Adding Users and Computers to the Active Directory Domain

After the new Active Directory domain is established, create a user account in that domain to use as an administrative account. When that user is added to the appropriate security groups, use that account to add computers to the domain.

• To create a new user, follow these steps:
  
  
  • Click Start, point to Administrative Tools, and then click Active Directory Users and Computers to start the Active Directory Users and Computers console.
    
  • Click the domain name that you created, and then expand the contents.
    
  • Right-click Users, point to New, and then click User.
    
  • Type the first name, last name, and user logon name of the new user, and then click Next.
    
  • Type a new password, confirm the password, and then click to select one of the following check boxes:
    
    
    • Users must change password at next logon (recommended for most users)
      
    • User cannot change password
      
    • Password never expires
      
    • Account is disabled
      

    Click Next.
    

  • Review the information that you provided, and if everything is correct, click Finish.
    
• After you create the new user, give this user account membership in a group that permits that user to perform administrative tasks. Because this is a laboratory environment that you are in control of, you can give this user account full administrative access by making it a member of the Schema, Enterprise, and Domain administrators groups. To add the account to the Schema, Enterprise, and Domain administrators groups, follow these steps:
  
• On the Active Directory Users and Computers console, right-click the new account that you created, and then click Properties.
  
  
  • Click the Member Of tab, and then click Add.
    
  • In the Select Groups dialog box, specify a group, and then click OK to add the groups that you want to the list.
    
  • Repeat the selection process for each group in which the user needs account membership.
    
  • Click OK to finish.
    
• The final step in this process is to add a member server to the domain. This process also applies to workstations. To add a computer to the domain, follow these steps:
  
• Log on to the computer that you want to add to the domain.
  
  
• Right-click My Computer, and then click Properties.
  
• Click the Computer Name tab, and then click Change.
  
• In the Computer Name Changes dialog box, click Domain under Member Of, and then type the domain name. Click OK.
  
• When you are prompted, type the user name and password of the account that you previously created, and then click OK.
  
  A message that welcomes you to the domain is generated.
  
• Click OK to return to the Computer Name tab, and then click OK to finish.
  
• Restart the computer if you are prompted to do so.

Troubleshooting

You Cannot Open the Active Directory Snap-ins
After you have completed the installation of Active Directory, you may not be able to start the Active Directory Users and Computers snap-in, and you may receive an error message that indicates that no authority can be contacted for authentication. This can occur if DNS is not correctly configured. To resolve this issue, verify that the zones on your DNS server are configured correctly and that your DNS server has authority for the zone that contains the Active Directory domain name. If the zones appear to be correct and the server has authority for the domain, try to start the Active Directory Users and Computers snap-in again. If you receive the same error message, use the DCPROMO utility to remove Active Directory, restart the computer, and then reinstall Active Directory. I also provided you with a video of how to add users to Active Directory:

Local user accounts

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Local user accounts

The Users folder located in the Local Users and Groups Microsoft Management Console (MMC) displays the default user accounts as well as the user accounts you create. These default user accounts are created automatically when you install a stand-alone server or member server running Windows Server 2003. The following table describes each default user account on servers running Windows Server 2003.

Default user account		Description
Administrator account		The Administrator account has full control of the server and can assign user rights and access control permissions to users as necessary. This account must be used only for tasks that require administrative credentials. It is highly recommended that you set up this account to use a strong password. For more information, see Strong passwords [ http://technet.microsoft.com/en-us/library/cc756109(WS.10).aspx ] . For additional security considerations for accounts with administrative credentials, see Local Users and Groups Best practices [ http://technet.microsoft.com/en-us/library/cc781451(WS.10).aspx ] . The Administrator account is a member of the Administrators group on the server. The Administrator account can never be deleted or removed from the Administrators group, but it can be renamed or disabled. Because the Administrator account is known to exist on many versions of Windows, renaming or disabling this account will make it more difficult for malicious users to try and gain access to it. For more information about how to rename or disable a user account, see Rename a local user account [ http://technet.microsoft.com/en-us/library/cc738626(WS.10).aspx ] and Disable or activate a local user account [ http://technet.microsoft.com/en-us/library/cc781924(WS.10).aspx] . The Administrator account is the account you use when you first set up the server. You use this account before you create an account for yourself. Important Even when the Administrator account has been disabled, it can still be used to gain access to a computer using Safe Mode.
Guest account		The Guest account is used by people who do not have an actual account on the computer. A user whose account is disabled, but not deleted, can also use the Guest account. The Guest account does not require a password. The Guest account is disabled by default, but you can enable it. You can set rights and permissions for the Guest account just like any user account. By default, the Guest account is a member of the default Guests group, which allows a user to log on to a server. Additional rights, as well as any permissions, must be granted to the Guests group by a member of the Administrators group. The Guest account is disabled by default, and it is recommended that it stay disabled.
HelpAssistant account (installed with a Remote Assistance session)		The primary account used to establish a Remote Assistance session. This account is created automatically when you request a Remote Assistance session and has limited access to the computer. The HelpAssistant account is managed by the Remote Desktop Help Session Manager service and will be automatically deleted if no Remote Assistance requests are pending. For more information about Remote Assistance, see Administering Remote Assistance [ http://go.microsoft.com/fwlink/?linkid=38569] .