Servers - Configuring Active Directory will give you more options than a
standalone server can.
Open the Active Directory Users and Computers console located in the
Administrative Tools from the Programs listing.
If you look at the hierarchy you can use
the set up as is or you can customize it with your own hierarchy. Create
your base container and add the other containers underneath. Once you have
decided on your hierarchy then the only thing left to do is to do it!
You can name the parent container anything you like, you will be doing a lot of
work in it.
Servers - Configuring Active Directory Instructions:
If you have a small domain (less than 10 users) you can put your user ID's in
the user container (all the folders in the AD interface are called containers,
they look like folders but are not).
If you anticipate that you will have more users then create a new container for
the domain. You can create containers for each of your departments, cities, or
states under the parent container.
Name and create your containers that fits your business logic, if you are only
in one city then you might want the containers to be departmental.
If you have locations in different cities but very few states then create your
containers by the city then under that the departments, and so on.
Consider how your users will access the resources of the domain.
you can control each user ID's access to the resource. You can create the
container under your new domain container along with the computers, user(s),
After setting up your container hierarchy you can work on the domain user ID's.
Unless you know how to set up a user ID (it is a little different from a user ID
on a standalone system) use the help function built into the AD Console.
Note: You will
want to insure that there are other user ID's that have Administrator
association, don't go overboard just users that
you can trust with the security of your domain.
Next Groups, this is the meat of the security.
You control who gets access to what resource through the Group function.
set up each group by function, department, city, state, or what you think is
appropriate. You use groups to set security on your
Servers - Configuring Active Directory
You wouldn't want a worker on the assembly line to
have access to the a sensitive server or folder, but would want the a supervisor
to have access to create reports.
Next you should think about creating containers for computers, printers, and
servers (if you have more than two servers). This will simplify your
administrative tasks. You can assign security to each Group then that security
can be assigned to the objects in the container.
Servers - Configuring Active Directory
Note: When you join a
computer to the domain it will reside in the Domain
computers container. If you have a custom hierarchy with workstations
and/or servers you will have to move the new computer name to one of these
containers. A way around this is to create the computer
name in the appropriate container before joining it to the domain.
Sample: you have a department with fifteen users, of those three are
supervisors. So you would create the container by department name, under that
create two more containers. One for the supervisors and one for the workers. You
put the three supervisors in the supervisor container and the workers in the
worker container. Then you can assign rights to the supervisor Group to a folder
on the server called reports. The workers will not have access to the folder
Parts of this Servers - Configuring Active Directory
are from the Build a Server Guide.
Sample: You have three servers and thirty workstations. You create a container
called Servers and one called Workstations. You move the servers into the server
container and the workstations into the workstation container. You have two
Domain Administrators but only one that will work on Servers and both will work
on workstations. You give the one administrator access
to the server Group and workstation Group. The workstation Group you
give access to both. Thus the administrator that has workstation access can not
log on to the servers.
Sample: You have five printers. Four are for everyone's use but the super-duper
color printer is very expensive to operate. How do you insure that only certain
users can access the color printer? You create one container for the
printers. You give access to the color Group only to the users that require
color printing. You give access to the other printer Group to all users.
This is a short guide not to be construed as a complete working of
Active Directory. If you need more help it is
available with the help function. There are very comprehensive books available
for a complete run down on how to use Active Directory.
As you can see a Domain will allow you to
control who uses what, who access a high value resource or confidential files.
By the way ...
When your server is down you want to fix correctly and quickly
not introduce more problems with an old ERD... Make your custom Emergency
Repair Disk (ERD) BEFORE you need it! Check this out.