Re: AD Setup Checklist: Request for Comments
From: Al Mulnick (amulnick_No_SPAM_at_ncDOTrr.com)
Date: 03/22/05
- Next message: Al Mulnick: "Re: NT4 to Windows 2003 AD Migration Question"
- Previous message: Al Mulnick: "Re: Domain Admins and LDAP search"
- In reply to: bonehead: "Re: AD Setup Checklist: Request for Comments"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 21 Mar 2005 21:28:38 -0500
No, it's the other way around. The domain admins group is added to the
local administrators group of the machine added by default. You could of
course change the behavior, but I can't think why you would in that setup.
File and print is part of the server. Unless you go out of your way, F/P is
there in a default installation.
Domain users gain access to workstations by being a member of the domain
users group or at least authenticated users (special groups).
The workstations by default will grant access to domain users for logon as
part of being a member of the domain. It would be very difficult for large
enterprises to have to put a domain account into the local SAM for every
workstation.
Copying the settings of the profile might be a little trickier. You may be
able to get what you want from the transfer your settings wizard that comes
on the XP CD.
Al
"bonehead" <sendmenospam@here.net> wrote in message
news:d1ks08$5vu$1@gondor.sdsu.edu...
> Thanks for taking the time to read the entire thing and reply.
>
> Al Mulnick wrote:
>> 2 & 3 Not quite sure what you're after here and for 3 you're only
>> installing IIS (File services is a given).
>
> On 2, I had heard from a friend who said after his first experience with
> this that you can't necessarily presume that the local admin account on
> the server has been added to the Domain Admins group after you promote the
> machine to a DC. Maybe this is a little too anal?
>
> On 3, I wasn't aware that file services are a given. Is the file service
> turned on by default when you install Server2K3? Or is it turned on by
> some other process, i.e. by setting up AD or installing IIS?
>
>> 8 & 9
>> You won't need to add a domain user account to login. That comes with
>> domain membership. Also, the domain admins group gets added as does the
>> DNS suffix (all of this by default) on joining a domain. This set of
>> steps may be unneccesary in your setup.
>
> On 8, (starting with parts 7 and 8), this is probably the part I'm still
> fuzziest about. I'm interpreting your comment to mean that, if the
> workstation has been added to the domain, and there is a domain user
> account in the AD, then the user should be able to log into the domain
> from the workstation, via the domain user account. It's not necessary to
> have a local copy of the domain user account on the workstation. Yes | No
> | Explain?
>
> On 9, this is the other part that I'm still fuzzy about. I probably should
> have clarified that there already is local user account on the workstation
> with a customized desktop, and I would like this same desktop to be copied
> over to the domain user account (again, this account will only be used on
> the one workstation). I recognize that any changes made subsequent to this
> on either account will not be reflected in the other unless the profile is
> copied back over again.
>
> So it seems that it would simply be a matter of copying the local user
> profile from the workstation's local account, to the domain user account
> which is sitting on the server. Yes | No | Explain how to step-by-step?
>
>> I didn't see the install of .NET studio on XP, but assume that's also a
>> given.
>
> Correct.
>
>> In the end, you'll have a server that is a single entity. That will
>> change your results slightly in my opinion, from what you might see if
>> the roles were separated. Likely not enough to affect your app
>> development, but something to be aware of.
>
> Understood. I only have the two machines in my test environment to work
> in, the server PC and the workstation PC. In a real production
> environment, I would certainly split out the roles of Domain Controller,
> Web sever, database server, and file server across four machines. This is
> just for testing and learning.
>
> And thanks again for the help.
- Next message: Al Mulnick: "Re: NT4 to Windows 2003 AD Migration Question"
- Previous message: Al Mulnick: "Re: Domain Admins and LDAP search"
- In reply to: bonehead: "Re: AD Setup Checklist: Request for Comments"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
