Extending Forests ?

[superrug]

Hi,
Just installed win2003 server, and am trying to set up an Active Directory. I have setup Company name as Domain but inside that i want like Sales,Production,Manager and so. But I have tried groups,OU's but in when you view the network they are all just under the Domain and no sub catagories.

I know this is avery basic question but would appriaciate some help.

Thanks
Ben

 

[markdmac]

What are you actually trying to accomplish? Sounds like you want to be able to browse the OUs, but that is not what their purpose it.

An OU can be used to organize user and machine objects, can be used for security lockdown or delegation to a user or group. You can apply seperate GPOs to an OU. An OU is simply a container on the domain but all users are part of the same domain.

When you browse your network, you don't see user objects, you see computer objects and network shares.

Do I misunderstand what you are trying to do?

If you want to go to Network neighborhood and see your domain, then inside that see a sales container you need to set up a sales share.

Or perhaps you are actually looking to segregate the sales group. In that case perhaps you should be investigating child domains or even seperate forests (which are the true security boundry). However I'm making a guess that a multi forest or multi domain environment might be too much for you to attempt setting up.

 

[superrug]

Yup your probably right on the multiforest environment. Your right, I want to see my domain then inside that, Sales, Production , IT and so on , and inside those the users and machines in that area. I just assumed thaqt if your set up a group and then put those users inside that it would work, doh.
Then i want to setup up the PC's to save any files to the server so they are viewable to anyone with that group, eg . SALES or PRODUCTION.
I know its a bit basic but at the moment we have a NT server which has never really been used so all PC's are standalones within a workgroup.

 

[superrug]

So how do i setup up a sales share, not a folder u understand and extension the a domain that users can be [placed in a viewed from network neiberhood

 

[markdmac]

Hi Superrug,

Looks like you need to sit down and iron out your requirements because it sounds like you are trying to make life more difficult for yourself than it needs to be.

Are you familiar with the differences between NTFS and Share permissions? Do you know how they combine?

How many users are you supporting?
What are the requirements that are making you want to divide up computer accounts and user accounts?

I'll be happy to help you out here but need to understand what the real goals are to do it properly. From what I see above, you really just need to get an understanding of proper GPO structures, group memberships and share permissions to accomplish your goals.