[dba-Tech] Kill a Workgroup and Replace it with a Domain

Arthur Fuller artful at rogers.com
Mon Mar 6 19:18:59 CST 2006 

I have one machine that is running Windows 2003 Server, but it so far is
defined as part of the workgroup. How can I nuke the workgroup and then
retroactively set up this box as the primary domain controller? In the short
term, I don't care that while I reorganize everything I lose connectivity to
the ancillary boxes, because that's all they are -- ancillary. So I feel
quite free to nuke the workgroup, then create the domain and establish this
box as the primary domain controller, then create the required users and
then bring each box into the domain.
I don't want to digress, but we are venturing close to the topic about what
I really want, whose one-word answer I have been led to believe is
ActiveDirectory. What I really want is that any of the known users be able
to sit at any computer and login and have her Outlook file, her Favourites,
Recent Documents list, etc. etc. available at once. I have lived on systems
set up like this, but I didn't set them up and I have no idea how it's done.
But that is my ultimate goal: 10 users, 3 of whom bring notebooks and
connect via the wireless router, and the system knows who they are and knows
which directories are available to them, etc. 
In the case of the latter 3, who are all clients, they should be able to
access their client-specific directory on the server, and a few other
directories, but not the whole world.
In the case of, let's call them resident-users, of whom there are 8, they
should be able to see their own data plus selected directories located here
and there. Two of these 8 are fictional persons that I created to test the
functionality of limited access. One is a user and the other is a developer
(the latter so I can test VSS, Visual Studio 2005's concept of partial
classes, etc.).
Exactly two persons (me and my trusted colleague) can see everything
everywhere.
The immediate problems, I surmise from your reply, are:
1. nuke the workgroup;
2. retroactively reconfig the W23Server box to be the primary domain
controller.
I need help with both these steps.
Thanks!
Arthur
-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan
Sent: March 4, 2006 7:45 PM
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] Kill a Workgroup and Replace it with a Domain

On 4 Mar 2006 at 19:20, Arthur Fuller wrote:

> Way back when, I set up my home network, back when I knew even less than I
> do now, which is almost nothing. When it asked if I wanted to set up a
> domain, I assumed that it meant an internet domain, which I didn't have,
so
> I chose Workgroup. I would now like to change this, and ultimately arrive
at
> an Active Directory solution, replete with roaming profiles, so that no
> matter which box I am on, I see the same Outlook files, the same
shortcuts,
> etc. In short, how do I get from here to there?   Should I just remove
> everyone from the workgroup, then destroy the workgroup, then create a
> domain, then add the boxes to the domain, and finally add the users? If
not
> this, then what? 

Assuming that you are using workstation OSs (2KPro, XPPro), you will need 
to upgrade the OS on one machine to a Server version or instal a new server 
with the appropriate OS.  When you do the update, you set up that machine 
as the Primary Domain Controller.

You then create user accounts on that server for all of your users.

Once you have the domain controller set up, on each workstation  change the 
Network properties to be part of a domain and enter the domain name. Then 
just follow the prompts to connect.

>I have tried a few googles and got nowhere useful. One more
> thing. I have purchased a wireless router, but not yet set it up. The
> intended purpose of this box is to allow immediate access to my network to
> several selected people only: clients and colleagues. I want a client to
be
> able to visit, turn on her notebook and immediately have access to my
> network -- not complete unfettered access, of course, but access to areas
of
> interest to her. 

As long as you are using NTFS on all machines, once you hae set up a domain 
with a PDC,  you can restrict access to any resource on any machine based 
on the user logon.   Using wireless access to your network, if they have 
the relevant encryption key, they will be able to log on to your network 
and use whatever resources you have made available to them. 

> The list of clients/colleagues is small; less than 10 --
> and the only way they will ever access the network is by bringing their
> notebooks here. In addition to the clients/colleagues, there are 4 others
to
> whom I want to give roaming profile abilities, so they can log in to any
> available box and see their stuff and not see the stuff to which they have
> no access. 

Again, this will all happen automagically once you set up a domain 
controller and user access rights.

-- 
Stuart

More information about the dba-Tech mailing list