Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Correct way to setup Active Directory

Status
Not open for further replies.
lilcam

lilcam

MIS
Apr 22, 2002
52
US
I've always created users and placed them in the default "Users" container. We have over 300 student accounts and about 40 staff/faculty members. Should I create a 'User' and 'Faculty' OU? What advantage does this hold over the regular 'Users' container that I've been creating users in.

Also, I read somewhere that I should create individual computer accuonts first before I join them to the domain. How will this change anything if I wre to just add the computers later. Should I create a new OU for computer accounts or should I just use Windows default container?
 
Sort by date Sort by votes
The benefit you receive from setting up separate containers is management of those users. You will also be able to assign group policy to a container as you cannot do that with individual users.
 
Upvote 0 Downvote
Ok ... makes sense, and here's another question.

I can't get the computer configuration settings to apply to computers. I wanted to disable showing last user logged in name. So I enabled that feature and the PC that I am testing still shows the last user logged in. I also enabled the option to remove the shutdown button from the CTRL-ALT-DEL screen but it still shows up.

However, I can enable both option in the local security settings of the workstation!!! I dont want to have to do this to all workstations!


 
Upvote 0 Downvote
If you are applying your group policy object to an ou, then move all of the computer accounts from the computers container into the group policy your using.
 
Upvote 0 Downvote
Ok ... so i moved the computer accounts into the 'Faculty' OU. There's a GPO called 'Faculty's GPO.' Under the security tab I have the following:

Authenticated Users - READ
Domain Admin - READ,WRITE,DELETE,CREATE
Enterprise Admin - Same as above
Faculty - READ + APPLY

'Faculty' is the name of the group where all faculty members are placed in.

So, if I place ALL computer accounts into this OU, they will be affected by the GPO assigned to this OU?

 
Upvote 0 Downvote
That is correct, they will assume the GPO assigned to the OU.
 
Upvote 0 Downvote
Ok ... did that, but the remove shutdown button from screen is still available. grrrrr
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
84
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
334
goombawaho
goombawaho
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
229
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
123
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top