Drew Wutka
DWUTKA at Marlow.com
Wed Jun 3 17:59:22 CDT 2009
Ok, this is pretty straight forward, but I have some screen shots again. They are http://www.marlow.com/downloads/CreateAUser1.jpg (through 9) First, open Active Directory Users and Computers (either through the shortcut you put on the desktop or through Administrative Tools). 1: Builtin, Computers, Domain Controllers, etc. These are known as OUs or Organizational Units. Obviously in a small home network, the need for a complex organizational structure is not there. But it ability is just in case. In the Builtin Tree you can see a lot of 'groups' that already exist, each with a description. 2: Note there is nothing in 'Computers' As you join computers to your domain, a computer 'object' will be put in here to represent that computer (we'll come back and look at this when we join our first client). But wait, we have a computer already...our Domain Controller (win2003), isn't it in computers? Nope, since it's a DC, Active Directory automatically assigns it to the Domain Controllers OU Screen Shot 3: 4: The Users Group. Notice there are a lot of items in here. There are a few users (Guest and a Support account are disabled) and you should have Administrator as the only other user listed. The rest are security groups that AD automatically creates. The most important one would be Domain Admins. Members of this group can do anything they want on your domain, so only put accounts you want to have that ability in that group. 5: Let's create a user. Click the New User button (I have it circled in red in this screen shot). You can also right click to get this option, or go through the Action Menu (New -->User). 6: Put in a first name, last name, and a User Login Name. Click Next 7: Put in a password (and confirm it.) Note there are several options here. You can have a user be forced to change their password, make it so they can't change it, or that their password never expires. So if you want to allow someone to have their own account, where you don't know the password, force a change, so when they login the first time, it will prompt them to change their password. If you want someone's account to have an 'open' password, that you know, you can deny them from changing it. The password expiration is used in business environments, to help with security, it probably isn't necessary in a home network.... Click next (after selecting the options you want). 8: We're done, click finished. 9: As you can see, the user we created is now in our Users OU listing. 10: double click that user, and now you can see the full properties of that account. This is the Active Directory part on top of the Domain. There are a LOT of tabs. You can put in email, address, phone, organization info, etc. All stored in Active Directory. Obviously not useful at home, but to a developer, you can access all of this information programmatically and use it in your applications! 11: Go to the Profile tab and put login.bat in the Logon Script box...click Ok. Now, go create a folder or two on your server. Name them whatever you want. Right click on them, and select properties, and go to the sharing tab, screen shot 12. Select 'share this folder' and give it a share name (and share permissions). Then, click Start --> Run --> \\MachineName\Netlogon <file:///\\MachineName\Netlogon> (so in my demo's case, \\win2003\netlogon <file:///\\win2003\netlogon> ) and hit enter. You will get an empty folder window. Right click and select New text file, name it login.bat. (make sure it's a .bat file, not a .bat.txt file). Then right click and select Edit. That will open that batch file in notepad. Now we'll create the script to map our shared drives: Net use g: \\win2003\ShareName <file:///\\win2003\ShareName> Do this for each share you want, then save the batch file. Ok, Now we get to join a client to the domain. I may not get to that tonight still, so it may be tomorrow before I can post that. Drew The information contained in this transmission is intended only for the person or entity to which it is addressed and may contain II-VI Proprietary and/or II-VI Business Sensitive material. If you are not the intended recipient, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. You are notified that any review, retransmission, copying, disclosure, dissemination, or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.