is added to the domain or whenever it is started, and these properties

cannot be modified by the administrator. Other domain controller properties can

be modified by using the Active Directory admin utility. To do so, follow these steps:

Step 1. In the Console Tree, double-click the domain node.

Step 2. Click the folder containing the domain controller. In the details panel,

right-click the domain controller that you want to modify; then click Properties.

As you can see in Figure 1.14, the following property tabs will be displayed:

■■ General

■■ Operating System

■■ Member Of

■■ Location

■■ Managed By

Step 3. Click the property tab that contains the property you want to modify.

Figure 1.14 Modifying domain controller properties.