Need a crash course in Active Directory...

Lithium · 21 Jan 2010 at 10:45

Never used AD, it's all a mystery to me.

Anyway so I'm doing a bit of self learning here and I've got myself two Windows 2008 VM's setup.

In my mind this is how i want it to work.

1. Setup domain controller and create domain.
2. Join server to the domain.
3. create user, give administrator rights on domain.
4. user can now logon to any server that is a member of the domain.

I'd also like to be able to have users that aren't administrators login to say specific servers etc..

Essentially I just want to use the basic user management of AD to track, log and control access to servers. Surely it can't be that hard can it?

But for example I can't login to the server remotely using the domain Administrator account and I can't see a check box that will allow it.

IAmATeaf · 21 Jan 2010 at 12:03

You need to enable Remote Desktop, if it's not already enabled then add users/groups to the Remote Desktop group (or something similar) but I would have thought a Domain Admin user should have this already.

Not too sure on this but the only way you can get people to log on locally to a server is to create load accounts, sort of defeats the idea behind a domain to some extent.

Guest2 · 21 Jan 2010 at 12:24

As above, probably need to just enable remote desktop. (system properties > remote if you dont know)

Django x2 · 21 Jan 2010 at 14:53

You should get familiar with OUs and create an OU for "users" that does not affect the users given to AD by default. I have an "Office" OU which contains my users, restricted users and admins.

Visit the petri site for some great AD guides and hands on tutorials.

However, for RDP, you need to enable it on the server first. But, as Admin (either local or domain) you will have immediate access to it via RDP. You can add other users as you need to.

Need more help, just shout

Lithium · 21 Jan 2010 at 17:17

Ahh I think I'm getting the idea now....

I kind assumed that if I create a user and add him to the Administrators group within the domain that I would automatically have access to anything within the domain.

Now it's clicked that I first have to add that user, or a group, to the Local Administrators group first (as well as the local remote desktop permissions area)

It's all working as expected. Will do some reading on OU's but so far it looks fairly simple to accomplish what I want... and from there I can look at other functionality.