Data Network Resource
       Earn on the Web

17. Administering Accounts

Account templates for groups of people such as Sales, Managers etc. can be created, and to create new user accounts you just copy the template and assign a new name and password. If the template name has a _ at the beginning then it will always be at the top of the account list in User Manager. Rights and permissions are NOT copied.

Account policies determine how passwords must be used and covers password age, minimum length, uniqueness and lockout options. The policy comes into effect the next time the user makes a change to the password or the next time they log in.

Pointers for a good Account Policy:

  • No blank passwords
  • Have a minimum password length (up to 14 characters)
  • Change passwords often
  • Users must use different passwords (up to 24 different passwords)
  • Lockout accounts if there are multiple failures on login - deleting the old password, adding a new one and then unlocking the account are common events that occur together and are done in the user account in User Manager for Domains.
  • Only an administrator can unlock accounts
  • Users working outside restricted hours must be disconnected automatically.

All these things can be set up in the Policies menu of User Manager for Domains.

The BDC allows people to log on but you cannot do any account administration. If you need to take the PDC off line then you follow these steps:

  • In Administrative Tools click Server Manager.
  • In the Computer list select the BDC.
  • Click Promote to PDC.
  • All users will be disconnected from both the PDC and the BDC.
  • The BDC becomes a PDC and the PDC is automatically demoted to a BDC.

When bringing the original PDC back online, connecting and promoting the old PDC back up to a PDC will automatically demote the temporary PDC back to a BDC.

If a PDC goes off line unexpectedly, then promote a BDC to a PDC. Bring the PDC back on line, demote it using Server Manager on the temporary PDC then log on to the original PDC and promote the original PDC again. The directory databases are automatically synchronised so that any changes made are saved.

In a large domain, password changes take some time to filter to all the BDCs so you may wish to manually synchronise the databases. This is achieved by using Server Manager on the PDC to pick one or all the domain's BDCs and select Synchronize with PDC.

Valid HTML 4.01 Transitional

Earn on the Web    

All rights reserved. All trademarks, logos, and copyrights are property of their respective owners.