AD Users and Computers (dsa.msc) is a user interface to manage some
aspects of some AD objects. It has a way to get at the GPOs (group
policy objects). If you intstall (and you should if you are using XP or
W2k3 to run dsa.msc) the GPMC and then access to GPOs in dsa.msc
is changed, with the GPMC being the newer, better way.
see
www.microsoft.com/gp
and along with all the other infro look for link to download GPMC
(Group Policy Management Console).
Now, briefly, your other question deal with the difference between
the two pre-defined GPOs, Default Domain and Default Domain
Controller GPOs. The first is applied to the entire domain, the second
is only linked to the Domain Controllers OU and hence only applies to
objects within that OU. As such, the DD GPO impacts all that is subject
to an applied policy defined within it, whereas the DDC GPO only applies
additional settings, beyond those of the DD GPO, to objects in the DC OU
(i.e. the DCs in a default domain setup).
There is much reading at the link provided above, and based on the
questions you have asked I would strongly encourage you to CHANGE
NOTHING in the GPOs until you have done some study.
