Essential Questions
- How can I best manage large groups and make sure everyone has access to the devices, applications, and network resources they need?
Big Ideas
Managing a network of 4-5 users and devices isn’t that difficult, but as your network grows, it can be difficult to manage users and file and resource sharing. Network administrators use directory-based tools to be able to set up and manage permissions across networks of any size, from groups as small as 5-10 to thousands of users and devices. One of the most common directory-based tools used by Network administrators is Active Directory.
Not many network administrators will want to give students access to their Active Directory since it contains sensitive information, like user passwords and PII (Personally Identifiable Information). If you don’t have the ability to create an isolated network in a classroom or workspace, consider using virtual machines that simulate the experience. If you have been using Virtual Machines in previous topics, this should be an easy transition to move from a virtual workstation to a virtual server.
Connection to Student Lives
You can’t always have your personal computer or laptop with you. Whether you’re at school, the library, or even if you work at a local business, you may have to use different computers throughout your time there. How do you get to all your files? If you start a document in the morning on one computer then want to work on it later in the afternoon on a different computer, how can you access your work?
It’s likely that you already have the ability to do this, at least using school devices, because a network administrator set it up for you. You know that you can share files and folders directly from a Windows PC, but a more effective way to make sure you can always access your files is through network sharing. You probably already benefit from network sharing, but to become a certified IT Support Specialist you should understand how networks are managed using a powerful tool called Active Directory.
Framing Problem
How do I easily create and manage numerous users and resources on a network?
Cornerstone Assessment
Use Active Directory to set up a domain and assign Group Policy Objects. Create and manage accounts and assign them to groups with different levels of access.
DPI Standards
- NCCTE.2020.II22.01.04 - Use appropriate Microsoft command line tools.
- NCCTE.2020.II22.01.08 - Configure Microsoft Windows networking on a client or desktop.
- NCCTE.2020.II22.02.02 - Explain logical security concepts.
- NCCTE.2020.II22.02.07 - Implement security best practices to secure a workstation.
A+ Standards
TOPIC 10C: Configure Active Directory Accounts and Policies
Knowledge
- The difference between local accounts and domain accounts
- Features and uses of domain controllers, member servers, and organizational units within Active Directory
- The difference between computer settings and user settings
- What objects GPOs (Group Policy Objects) can be applied to
- The uses of logon scripts
- Why and how to use folder redirection and roaming profiles
Skills
- Join a client computer to become a member of a domain
- Configure security policies for computers in an Active Directory domain using GPOs (Group Policy Objects)
- Use the command-line tools gpupdate and gpresult
- Use the tools in Server Manager on a server with Active Directory installed
- Explain and, if possible, establish group policies
- Assign a home folder for users using the Active Directory Users and Computers
- Manage passwords using the Account tab
Vocabulary
Configure Active Directory Accounts and Policies
Local account
- Local Security Accounts database or Security Account Manager (SAM)
Domain account
- Active Directory (AD)
- Windows Server Domain Controller (DC)
Domain
- Domain controller
Member server
Organizational Units (OUs)
Domain membership
Group Policy Objects (GPOs)
- Administrative Template
- Resultant Set of Policies (RSoPs)
- default security templates and configuration baselines
Server Manager
- Active Directory Users and Computers console
Logon scripts
- Group policy
Home folder
Folder Redirection
Roaming Profiles
Weekly Map
Monday
Introduction to problem: Set up a Domain and assign users using Active Directory
Online Pre-assessment (available for student practice, as well)
Tuesday
Review content resources with whole group: Topic 10C: Configure Active Directory Accounts and Policies
Small group and independent exploration of resources
Wednesday
Hands-on exploration with IT professionals: Activity 10-5: Configuring Active Directory Accounts and Policies
Activity 10-4: Discussing Active Directory Account and Policy Configuration
Thursday
Hands-on exploration with IT professionals: Activity 10-5: Configuring Active Directory Accounts and Policies
Friday
Progress check with individuals or whole whole group
Online post-assessment
Lesson Ideas
Students can continue their workgroup scenario from the previous week. Discussing the parameters of the workgroup as a whole can help students design the network prior to creating the domain, likely on a simulation through a Virtual Machine. Using simulations it is possible students can act both as network administrators to create and manage the domain as well as users that have to log in to domains others have created.
If using a Virtual Machines to simulate this experience is not possible, students should at least walk through scenarios and be encouraged to explain how Active Directory supports different functions and discuss some of the options a network administrator has when using Active Directory.
Potential Resources
The Official CompTIA A+ Core 1 & Core 2 Instructor Guide for Exams 220-1001 and 220-1002
- Topic 10C: Configure Active Directory Accounts and Policies (pp. 682-691)
- Activity 10-4: Discussing Active Directory Account and Policy Configuration (p. 692)
- Activity 10-5: Configuring Active Directory Accounts and Policies (pp. 693-700)
Professor Messer at ProfessorMesser.com and YouTube offers numerous free videos of various lengths for many of the topics for the CompTIA 220-1001 A+ Exam. They are easy to understand, narrated videos with visuals. If you are teaching a CompTIA course, the site notes “You’re welcome to use them as much as you’d like, provided you embed the videos with the associated YouTube link or link directly to my site. Please click the “Contact Us” link at the top of our web page and let me know how you’re using them.”
- Professor Messer’s 220-1001 Core 2 CompTIA A+ Training Course videos on ProfessorMesser.com. Search or scroll to find the topics you’re interested in.
Entry Level I.T. Training from Technology Gee
- Logical Security Concepts (Article | Video – 5:34) may be more appropriate for unit 7, week 13
- Workstation Security Best Practices (Article | Video -13:02)
Microsoft Support