Windows Server 2003 Environment MCSE70-290

The 70-290 exam (Managing and Maintaining a Windows Server 2003 Environment) is one of the four core exams in Microsoft's MCSE 2003 certification program as well as a core exam in the MCSA 2003 program. This course provides students with the knowledge and skills that are needed to effectively maintain server resources, monitor server performance, and safeguard data on a computer running one of the operating systems in the Microsoft Windows® Server 2003. In our training course, our expert instructor will prepare students with hands-on training to manage and maintain a Windows 2003 server. After completion of our course, the student will possess the skills to successfully pass the 70-290 exam.

1. What are the three reasons for defining an OU?

The three reasons for defining an OU are to delegate administration, to administer Group Policy, or to hide objects.

2. What is "delegating administration"?

Delegating administration is the assignment of IT management responsibility for a portion of the namespace, such as an OU, to an administrator, a user, or a group of administrators or users.

3. What is the purpose of creating an OU to hide objects?

Although a user might not have the permission to read an object's attributes, the user can still see that the object exists by viewing the contents of the object's parent container. You can hide objects in a domain by creating an OU for the objects and limiting the set of users who have the List Contents permission for that OU.

4. Can you assign access permissions based on a user's membership in an OU? Why

or why not?

No, you cannot assign access permissions based on a user's membership in an OU. OUs are not security principals. Access control is the responsibility of global, domain local, or universal groups.

5. Which of the following is the primary reason for defining an OU?

a. To delegate administration

b. To hide objects

c. To administer Group Policy

d. To define the domain structure

The correct answer is a. Although hiding objects and administering Group Policy are reasons for defining an OU, they are not the primary reason. You do not define an OU to define the domain structure.

In this exercise, you create top-level OUs for the contoso.com domain.

To create top-level OUs

1. Log on to Serverl as Administrator.

2. On Serverl, use the procedure provided earlier in this lesson to create the top-

level OUs you planned in Exercise 1.

Exercise 3: Creating Second-Level OUs

In this exercise, you create second-level OUs for the contoso.com domain.

To create second-level OUs

1. On Serverl, use the procedure provided earlier in this lesson to create the second-

level OUs you planned in Exercise 1.

2. The Active Directory Users And Computers console displays the OU structure for

contoso.com, which is similar to the one

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in the "Questions and Answers" section at the end of this chapter.

1. In what two locations can you create an OU?

2. What tool do you use to create an OU?

3. What action must you take to be able to view the Security tab in the Properties dialog box for an OU?

4. How does the icon used for an OU differ from the icon used for a container?

Lesson Summary

Use the Active Directory Users And Computers console to create an OU.

You can create an OU within a domain or within another OU.

Use the Active Directory Users And Computers console and the Security tab in the

Properties dialog box for the OU to create OUs for the purpose of hiding objects.