Microsoft Active Directory help...
 

I know this is generally against the rules, but I have googled until I can't take it anymore and I don't feel what I am looking for would be "taking away" or insulting TFP in any way.

Does anyone know if there is a message board out there geared tward Microsoft Active Directory? Installation, Setup, Maintaining, and general Group Policy questions?

Well, I don't know of any specifically, but I'm sure there are enough Windows admins around that you could post your questions here and if they don't know the answers, they can find them for you or point you in the right direction.

I would suggest getting books on Active Directory if you're needing help.

Also, I run AD here at the company I work for. I'd be happy to help you however I can.

Sometimes the Microsoft forums are up and running.

They seem to be running today anyway.

http://support.microsoft.com/newsgroups/default.aspx

Ok, well, in a nutshell, the admin before me setup a Linux PDC (openldap) and it took a shit. So I had to throw togther another PDC and we wanted to migrate to Microsoft AD anyways since we are an all Microsoft company (less our Linux router/vpn).

I got the machine formatted with Win2k3 Server, got AD going, got all the workstations on it and profiles copied over with no real issues. I did install the group policy manager so that I could go thru and set what we needed to set. Problem is, some users have issues where they cant visit sites va IE, others can't set their background image, others get frustrated because Sql Server manager and query analyzer don't remember any of the settings they put in. The easy way out (suggested by the boss) was to run a system startup script that added the "AllUsers" group I created to the local machines Administrators group, but clearly, this is not the end all be all answer.

We also have developers (including myself) that need Visual Studio.NET installed and allow full access to IIS to do ASP.NET work.

Clearly, I am a n00b at AD and need some help, but alas, the boss will not hire anyone else to do this. I am "the network guy" so I am trying to save my own sanity by setting this network up correctly.

Oh, and letting users install applications like AIM and WS_FTP and stuff would be nice too :) We don't really restrict what people install, I just don't want them to have full access to their machines to hose them (which, unfortunitly, keeps happening).

Ok, you need to have the Win2003 Administration Pack installed on your computer, makes things a lot easier. Also, it keeps you from having to log into your server everytime you want to do something, and you can just do it from your desk.

You need to setup a personalized MMC (microsoft management console) for yourself. After you install Win2003 Admin Pack, goto Run and type "MMC". This will bring you up a console. Go to File and then you can Add/Remove Snap ins from there. There is a great group policy editor that MS makes that I can send to you (that way you don't have to hunt all over the place for it). It's a snap in and makes things quick and easy.

You need to have an over all group policy that applies to everyone. This might be something like a computer lockdown policy, etc. The way I have our AD setup is like our company's organizational chart. I set shares and department directories via group policies (dependent on department). Things like permissions to shares and whatnot are set in AD.

AD isn't hard to learn how to use, it's using it to its fullest potential in making your job easier thats the difficult part.

Remember, I can send you the admin pak and gp snap-in along with a couple of other things of you wish.

By all means, please, send them :) I belive I have the gp snap in installed on the server. It's basicly like gpedit on WinXP, only on the AD server. If thats not it, then I would love to get ahold of it.

Thanks.

Ok, so I havent gotten the care package and still haven't figured my origional problem out.

Anyone have any suggestions?

What OS are the workstations running?

Bahhaha.. sounds like my school's network ... which I'll be maintaining soon

*extremely depressed smiley face *

Do users have admin rights on their boxes or do you set them up as Power Users?

I'm guessing the problems you mentioned are related to some users and not all users, is that right? Also, is it the box or the particular user?

I have not used it myself but MS does have stripped down version FAZAM, at http://www.microsoft.com/windows2000...azam2000-o.asp Or you can run Gpresult, download from MS, on the local machines you are having trouble with. It will give you a list of all group polices applied to a certain machine and there settings. I have used this one before works pretty good. Remember once you change GPO you can run gpupdate /force to apply to change w/o having to wait for it to update.