Active Directory Users and Groups

The main objects which need to be managed in Active Directory are users, computers, and groups. The user object contains information about the individual including password and logon credentials. Groups are primarily used for the purpose of managing and securing groups of users, computers and other groups.

Use the buttons below to navigate through the lesson

Active Directory stores users and groups in a folder called Users within Active Directory Users and Computers. Each of the items in the left pane is a container. Active Directory is logically set out so that thousands of objects can be organised and found. Each object must be in a container. Containers may themselves contain containers! Users and groups can be created in any container. They can be subsequently moved into other containers in a separate operation. This is different from adding users (or groups) to a group which can be done without reference to the other containers of Active Directory.

There are Built-in users and groups made when Active Directory is first created. These groups cannot be deleted, but the users –  including the current administrator – can be.

N.B.This is a warning, not a suggestion…

Each of the Built-in groups was designed with a particular role in mind and so has a set of appropriate permissions:

To read the full description of these roles, the properties of each group needs to be explored.