Servers - Configuring Active Directory

Diy-Computer-Repair can help!

Portions of this page were extracted from Build a Server Guide.

If you look at the hierarchy you can use the set up as is or you can customize it with your own hierarchy.  Create your base container and add the other containers underneath. Once you have decided on your hierarchy then the only thing left to do is to do it! You can name the parent container anything you like, you will be doing a lot of work in it.

If you have a small domain (less than 10 users) you can put your user id's in the user container (all the folders in the AD interface are called containers, they look like folders but are not). If you anticipate that you will have more users then create a new container for the domain. You can create containers for each of your departments, cities, or states under the parent container. Name and create your containers that fits your business logic, if you are only in one city then you might want the containers to be departmental. If you have locations in different cities but very few states then create your containers by the city then under that the departments, and so on.

Fix It! Your DIY Computer Repair Newsletter! Click here to get your copy of Fix It!

Consider how your users will access the resources of the domain. Using Groups you can control each user id's access to the resource. You can create the container under your new domain container along with the computers, user(s), groups, and printers.

After setting up your container hierarchy you can work on the domain user id's. Unless you know how to set up a user id (it is a little different from a user ID on a standalone system) use the help function built into the AD Console. 

Note: You will want to insure that there are other user id's that have Administrator association, don't go overboard just users that you can trust with the security of your domain.

Next Groups, this is the meat of the security. You control who gets access to what resource through the Group function. You can set up each group by function, department, city, state, or what you think is appropriate. You use groups to set security on your resources. You wouldn't want a worker on the assembly line to have access to the a sensitive server or folder, but would want the a supervisor to have access to create reports.

Next you should think about creating containers for computers, printers, and servers (if you have more than two servers). This will simplify your administrative tasks. You can assign security to each Group then that security can be assigned to the objects in the container.

Note: When you join a computer to the domain it will reside in the Domain computers container. If you have a custom hierarchy with workstations and/or servers you will have to move the new computer name to one of these containers. A way around this is to create the computer name in the appropriate container  before joining it to the domain.

Sample: you have a department with fifteen users, of those three are supervisors. So you would create the container by department name, under that create two more containers. One for the supervisors and one for the workers. You put the three supervisors in the supervisor container and the workers in the worker container. Then you can assign rights to the supervisor Group to a folder on the server called reports. The workers will not have access to the folder called reports.

Sample: You have three servers and thirty workstations. You create a container called Servers and one called Workstations. You move the servers into the server container and the workstations into the workstation container. You have two Domain Administrators but only one that will work on Servers and both will work on workstations. You give the one administrator access to the server Group and workstation Group. The workstation Group you give access to both. Thus the administrator that has workstation access can not log on to the servers.

Sample: You have five printers. Four are for everyone's use but the super-duper color printer is very expensive to operate. How do you insure that only certain users can access the color printer? You create one container for the  printers. You give access to the color Group only to the users that require color printing. You give access to the other printer Group to all users.

This is a short guide not to be construed as a complete working of Active Directory.  If you need more help it is available with the help function. There are very comprehensive books available for a complete run down on how to use Active Directory.

As you can see a domain will allow you to control who uses what, who access a high value resource or confidential files.

Q and A This site contains a lot of information. As with any publication not all information is available due to space, time, or subject constraints. If you have a question that you did not find the answer on this web site  you a can ask your question here and we will endeavor to get you the most up to date answer possible!

Free Stuff!

Thank you for visiting my web site, and please come back again.

If you find this Web Site useful, feel free to recommend it to a friend.

Return to previous page



 

This website is not intended for children under the age of 18 Home   Support   About owner   Site Map Why I use SBI  Privacy Policy   Disclaimer