Re: New Install, how to authenticate users and rights?



In news:C268B628-86FB-4579-B179-1484D5CF2B23@xxxxxxxxxxxxx,
mkygrn <mkygrn@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
> Miha,
>
> Installing DNS did the trick, I greatly appreciate your assistance.
>
> Do you know how to automate the creation of users home directories
> located on a seperate server?

Set up the share (users$) and specify \\server\users$\%username% in the ADUC
properties. Make sure the share properties have everyone=full control, and
administrators & system have full control in the NTFS permissions. The
folder should be set up properly and the permissions modified when the user
is created or the ADUC properties are updated, IIRC....

>I would like to be able to create a new
> user on the domain controller and automatically create a folder on
> the file server by designing a template. I tried using in the template
> \\servername\profiles\%username%

That would be for roaming profiles, not home directories - here's my
boilerplate on roaming profiles.

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing.
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles$\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.

Notes:

* Make sure users understand that they should never log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out
wins, when it comes to uploading the final, changed copy of the profile.

* Keep your profiles TINY. Redirect My Documents
to a subfolder of each user's home directory on the server - either via
group policy (folder redirection) or manually (less advisable). If you
aren't going to also redirect the desktop using policies, tell people that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

* Do not let people store any data locally - all data belongs on the server.

>
> Any advice?
>
> Thanx again....
>
> "Miha Pihler [MVP]" wrote:
>
>> Yes, but if you set up domain controller -- you must have Active
>> Directory DNS... There is no (working) Active Directory domain
>> without Active Directory DNS.
>>
>> Even clients use DNS to locate domain controllers and other services
>> inside the domain and sites...
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "mkygrn" <mkygrn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:0749426C-73CE-42C8-87C9-DF03A958FE38@xxxxxxxxxxxxxxxx
>>> Miha,
>>>
>>> Thanx for the response. DNS is actually running on a totally
>>> seperate member
>>> server which houses our email system.
>>>
>>> "Miha Pihler [MVP]" wrote:
>>>
>>>> Hi,
>>>>
>>>> It looks to me like your new server can't see domain (domain
>>>> controller).
>>>>
>>>> How did you set up DNS on this server and how did you set up DNS on
>>>> domain
>>>> controller (where do they point for DNS resolution)?
>>>>
>>>> --
>>>> Mike
>>>> Microsoft MVP - Windows Security
>>>>
>>>> "mkygrn" <mkygrn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:1B0A8105-3235-46A1-9636-64B20D8C707B@xxxxxxxxxxxxxxxx
>>>>> I'm new to the Windows world, converting from Novell. I've
>>>>> installed a few
>>>>> new servers and have set up a domain controller with AD, then
>>>>> have a separate
>>>>> file server which I've joined to the domain. When I go to create
>>>>> users home
>>>>> directories on the file server I cannot assign user permissions
>>>>> on the individual folders because the users haven't propagated
>>>>> from the domain controller. I cannot browse or assign rights to
>>>>> the users on the file server
>>>>> of the users I created on the domain controller.
>>>>>
>>>>> Please help, what have I done wrong?


.

Relevant Pages

  • Re: Printer problems with AD
    ... When you go on the print server and to that particular printer you ... DNS set up correctly? ... > mixed enviroment of XP and win98 Workstations. ... > have roaming profiles running with about 600 users. ...
    (microsoft.public.win2000.active_directory)
  • Re: Migrating a few workstations from NT 4 to 2003
    ... So if you post the DNS problem/error we can see to fix it. ... We have two development machines running Windows XP that log onto an ... I want to turn off the NT 4 server because it's 10+ years ... As far as I can tell it just stores their profiles, ...
    (microsoft.public.windows.server.migration)
  • Re: Slow loading profiles
    ... I am not sure how large the profiles are at the moment.. ... Inside domain DNS is used to find domain controllers, ... If clients point to e.g. ISP for DNS information then they ... > even enter 127.0.0.1) as preferred DNS server. ...
    (microsoft.public.windows.server.general)
  • Re: Final step?
    ... then does making the machine join the domain mess up the user ... Old profiles will still be there from when the use logged onto ... >> Usually it is a DNS problem. ... >> Accelerated MCSE ...
    (microsoft.public.windows.server.migration)
  • Re: Windows cannot update your roaming profile. Contact your network administrator
    ... This newsgroup is for questions about forms in Access, ... We have recently promoted a w2k server to a domain controller by running ... directory which point to the profiles share on the w2k server. ... I have looked at the share level permissions which are everyone full control ...
    (microsoft.public.access.forms)
Quantcast