Locating Active Directory Objects

Active Directory directory service stores mcitp boot camp information about objects on the network. Each object is a distinct, named set of attributes that represents a specific network entity. Active Directory is designed to provide information in response to queries from users and programs about directory objects. This lesson shows you how to use the Find option in the Active Directory Users And Computers console and the Dsquery command to locate Active Directory objects.
Netdom is a useful tool for listing objects in the domain. For example, you can use netdom query workstation to list all of the workstations in your domain. If you want to specify a different domain, use the /d: switch followed by the domain name. For example, to list all of the workstations in the contoso.com domain, you'd type netdom query /d:contoso.com workstation and press Enter, Instead of workstation, substitute server, dc, pdc, fsmo or ou to list servers, domain controllers, the PDC emulator, the list of operations master (also known as flexible single master operations, or FSMO) role holders, or OUs, respectively.
Global security groups are most often used to organize users who share similar network access requirements. Domain local security groups are most often used to assign permissions to resources. Universal security mcitp certifications groups are most often used to assign permissions to related resources in multiple domains.

For global security groups, members come from only the local domain, but they can access resources in any domain.
For domain local security groups, members can come from any domain, but they can access resources only in the local domain.
For universal security groups, members can come from any domain in the forest and they can access resources in any domain in the forest.
There are three ways to make changes to inherited permissions:
Make the changes to the parent object, and then the object inherits these permissions.
Assign the opposite permission (Allow or Deny) to the security principal to override the inherited permission.
Clear the Allow Inheritable Permissions From The Parent To Propagate To This Object And All Child Objects. Include These With Entries Explicitly Defined Here
check box in the Advanced Security Settings dialog box for the object. Then, you can make changes to the permissions or remove users or groups from the Permissions Entries list. However, the object no longer inheritsmicrosoft exam papers permissions from the parent object.