Hi all,
We have 25 Win XP Pro clients, a Win 2003 Standard server running Exchange 2003 set up as PDC, and another Win 2003 standard server acting as a file server.
All the clients are configured with local accounts. We would like to move from this set-up to having everyone log in to the domain, so that we can have control over users password policies and make it easier to set-up new PC's.
I'm completely new to Active Directory, and have inherited everything from an IT employee who's left. Needless to say, I have a few questions:
1) Everyone already has an account on the domain and a mailbox. Logging into to the domain account from their PC is treated like a new user, and therefore all their settings created under their local account are lost. Is there any way of avoiding having to set-up each users personal settings again?
2) Looking in 'Active Directory Users & Computers', my predecessor configured an OU (I think that's what they're called, they look like folders!) under the domain called 'Exchange Users' and another OU within this called 'Local'. Within 'Local' are all 25 user accounts. Looking in the 'Group Policy Snap-in' there is only a 'Default Domain Policy' and no other policies or settings created/configured.
Is it safe for me to create some new OU's that follow our department structure (accounts, sales, warehouse, etc.) and then drag-and-drop the users from 'Local' into these OU's and use 'Create and Link a GPO' within the Group Policy Management on each of these departments to specify individual policies? Do I modify the 'Default Domain Policy' to contain settings that apply to everyone (for example, password length, age etc.), and then create an individual policy on each of the department OU's to contain department specific settings?
3) I want to give some users the ability to create/delete printers and add/remove programs. How do I go about doing this, as I can't see any options in the domains policies.
I've got a spare PC and set up a few user accounts to test everything before I change actual users!
Many thanks for taking the time to read through, I know it's a lot to ask!
Regards,
Darren
We have 25 Win XP Pro clients, a Win 2003 Standard server running Exchange 2003 set up as PDC, and another Win 2003 standard server acting as a file server.
All the clients are configured with local accounts. We would like to move from this set-up to having everyone log in to the domain, so that we can have control over users password policies and make it easier to set-up new PC's.
I'm completely new to Active Directory, and have inherited everything from an IT employee who's left. Needless to say, I have a few questions:
1) Everyone already has an account on the domain and a mailbox. Logging into to the domain account from their PC is treated like a new user, and therefore all their settings created under their local account are lost. Is there any way of avoiding having to set-up each users personal settings again?
2) Looking in 'Active Directory Users & Computers', my predecessor configured an OU (I think that's what they're called, they look like folders!) under the domain called 'Exchange Users' and another OU within this called 'Local'. Within 'Local' are all 25 user accounts. Looking in the 'Group Policy Snap-in' there is only a 'Default Domain Policy' and no other policies or settings created/configured.
Is it safe for me to create some new OU's that follow our department structure (accounts, sales, warehouse, etc.) and then drag-and-drop the users from 'Local' into these OU's and use 'Create and Link a GPO' within the Group Policy Management on each of these departments to specify individual policies? Do I modify the 'Default Domain Policy' to contain settings that apply to everyone (for example, password length, age etc.), and then create an individual policy on each of the department OU's to contain department specific settings?
3) I want to give some users the ability to create/delete printers and add/remove programs. How do I go about doing this, as I can't see any options in the domains policies.
I've got a spare PC and set up a few user accounts to test everything before I change actual users!
Many thanks for taking the time to read through, I know it's a lot to ask!
Regards,
Darren
