[AccessD] Setting Up a Domain. Part 4. Creating a User and Setting up a file share.

Drew Wutka DWUTKA at Marlow.com
Wed Jun 3 17:59:22 CDT 2009


Ok, this is pretty straight forward, but I have some screen shots again.
They are http://www.marlow.com/downloads/CreateAUser1.jpg (through 9)

 

First, open Active Directory Users and Computers (either through the
shortcut you put on the desktop or through Administrative Tools).  

 

1:  Builtin, Computers, Domain Controllers, etc.  These are known as OUs
or Organizational Units.  Obviously in a small home network, the need
for a complex organizational structure is not there.  But it ability is
just in case.  In the Builtin Tree you can see a lot of 'groups' that
already exist, each with a description.

2: Note there is nothing in 'Computers'   As you join computers to your
domain, a computer 'object' will be put in here to represent that
computer (we'll come back and look at this when we join our first
client).

 

But wait, we have a computer already...our Domain Controller (win2003),
isn't it in computers?  Nope, since it's a DC, Active Directory
automatically assigns it to the Domain Controllers OU Screen Shot 3:

 

4:  The Users Group.  Notice there are a lot of items in here.  There
are a few users (Guest and a Support account are disabled) and you
should have Administrator as the only other user listed.  The rest are
security groups that AD automatically creates.  The most important one
would be Domain Admins.  Members of this group can do anything they want
on your domain, so only put accounts you want to have that ability in
that group.

 

5: Let's create a user.  Click the New User button (I have it circled in
red in this screen shot). You can also right click to get this option,
or go through the Action Menu (New -->User).

 

6: Put in a first name, last name, and a User Login Name. Click Next

 

7: Put in a password (and confirm it.)  Note there are several options
here.  You can have a user be forced to change their password, make it
so they can't change it, or that their password never expires.  So if
you want to allow someone to have their own account, where you don't
know the password, force a change, so when they login the first time, it
will prompt them to change their password.  If you want someone's
account to have an 'open' password, that you know, you can deny them
from changing it.  The password expiration is used in business
environments, to help with security, it probably isn't necessary in a
home network....  Click next (after selecting the options you want).

 

8: We're done, click finished.

 

9: As you can see, the user we created is now in our Users OU listing.

 

10: double click that user, and now you can see the full properties of
that account.  This is the Active Directory part on top of the Domain.
There are a LOT of tabs.  You can put in email, address, phone,
organization info, etc.  All stored in Active Directory. Obviously not
useful at home, but to a developer, you can access all of this
information programmatically and use it in your applications!

 

11: Go to the Profile tab and put login.bat in the Logon Script
box...click Ok.

 

Now, go create a folder or two on your server.  Name them whatever you
want.  Right click on them, and select properties, and go to the sharing
tab, screen shot 12.  Select 'share this folder' and give it a share
name (and share permissions).

 

Then, click Start --> Run --> \\MachineName\Netlogon
<file:///\\MachineName\Netlogon>  (so in my demo's case,
\\win2003\netlogon <file:///\\win2003\netlogon> ) and hit enter.  You
will get an empty folder window.  Right click and select New text file,
name it login.bat.  (make sure it's a .bat file, not a .bat.txt file).
Then right click and select Edit.  That will open that batch file in
notepad.  Now we'll create the script to map our shared drives:

 

Net use g: \\win2003\ShareName <file:///\\win2003\ShareName> 

 

Do this for each share you want, then save the batch file.

 

Ok, Now we get to join a client to the domain.  I may not get to that
tonight still, so it may be tomorrow before I can post that.

 

Drew


The information contained in this transmission is intended only for the person or entity 
to which it is addressed and may contain II-VI Proprietary and/or II-VI Business 
Sensitive material. If you are not the intended recipient, please contact the sender 
immediately and destroy the material in its entirety, whether electronic or hard copy. 
You are notified that any review, retransmission, copying, disclosure, dissemination, 
or other use of, or taking of any action in reliance upon this information by persons 
or entities other than the intended recipient is prohibited.



More information about the AccessD mailing list