1
00:00:06,460 --> 00:00:09,670
When you create to use a recount in 80.

2
00:00:09,820 --> 00:00:14,600
You also configure all this situated account properties.

3
00:00:14,680 --> 00:00:23,020
You must define the attributes that allow the user to assign a name by using the account in addition

4
00:00:23,020 --> 00:00:29,950
to a few other attributes because you can associate the user object with many attributes.

5
00:00:29,950 --> 00:00:38,740
It's important that you understand what these attributes are and how you can use them in your organization.

6
00:00:38,740 --> 00:00:46,690
You can configure user attributes by use an Active Directory administrative center or Active Directory

7
00:00:46,690 --> 00:00:53,920
user or send computers or Windows power shell or the D S mod to.

8
00:00:54,040 --> 00:01:03,070
Please note that the attributes associated with a user recount are defined as part of the ADF schema

9
00:01:03,580 --> 00:01:11,470
which members of the schema admin security group can modify the schema does not often change.

10
00:01:11,470 --> 00:01:20,400
However introduce on an enterprise level program such as Microsoft Exchange Server requires Magnitsky

11
00:01:20,470 --> 00:01:21,540
my changes.

12
00:01:21,580 --> 00:01:27,790
These changes enable objects including the user object to have additional attributes.

13
00:01:27,790 --> 00:01:35,920
Now let's take a closer look at attribute categories the attributes of a user object fall into several

14
00:01:35,920 --> 00:01:37,750
broad categories.

15
00:01:37,750 --> 00:01:45,880
These categories appear in the navigation pane of the user properties dialog box in Active Directory

16
00:01:46,240 --> 00:01:48,030
administrative center.

17
00:01:48,040 --> 00:01:53,540
So I'll open an account and review all the attribute categories.

18
00:01:53,560 --> 00:02:01,000
The first category is account in addition to the user's name properties which are first name middle

19
00:02:01,000 --> 00:02:09,640
initial last name full name and to the user's various log names which are user you can log onto user

20
00:02:09,850 --> 00:02:11,860
same account name log on.

21
00:02:11,950 --> 00:02:17,230
You can configure the following additional properties log on ours.

22
00:02:17,230 --> 00:02:25,870
This property defines when the user can use the account to access domain computers you can use the weekly

23
00:02:25,870 --> 00:02:28,590
calendar or style view to define.

24
00:02:28,720 --> 00:02:32,710
Log on permitted hours and log on denied hours.

25
00:02:32,760 --> 00:02:42,160
The next one is log on to use this property to define which computers a user can use to sign into the

26
00:02:42,160 --> 00:02:49,680
domain specify the computer's name and add it to a list of allowed computers.

27
00:02:49,750 --> 00:02:52,540
The next one is account expire.

28
00:02:52,540 --> 00:02:57,760
This failure is useful when you want to create a temporary user account.

29
00:02:57,790 --> 00:03:05,500
For example you might want to create user accounts for interns who will be able to use the computers

30
00:03:05,500 --> 00:03:09,130
in your organizations for just one year.

31
00:03:09,130 --> 00:03:13,750
You can set the account expiration date in advance.

32
00:03:13,780 --> 00:03:21,630
No one can use the account after the expiration date until an administrator reconfigure a set manually.

33
00:03:21,730 --> 00:03:25,380
The next one is user must change password.

34
00:03:25,420 --> 00:03:34,240
Next log on this property enables you to force users to reset their own password the next time they

35
00:03:34,240 --> 00:03:35,320
sign in.

36
00:03:35,320 --> 00:03:43,780
This is something you might enable after you reset a user response for the next property smartcard is

37
00:03:43,780 --> 00:03:46,670
a required for interactive log on.

38
00:03:46,720 --> 00:03:56,070
This value resets the user response effort to a complex random sequence of characters and sets a property

39
00:03:56,080 --> 00:04:04,780
that requires that the user use a smartcard to authenticate your own log on the next one is password

40
00:04:04,810 --> 00:04:06,340
never expires.

41
00:04:06,340 --> 00:04:15,730
This is a to that you normally use with service accounts that is those accounts that services use and

42
00:04:15,790 --> 00:04:17,770
not regular users.

43
00:04:17,770 --> 00:04:25,150
By setting this value you must remember to update the password manually on a periodic basis.

44
00:04:25,150 --> 00:04:31,360
However the system does not force you to do this at a pre-determined turmoil.

45
00:04:31,630 --> 00:04:39,130
Consequently the account can never be locked out due to the password to expiration a feature that is

46
00:04:39,430 --> 00:04:42,180
particularly important for a service account.

47
00:04:42,370 --> 00:04:49,640
Let's move on to the next one which is user can not change paths for you use this option generally for

48
00:04:49,640 --> 00:04:51,070
a service account.

49
00:04:51,130 --> 00:04:56,140
The next one is stored password by using reversible encryption.

50
00:04:56,140 --> 00:05:04,450
This policy provides support for programs that to use protocols that require knowledge of the user response

51
00:05:04,450 --> 00:05:12,320
effort for authentic creation purposes storing passwords by using reversible encryption is essentially

52
00:05:12,320 --> 00:05:16,910
the same as storing plain text versions of the passwords.

53
00:05:16,910 --> 00:05:25,010
For this reason you should never enable this policy unless program requirements outweighs the need to

54
00:05:25,010 --> 00:05:27,740
protect password information.

55
00:05:27,740 --> 00:05:37,280
This policy is mandatory when you use challenge handshake authentication protocol or sharp authentication

56
00:05:37,550 --> 00:05:42,660
through remote access or Internet authentication service.

57
00:05:42,710 --> 00:05:49,730
It is mandatory when use in digester syndication in internet information services.

58
00:05:49,730 --> 00:05:53,790
The next option is a county's trusted for delegation.

59
00:05:53,810 --> 00:06:01,970
You can use this property to allow its source account to impersonate a standard user to access network

60
00:06:01,970 --> 00:06:04,700
resources on behalf of a user.

61
00:06:04,700 --> 00:06:09,300
So these were the options for the account property.

62
00:06:09,340 --> 00:06:12,130
We've also got organization property.

63
00:06:12,140 --> 00:06:20,810
This includes properties such as the users display name office email address various contact telephone

64
00:06:20,810 --> 00:06:28,310
numbers management structure department turned organization names addresses and titles appropriate.

65
00:06:28,310 --> 00:06:36,350
The next one is member of use this section to define group membership for the user password sentence.

66
00:06:36,380 --> 00:06:42,270
This section includes password surgeons that apply directly to the user profile.

67
00:06:42,290 --> 00:06:50,150
Use this section to configure a location for the user's personal data and to define a location in which

68
00:06:50,150 --> 00:06:53,630
to save the user's desktop profile.

69
00:06:53,810 --> 00:06:57,500
When he or she logs out the next one is policy.

70
00:06:57,510 --> 00:07:06,830
Use this authentication policies to control Gerber ticket Grant and ticket life times and the authentication

71
00:07:06,920 --> 00:07:13,640
access control for a specific account such as high level administrative accounts sila.

72
00:07:13,740 --> 00:07:21,770
Use this section for authentication policies Silas which are the containers to which you can assign

73
00:07:21,770 --> 00:07:28,970
a user account you can assign authentication policies to these silence and extensions.

74
00:07:28,970 --> 00:07:37,460
This section exposes many additional user properties most of which do not normally require manual configuration.