Active
Directory
Installing
Active Directory
First we
must configure the DNS client properties
1. Click start
2. Settings
3. Network and Dial-up Connections
4. Right click Local Area Connection and click
properties
5. Under the general tab right-click the
(TCP/IP) option and select properties
6. Under the general tab enter the name of the
DNS server.
7. Press OK
To
Install Active Directory on the First Domain Controller
1. Click start
2. Click
run
3. Type DCPROMO and click OK
4. At the Active Directory installation screen
click next
5. In the next window, select Domain controller
for a new domain and click next
6. In the next window, select create a new
domain tree option and press next.
7. In the Create or Join Forest window, select
create a new froest of domain trees
8. In the New Domain Window, enter the name of
your DNS domain and click next
9. In the NetBios Domain Name Window, the wizard
will give you a name. You can fix if you
want and when satisfied, click next.
10. Next, the Database and Log Locations window
will be displayed. Here is the paths
where you will store your files. If you
wish to change them, you may but if you are happy with what they suggest, click
next. I WOULDN'T CHANGE IT.
11. In the next window, you will be able to
change the path where the files are replicated between the domain
controllers. Keep the path that they
suggest and click next.
12. Next you should find the permissions
window. Select permissions compatible
only with windows 2000 servers. Click
next to continue.
13. Next, the Restore administrative password
window will be displayed. This is a
special way to boot your machine to troubleshoot your active directory. Assign a password and continue.
14. Now you should see a summary of your
installation. If it is right, click next
to continue.
15. Now you should see a window stating that
active directory is now being configured.
16. At the completion window, click finish to
complete and restart the machine.
Installing active
Directory on Additional Domain Controllers
When installing additional
domain controllers, you must modify the installation process slightly ro
reflect the position of the domain controller in the Active Directory
structure.
To install Active
Directory on an additional domain controller in an existing domain:
1. At the Domain Controller Type window, select
the Additional domain controller for an existing domain option.
2. You will be propted for the name of the
domain, and the administrator name and password.
3. At the Database and Log Locations window,
the rest of the installation will continue.
Mixed mode to Native
mode
1. Launch Active Directory Users and computers,
which is available on the Admin Tools menu.
2. Right click the domain name in the Console
Tree and select the Properties option from the action menu.
3. The General tab of the domain properties
window, notice it is in mixed mode. to convert mode press change mode and
change.
JOINING
A COMPUTER TO THE DOMAIN
Windows 2000 and Windows
NT computers can be joinged to the domain during installation, or at any point
afterwards.
To join a previously
installed computer to the domain:
1. Right click My Computer and select properties
2. Click on Network Identification and then
select the properties tab.
3. In the Member of Section select the domain
radio button.
4. Enter the name of your domain and press OK
5. In a new window, you should be prompted for a
username and a password. Remember that
this is the password you assigned in active directory to the computer.
6. Now you should see a window where the
computer has joined the domain.
Active
Directory Permissions
1. Logon as administrator
2. Launch active directory users and computers
3. Click on view and make sure that advanced
features is selected
4. Locate the object that you would like to set
the permissions for.
5. Right click the object and select properties.
6. Under the security tab, are a list of
permissions.
Full Control - allows user to perform all functions
Read - user can view all the properties of an object but
cannot make any changes
Write - user cna view and change the properties of an
object
Create all child objects - user can create any type of
object on the OU
Delete all child objects - permission enables the user to
delete an object on the OU
USER
TEMPLATES
User templates are useful
when creating a larger network. You want
to make sure that once you create the account, you disable it so that noone can
log on to this account.
1. In the active directory users and computers
window, right click and selet new user from the action menu.
2. The new object-window should appear. Fill out the form with generic information
and select next.
3. In the next window that pops up be sure to
check DISABLE USER ACCOUNT. Because of
this, you will not need to enter a password for the account.
Now you will be able to
click on this accout and create new users from your template.
CREATING
USER OBJECTS
1. Logon as administrator
2. Launch active directory users and computers
3. Right Click the place where you want the user
to reside and click new --> user.
4. The new object window should be present.
5. Fill out the appropriate information
6. Click next
7. Insert a password for the user
8. Confirm the password
9. Click finish
CONFIGURING
THE USER OBJECT
1. Launch active directory users and computers.
2. Right click the user you are wanting to
configure and click on properties.
3. Here you can enter any information that you
may want to list.
If you want to configure the logon hours of the user,
simply click on the account tab and select the logon hours.
Organizational Units
1. Launch Active Directory users and computers.
2. Right-click the intended parent of the OU uou
wish to create, select the New option from the action menu, and then
Organizational unit.
3. In the New OU window enter the name of the OU
that you wish to create, and then press ok.
Assigning
the Logon Locally User Right
(The
following steps is very similiar to the applying group policy.)
1. Launch Active Directory Users and computers
2. right click the domain controllers OU and
select the properties option
3. From the properties window, select the group
policy tab.
4. Highlight the default domain controllers
policy option and press the edit.
5. Drill down into Group Policy to User Rights
Assignment. The path is computer
config/windows settings/security settings/local policies/user rughts assignment
6. In the results pane, scroll down until you
find the Log on Locally option.
7. double click log on locally and you will get
the security policy setting window. Make
sure groups already exist. If not you
may not be in the correct group policy.
8. click add to add the item to the list. The add user will appear and click browse to
view the current users and groups in the domain.
9. the select users or groups window will be
displayed. Find the group everyone,
click add, and then click ok.
10. The add user or group window will be
displayed with the group everyone included, press ok.
11. The security policy setting window will be
displayed again, make sure group everyone is in the list and press ok again.
12. Finally you can exit the group policy window.
CREATING
GROUP
1. Right click the parent OU
2. Select new from the action menu and then
press group.
3. The New Object-Group window will now be shown
4. Configure the group name, scope, and type.
5. Press ok to create the Group.
Adding
User Accounts to Groups
1. After creating the above group we need to add
user accounts. So from the properties
screen select Members, and press add to add a single user or more the the
group.
2. From the properties of the user account, and
select the member of tab, and press add to choose a group to make the user a
member of.
3. Right click the user account, and from the
action menu, select the Add members to a group option. choose the group or groups to make the user a
member of.
Creating
Home Folders
1. Create a folder called homefolder on your C
drive.
2. Share the folder so that everyone will be
able to access it.
3. Secify the location of the user's home folder
in the properties of each user account.
Problems we
encountered: we had trouble connecting to the homefolder because
we were placing the name of our domain and it wouldn't show the share on some
of the computers on our network. However
if you replace the name of the domain with your computer name it will show up
the share on all the computers. Reason is because if you use the domain name
the computer has a choice between 2 IP addresses causing it not to be able to
map the drives successfully.
TO
SHARE THE USERS FOLDER
1. Locate the homefolder
and right click it. From the available
menu you should choose properties. From
the properties menu you should select sharing.
2. Select the option that states SHARE THIS
FOLDER. You may enter a comment for the
share if you would like.
3. Press OK to share the folder.
NOTE: If you would
like to check the status of the sharing, have everyone to connect to it to see
if it is working.
ENABLING
ROAMING PROFILES
Roaming files are
stored locally by default, menaing that they reside on the local computer's
hard disk. This presents two potential
problems:
1. The user has a different profile on every
maching that they logon to.
2. The profile will not be backed up on a
regular basis
To fix this, enable
roaming user profiles. This keeps all
the user files in one place.
1. Create a folder on your C drive that will
hold the roaming files
2. Share the folder
Enter the location of the
roaming profile folder inthe properties of each user account.
1. Logon as administrator
2. Launch active directory users and computers.
3. Right click the user that you wish to enable
the roaming profile for.
4. Select the profile tab.
5. In the user profile section of this tab,
enter the path of the roaming folder next to the profile path field.
Example:
\\yahoo\roamingfiles\%username%
6. Press OK to finish
TO
CONNECT TO THE SHARE
1. From the start menu select run
2. Enter the UNC path to the server and press
OK. EXAMPLE: \\Users
3. Double click the folder that you have created
to see if you have access to the folder.
Now that the folder had
been created, you will need to configure each user account to recognize that
they have a shared folder.
1. In Active Directory Users and Computers,
right-click the user that you would like to configure and select Properties
from the action menu.
2. Click on the profile tab
3. In the Home folder section of the Profile
tab, you will need to select a letter that you will use to map the home
folder. In the field given next to this,
you will need to enter the location of the home folder.
NOTE: The home
folder should match the users logon name.
The %username% variable will automatically insert the user's logon name
into the path. Therefore, for example
here is what your path should look like.
\\yahoo\users\%username% One
problem that we ran into here was that we had to replace yahoo with a specific
computer name. For example we used
\\justin\users\%username%
4. Press OK to create the User home folder
This should create the
user homefolder automatically. The user
should have full access to the folder if it is ont he NTSF partition.
The down side is that
there is potential for the user homfolder to already exist. Therefore you would recieve an error message
from the active directory. Simply verify
that there are no other users with the same login name or that the folder
doesn't already exist and this should solve the problem.
The first time a user ogs
on after their home directory is assigned, they will automatically receive a
drive mapping to their directory.
MY
DOCUMENTS FOLDER
The my documents folder is
a place that the user can store local documents and pictures. The administrator can easily redirect the
contents of this folder to a different path.
1. Right-click My Documents on the Desktop, and
select properties.
2. In the Target folder location section, enter
the new path in the Target box.
YOU WANT TO REDIRECT THE
CONTENTS TO THE USERS HOMEFOLDERS AS DONE IN ACTIVE DIRECTORY.
3. Press OK.
4. You will be prompted to make sure that you
are wanting to do this. If you are sure
then select yes.