Adding Users and Computers to the Active Directory Domain

After the new Active Directory domain is established, create a user account in that domain to use as an administrative account. When that user is added to the appropriate security groups, use that account to add computers to the domain.

• To create a new user, follow these steps:
  
  
  • Click Start, point to Administrative Tools, and then click Active Directory Users and Computers to start the Active Directory Users and Computers console.
    
  • Click the domain name that you created, and then expand the contents.
    
  • Right-click Users, point to New, and then click User.
    
  • Type the first name, last name, and user logon name of the new user, and then click Next.
    
  • Type a new password, confirm the password, and then click to select one of the following check boxes:
    
    
    • Users must change password at next logon (recommended for most users)
      
    • User cannot change password
      
    • Password never expires
      
    • Account is disabled
      

    Click Next.
    

  • Review the information that you provided, and if everything is correct, click Finish.
    
• After you create the new user, give this user account membership in a group that permits that user to perform administrative tasks. Because this is a laboratory environment that you are in control of, you can give this user account full administrative access by making it a member of the Schema, Enterprise, and Domain administrators groups. To add the account to the Schema, Enterprise, and Domain administrators groups, follow these steps:
  
• On the Active Directory Users and Computers console, right-click the new account that you created, and then click Properties.
  
  
  • Click the Member Of tab, and then click Add.
    
  • In the Select Groups dialog box, specify a group, and then click OK to add the groups that you want to the list.
    
  • Repeat the selection process for each group in which the user needs account membership.
    
  • Click OK to finish.
    
• The final step in this process is to add a member server to the domain. This process also applies to workstations. To add a computer to the domain, follow these steps:
  
• Log on to the computer that you want to add to the domain.
  
  
• Right-click My Computer, and then click Properties.
  
• Click the Computer Name tab, and then click Change.
  
• In the Computer Name Changes dialog box, click Domain under Member Of, and then type the domain name. Click OK.
  
• When you are prompted, type the user name and password of the account that you previously created, and then click OK.
  
  A message that welcomes you to the domain is generated.
  
• Click OK to return to the Computer Name tab, and then click OK to finish.
  
• Restart the computer if you are prompted to do so.

Troubleshooting

You Cannot Open the Active Directory Snap-ins
After you have completed the installation of Active Directory, you may not be able to start the Active Directory Users and Computers snap-in, and you may receive an error message that indicates that no authority can be contacted for authentication. This can occur if DNS is not correctly configured. To resolve this issue, verify that the zones on your DNS server are configured correctly and that your DNS server has authority for the zone that contains the Active Directory domain name. If the zones appear to be correct and the server has authority for the domain, try to start the Active Directory Users and Computers snap-in again. If you receive the same error message, use the DCPROMO utility to remove Active Directory, restart the computer, and then reinstall Active Directory. I also provided you with a video of how to add users to Active Directory:

An Introduction to Microsft Active Directory

Let us first consider workgroup networks,and then go to Domains and Active Directory.
Workgroups are networks in which each computer can have both server and clinet role.What I mean is that they can both share resources and make use resources shared by other computers.This kind of network is good when we need one in small scale,and when Security is not important.Here,users can easily use network resources,change their settings such as:Usernames,Passwords,... .This is because they have a database called:Local security Database(LSD) on their systems,which stores the local computer'ssecurity information.Every time a user wants to log on,the information provided by that user is comared to those in the LSD.If thet matched,a token in issued to that user and he/she will be allowed to enter the system.(I will exlain the authentication and authorization process in a seperate post).
This kind of network has many shortcomings among which the below things are more important:

1. Workgroups increase administrator's workload.Because the admin should set properties on computers one-by-one.Each user account should be created on all of the system to which that specific user need to logon,... .
2. Security is in it's lowest level.Users can adjust their system's properties,... as they wish.Imagine a novice logs on to your workgroup.Or a user with devilish wills.The only thing remains for you is the trouble made by these two.

This issues lead to making an other network called :Domain network.With domins you can easily manage thousands of thousands of object in your network;Including :user accounts,group accounts,Computer accounts,Printers,... .How?I tell you.

When you decide to implement a domain,the only thing you need a windows server CD.and a computer to install active directory on it (from that time on,the computer is called domain controller or DC).easy.isn't it?

Now,let us see how it works.

Unlike Workgroups,we don't have LSDs in domain networks.Instead we have something called:Domain Securtiy Database(DSD),in which stored is information about all of the objects on our network;including:User accounts,Group accounts,printers,...).In order to log on to network,users must first join to the domain.From that time on,if a user wants to log on,the information provided by that user will be compared to those stores in DSD.If the matched,the token will be issued and user can log on.

We can increase security by defining policies on the whole domain,so we don't have security issues in the future.Easy life.Isn't it?

And as far as domains are concerned,administrators' workload is decreased too much.because you set everything on one system,just one time.

be content.

Installing Active Directory

This post shows you how to install Active Directory.(To view larger images,easily click on them)

STEP 1: Login to the box either locally via console, or through RDP
STEP 2: Go to Start -> Run and type in "dcpromo"



STEP 3: For most cases you will select "Domain Controller for a new domain"

STEP 4: For most cases you will select "Domain in a new forest"



STEP 5: Enter in the FQDN (fully qualified domain name) that you want to use. For example, if your domain was to be called Domain.Com, you would enter Domain.Com. You can also use non existant name spaces such as Domain.Local, or Domain.abc
Afterwards it will also allow to set the NETBIOS name. This is almost always the same name you entered above, only with out the .com (.local, .abc, etc).

STEP 6: The next two screens will be where to place file repositories and service folders. You can accept the defaults.

STEP 7: Some users may now get presented with a DNS screen asking you to configure DNS, or to do it later. Select the middle option (Install and configure for me).

STEP 8: Select the permission type you would like. There are two options. If you will only be using Windows 2003 Server and Windows XP or newer, then select the Second option. otherwise, you would need to use the first option.

STEP 9: Pick a "Directory Services Restore" password. Hopefully you will never have to use this as its quite messy for the inexperienced. In either case, Remember this password.If you want to recover your Active Directory,You will need this password.



STEP 10: At this point in the installation you are presented with a basic "Sumary" page listing the options you have selected. Make sure these are set properly before continuing. once you select "Next", active directory will begin to install, and once it does you will not be able to stop, and you will have to first uninstall in order to go back and fix any problems or misconfigurations later.

STEP 11: Active Directory will take a while, it could be a couple minutes, or as much as half an hour. Once it is done you will have to reboot.

Some useful tips and Warnings:
-Install DNS before installing Active Directory
-Create an additional local admin account if you do not already have one before installation. This account will still be there after AD install, and you can use it to login in case of trouble.
-I highly recomend not changing the NETBIOS name unless you know what you are doing.
-If something happens to your domain controller and you forget the Directory Services Restore password, you may as well reformat.

Add or upgrade server roles by using Manage Your Server

Applies To: Windows Server 2003 R2, Windows Server 2003 with SP2

After Setup is complete, you can add or upgrade server roles by using Manage Your Server. The File server role and the Print server role contain updates with Windows Server 2003 R2. Additionally, the Windows® SharePoint® Services role is a new server role with Windows Server 2003 R2.

To add or upgrade server roles by using Manage Your Server

• Log on to the computer as an administrator.
  
• Click Start, click Administrative Tools, and then click Manage Your Server.
  
• Click Add or remove a role.
  
• Follow the instructions in Configure Your Server Wizard. When you get to the Server Role page, select one of the following roles:
  
  • File Server
    
    
    Windows Server 2003 R2 components for file server include File Server Management, DFS Management, DFS Replication Service, File Server Resource Manager, Storage Management for SANs, Microsoft Services for Network File System, and Services for Macintosh.
    
  • SharePoint Services
    
    
    Windows Server 2003 R2 components for SharePoint Services includes Windows SharePoint Services.
    
  • Print Server
    
    
    Windows Server 2003 R2 component for Print Server is Print Management.
    
• The Configure Your Server Wizard will install the components associated with the role that you select.
  

Command-line options for installing Windows Server 2003 R2

You can define the way Windows Server 2003 R2 is installed by using the following command-line options when you run Setup2.exe. These options are not case-sensitive.

Option	Description
/q or /quiet	Specifies that Windows Server 2003 R2 will be installed in quiet mode, without a user interface. When you use this option, no prompts appear during the installation process.
/p: ProductKey or /productkey: ProductKey	Specifies the Product Key that should be used to install Windows Server 2003 R2. This parameter is required if you have not yet entered a Windows Server 2003 R2 Product Key. ProductKey must be specified in the AAAAA-AAAAA-AAAAA-AAAAA-AAAAA format.
/a or /accepteula	Specifies that you accept the EULA. This parameter is required if you did not use Disc 1 to install Windows Server 2003. By using this option you are agreeing that you have read and accepted the terms of the applicable End User License Agreement (EULA) for Windows Server 2003 R2. You can find the following files in the \Cmpnents\R2 folder of Disc 2. If you have received this product from an original equipment manufacturer (OEM), the applicable EULA is Eula_oem.txt. If you have acquired the product in a retail store, the applicable EULA is Eula_retail.txt. If you have an evaluation copy of Windows Server 2003 R2, the applicable EULA is Eula_eval.txt. Important If you are not the end-user of this computer, before you use this option you will need to first verify that the end-user (whether an individual or an organization) has received, read, and accepted the terms of the Windows Server 2003 R2 EULA.
/cs or /createshortcut	Creates a shortcut on the desktop to a document that describes the new Windows Server 2003 R2 components.
/sr or /suppressreboot	Suppresses restart after the installation of Windows Server 2003 R2 is complete.
/?	Displays the command-line options that you can use to install Windows Server 2003 R2.
Note:If you are using Setup2.exe in a script or answer file, you should start your command with cmd /c. This ensures that Windows Server 2003 R2 Setup is complete before executing the next command, for example:cmd /c setup2.exe /q /a /p:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /cs Note:For information about how to create and modify the Unattend.txt file and to perform an unattended installation of Windows Server 2003 R2, see "Automating Windows Server 2003 R2 Setup" in Deploy.chm located in the \Docs folder of Windows Server 2003 R2 Disc 2.