I need a rudimentary explanation of how to connect to a Domain 5

[quolo]

Hi there.

I'm in a startup company of 8-10 people; so they bought a server, had someone install Windows 2000 Server on it, plopped it off at my desk and informed me that I was now the IT Director and I'm supposed to configure this thing.

I've done all the research I can on my own and am stuck. We have about 10 machines here in house, running anything from Win98 to XP Pro. I have Set up a Domain Controller (I think) on the Server, created users (again, I think I did), created a shared folder and assigned users permissions to that folder.

I don't know how any of the users are supposed to join the domain. Do I go to My Network Places and access the shared drive as if they were just 2 computers in the same workgroup? That doesn't work because it doesn't let me log into the server, though I do see it on the network.

Eventually, I'm trying to create a shared file tree to centralize all our work, configure all of our users in Exchange so we can do group calendar functions, and configure VPN Access (although that's a ways down the road).

Any assistance would be greatly appreciated.

 

[bran2235]

Man, you are asking a lot of loaded questions... no short answers will do you justice... EXCEPT:
1) your clients (user's machines on the NW) must either join the domain OR you can create the accunt on your DC first, then join via the client machine... On your XP clients, Rt click MY COMPUTER, Properties, and then Computer Name tab... you can join the domain here... However, use the Admin credentials to do this....

2) Win 98 machines... rt click Network Neighborhood, properties, Make sure MS network is added in the box, properties of that, then Log on to Domain: %yourdomainname%

Hope this helps...

You should buy some books, my friend or take some classes at least... wish you luck!!

Brandon

 

[GrnEyedLdy]

Quolo,

Did you run DCPROMO? If you did then you are a Domain Controller.

To have your users join the domain, go to the PC, log on locally and then right-click My Computer. Choose Properties, click the Network Identification tab and choose properties again. Select the radio button next to domain and type in the name of your domain.

Next you will be prompted to enter a username and password. You will need to enter a Domain account that has the rights to add computers to the domain. Like the Domain Administrator, or a member of the Domain Administrators group. That's all there is to it.

Let us know if you need more help,

Patty

 

[setnaffa]

Too bad we can't solicit business... What you're asking for is one of the services my buddy and I provide...

However, there is a great explanation of how to add users to a domain at:

http://www.pcmech.com/byonet/

Ouch!!! It hurts to give away my business!!! Make it stop!!!

;-) Setnaffa is an MCP-W2K (working on W2K) with a few other certs, too...

 

[GlenJohnson]

Pardon me if you know/have done the following, but we don't know how new you are to this. The above awnsers are on the money, but there are a couple of things you should know. Again, I'm sorry if you do know this, but better safe than sorry. Go to google and do a search for hfnetchk. This is a free program that will search your server for any known problems and allow you to put the appropriate patches on them. Also put this on anything above W98. Also, make sure you have IE6, sp1 on ALL machines including server. You probably have the latest service packs for explorer installed since this sounds like a new install. Make sure you've got a good anti-virus program running on the network and keep it updated. Install a good firewall before thinking about the vpn. Do you have any backup running yet? Last, but not least, make Tek-Tips your home page, this is where you're going to find real awnsers from real people. Good luck.

Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us



"There is only one good: knowledge; and only one evil: ignorance."
Socrates (470- 399 BC); Greek philosopher.

 

[quolo]

Patty...Brandon...Glen...you are my heroes.

You cannot possibly insult me by assuming I know nothing about server configuration; I make no pretense about being a complete neophyte. I'm a writer and animator by trade, or at least I was.

I achieved a measure of success - I was able to assign "Domain Admins" membership to an XP Pro user and got him logged in and everything. That was great.

Then he restarted his computer, logged in the nifty new login screen, and it was as if he was a different user - no emails, no desktop, etc. I took him off the domain and stuck him back in the Workgroup so he could do his job. Any idea why that happened?

Also, to get my client to join the domain, but I had to, as I said above, to stick him in the Domain Admins group. That's probably not a policy I want to adopt, right? Did I give my client superpowers with which he can destroy domain structure?

Glen, I'm going to do everything you suggested. I have a copy of Symantec Antivirus to install, a backup plan for the future, and somewhere soon we'll have to do a firewall thing, but that I know less about.

Your humble serversquire,

Jeremy

 

[quolo]

Setnaffa, if we had any money at all, we would have hired you by now. Thanks for the link, it was muy helpful.

If and when we get funded, I'll see if I can work something out for the old time server support crew. I never forget a favor.

I had no idea such a resource as this existed. Usually you ask for help and it falls on a deaf ear. I'll have to find a way to reciprocate; free theatre tickets or something if you ever come to New York.

 

[GlenJohnson]

If nothing else, use the backup that comes with win2k and backup your registry and system state of the server to a machine dedicated on the network. As to what happened to the user, go ahead back into the domain, and right click my computer and select properties. The next to the last tab has user profiles. Select the profile of the user on the workgroup, (Which is actually local) and select copy to, then browse to c:\documents and settings\username.domain and this will take your desktop and everything to the new logon with the domain. good luck. Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us



"There is only one good: knowledge; and only one evil: ignorance."
Socrates (470- 399 BC); Greek philosopher.

 

[GrnEyedLdy]

Quolo,

Each user that logs into Windows will receive his/her own unique user profile...(including email settings among many others things).

When your user was logged into a workgroup, he was logging on to the local machine and therfore he was using a Local User Account,(which is stored only in the Local User Database and will not enable him to log into the domain). In order for your user to log into the domain, you had to create him an account on a Domain Controller within the doamin. After you created that account and he logged in using it, he then received his domain user profile, (which is stored in the Domain Security Database).

Does that make sense?

Now, in order for a user to add a computer to the domain, you can give them Administrative rights, (which is not recommended), or you can edit a GPO to allow the user to add computers to the domain.

1. Open Active Directory Users and Computers
2. Right-click your domain name
3. Choose Properties
4. Click the Group Policy tab
5. Click Edit (this will allow you to edit the default domain policy).
6. Expand Computer Configuration
7. Expand Windows Settings
8. Expand Security Settings
9. Expand Local Policies
10. Expand User Rights Assignments
11. In the right-hand pane, you can now dbl-click on "Add Workstaions to the Domain".
12. Click Add and browse for the user you would like to give this right to.

Piece of cake, :-D

Have fun and let us know if we can help in any other way!

Patty

 

[gurner]

To create a centralised store of information, create a series of Network shares on your server (how many disks does this server have? i hope more than 1, because it will become quite stressed out if you have Network resources being accessed by lots of people as well as its main tasks)

Create a text file in
C:\WINNT\system32\Repl\Import\Scripts
type in it something like;

echo off
net use P: /delete
echo on
net use P: \\Server\apps
echo off
net use R: /delete
echo on
net use R: \\Server\Reference
echo off
net use S: /delete
echo on
net use S: \\Server\NOBACKUP
echo off
net use U: /delete
echo on
net use U: \\Server\Devdata
echo off
net use W: /delete
echo on
net use W: \\Server\datawork
echo off
net use X: /delete
echo on
net use X: \\Server\docstore

net time \\Server /set /yes

With the UNC paths relating to your Network shares as they'd be accessed from Network Places.

Then save it as (for example) Global.BAT (type this exactly in the Save as... diag box (so it is *.bat NOT *.txt)

Under Start>Programs>Administrative Tools>Active Directory Users and Computers>Users>Right click a user and go to Properties>Profile>Logon Script = 'Global.bat' Home Folder = Connect 'H'? + To = \\Server\Users\TheirName

When they logon now instead of having to fight through lots of folders via Network Places>find the server>Which folder?!?

They can go to My Computer, and as well as A:\ C:\ and D:\ they will have (going on above sample, you do your own) H:\(personal) P:\(applications) R:\(reference) S:\(temp data) U:\ W:\ X:\ (they can be what you want)

You don't have to do my example

Or to be really clever later on i'm sure i can help or someone else can help to configure DFS

(1 step at a time)

 

[quolo]

Okay, sort of making progress out here. I finally got XP Pro on my own client computer so I can now use myself as a guinea pig.

Since I'm all administratery, I went ahead and connected to the domain and I got a nice, new blank profile to work with. Now I need to repopulate my domain profile with all the good stuff I had in my local profile. I think I'm really close.

I created a folder on the server called "Profiles" and gave everyone and their dog full rights to it. Then I went into Active Directory, My username, Properties, and under the "Profile" tab I pointed it to \\servername\profiles\%username%. And, much to my self-back-patting, when I logged myself out of the client computer and back in, a profile was created for myself in said folder. Woohoo!

Then, on my client computer, I logged in to the domain and went into Control Panel, System, and eventually found advanced settings for users and selected my local profile. Then I hit the "Copy to" button with the intention of copying my local profile over the blank domain profile. I browse on over to my new, shared "Profiles folder", it gives me the warning that the old one will be rewritten, sounds fine to me, and then I get an error message: Something about security permissions not being set. I checked and it sure seems to me like I have full access. What gives?

After that, I'm going to do Patty's GPO thing.

And then I am going to either do Girth's file structure thing or a DFS thing. I'd like to do it DFS style, if possible (it is a one or the other kind of deal, isn't it?), since, eventually, there will be other servers here too. The server has 2 hard drives I think, but 4 partitions: one called Exchange, one small one with the OS on it, and a couple with not very much on it. The three larger ones are all about 60-80 Gigs.

One last question: 200 Gigs or so doesn't sound like a ton of storage for a server. If I start tossing profiles into our domain, along will come all their My Documents files and stuff like that, won't it? I don't know if we can handle all of it, or that we'd even want to. I read up on something called "File Redirection" and how it works with "Roaming Profiles". Is that the solution?

Thanks again IT folks.

 

[GrnEyedLdy]

Quolo,

Just to clear up a few things.

When you went to the DC in question and entered a path on the Profiles tab of your user account, you in effect created a Roaming Profile for yourself. If you follow the same procedure for each user that will log into the domain, you will take up alot of server space...but each users complete Profile will 'roam' with him/her regardless of which computer they use to logon to the domain. (Since there profiles will be stored on the server).

If however you do not do this, each time a user logs into the domain, his Domain profile will be saved to the Local hard drive of the machine that the user is using to log into the domain. This way you will not clog up your server with user profiles. However, your users Profiles will not 'roam' with them. Does this make sense?

If you want to use the users existing local profile you can just copy their existing profile to their new Domain profile as you did with yours. Just browse for the location of their new domain profile on their local machine.

Hope this helps, let us know if you need any further clarification on this topic.

By the way, you are doing one heck of a good job for someone who has just been thrust into the world of Win2k without prior experience!

Have fun!

Patty

 

[GlenJohnson]

I envy you. When you've got a brand new server and setup, you can take chances. If you foul up in the beginning, just wipe the hardrive and start over. Good luck. Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us



"There is only one good: knowledge; and only one evil: ignorance."
Socrates (470- 399 BC); Greek philosopher.

 

[quolo]

I'm rooting for no wiping. Fully recoverable foul-ups sound just fine to me.

Thanks for the clarification on roaming profiles. I definitely don't want to tie up the server HD's and the bandwidth that way, so locally stored in-domain profiles sound like the way to go. However, when I try to "Control Panel/Server/Copy to" my local profile to another name (my domain username, for instance) on my local HD, I still get the error message saying I've failed to set security permissions. I've tried doing this logging in locally, in the domain, and as an administrator, but I get the same thing.

Now, I could just go into Windows Explorer and copy/paste the file folders, sure, but doesn't a profile also have an element in the registry, a registry hive or something like that? (sounds like bees, but I don't smell any honey). Would replicating a profile without the registry hive be a bad idea?

Go IT go! And thanks for the vote of confidence, Patty. Couldn't have done it without ya'll--server'd be a lamppost by now on my own.

 

[GrnEyedLdy]

Quolo,

Ok, let me start here...

Using this scenario,

1. Local user named Student01 logs on to the local machine.
2. After that user logs off, their profile is created and written to C:\Documents & Settings\Student01.
Next,
3. You create an account on the DC named Student01.
4. Student01 logs into the domain.
5. After that user logs off, their new domain profile is created and written to C:\Documents & Settings\Student01.DOMAINNAME.

Now, if you want to use the old Local profile settings, simply naviage to the C:\Documents & Settings\Student01 folder, click Edit, Select All and then right click and choose Copy.

Next navigate to the C:\Documents & Settings\Student01.DOMAINNAME folder, open the folder, right-click and choose Paste.
You will be asked if you want to overwrite the files that already exist with those names, just click 'Yes to all'.

One more thing, that folder contains many 'hidden files'. In order to do this you will need to enable your view to see those hidden files. To do this, open My Computer or Explorer and click Tools, Folder Options, View...Choose the radio button to 'Show Hidden Files and Folders'. Also uncheck the box for 'Hide Protected Operating System Files'.

Log on to the users computer (into the domain) using the Domain Administrator account.

Lots of fun in store for you!

Patty

 

[deik313]

Quolo, I am in the exact same position as you, except I'm not near as far along! I was given a Windows 2000 server to configure, too, for a small company, and no manual, just the installation CD. I've created the domain controller and the groups/users and I'm stuck at the "logging the client computers into the domain" step. I've read the responses here and I'm thoroughly confused. When you're done with your server, can you come over and configure mine?

 

[quolo]

I'm still struggling on the user profile migration issue. Here's where I am:

If I log in as the local user (Student01) and navigate to c:/Documents and Settings/ and show hidden files, then select all, copy all, navigate to student01.velocity, and then paste, most of the files go over. However, certain files claim to be "in use by another process" and therefore, won't copy. Among these is NTUser.DAT which sounds important.

Someone was trying to do something similar and got this advice. What do we think of all this stuff?

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_10327252.html

I don't want to mess around with the registry if I don't have to, but I tried the "copy to" thing mentioned and I couldn't get that to work, either.

I've logged in as Student01 local, Administrator local, Student01.domain, and Administrator.domain. Then, I go to Control Panel/System/Advanced tab/User Profiles-Settings/ Select the local Studen01 profile, select "Copy to", Populate the "Permitted to" box with Studen01's domain account, then try to copy the profile under a temporary name in C:\Documents and Settings. That's when I get that whole "Security permissions for destination file not set" error, which doesn't make sense to me.

I'll keep working with it to see if I can sort it out. Any help would be appreciated.


Deik313 - So glad to know I'm not alone. As the sage server admin I've become, here is my highly technical advice:

First, change your username thingy from "TechnicalUser" to "IT Director." Sure, it's not entirely accurate, but I say come out like a winner. Be the boss.

Secondly, if you haven't, check out Microsoft's Step-by-Step server series. They're actually pretty helpful to the total neophytes, like us.

http://www.microsoft.com/windows2000/techinfo/planning/walkthroughs/default.asp

And this site wasn't too bad.

http://www.comptechdoc.org/os/windows/win2k/index.html

And most importantly, buy Patty expensive presents. She's saving my buttocks.

Thanks guys.

Jeremy

 

[ScreeminChikin]

When you try to copy the profile information and you are getting an error, I think what is happening is that you are trying to manipulate the profile that you are logged in under right? Log in as local admin on that machine and then you can drop the stuff from the local profile to the domain user profile. But...I have tried that before and never met with much success. I pretty much just pick through and copy stuff like the desktop folder, favorites folder etc into the new domain user folder and then export all my mail accounts then import them under the domain users login.

 

[quolo]

You're right, I was logging in as the user I was trying to move at first. But even when I logged in under "Administrator", I had file in use errors.

Sounds like I'll do what you've done, just pick through and copy stuff over. Still, I'm an idealist and I just know there ought to be a better, cleaner, and more robust way to do it.

 

[ScreeminChikin]

You would think, but I've been down that road many times and have yet to find the easy way. I have successfully copied complete profiles like you are trying to do, but the final outcome was never quite as planned.