asshopo

I know this is generally against the rules, but I have googled until I can't take it anymore and I don't feel what I am looking for would be "taking away" or insulting TFP in any way.

Does anyone know if there is a message board out there geared tward Microsoft Active Directory? Installation, Setup, Maintaining, and general Group Policy questions?

__________________
Patterns have a habit of repeating themselves.

hrdwareguy

Well, I don't know of any specifically, but I'm sure there are enough Windows admins around that you could post your questions here and if they don't know the answers, they can find them for you or point you in the right direction.

__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today

bendsley

I would suggest getting books on Active Directory if you're needing help.

Also, I run AD here at the company I work for. I'd be happy to help you however I can.

__________________
"You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane."

vanblah

Sometimes the Microsoft forums are up and running.

They seem to be running today anyway.

http://support.microsoft.com/newsgroups/default.aspx

asshopo

Ok, well, in a nutshell, the admin before me setup a Linux PDC (openldap) and it took a shit. So I had to throw togther another PDC and we wanted to migrate to Microsoft AD anyways since we are an all Microsoft company (less our Linux router/vpn).

I got the machine formatted with Win2k3 Server, got AD going, got all the workstations on it and profiles copied over with no real issues. I did install the group policy manager so that I could go thru and set what we needed to set. Problem is, some users have issues where they cant visit sites va IE, others can't set their background image, others get frustrated because Sql Server manager and query analyzer don't remember any of the settings they put in. The easy way out (suggested by the boss) was to run a system startup script that added the "AllUsers" group I created to the local machines Administrators group, but clearly, this is not the end all be all answer.

We also have developers (including myself) that need Visual Studio.NET installed and allow full access to IIS to do ASP.NET work.

Clearly, I am a n00b at AD and need some help, but alas, the boss will not hire anyone else to do this. I am "the network guy" so I am trying to save my own sanity by setting this network up correctly.

__________________
Patterns have a habit of repeating themselves.

asshopo

Oh, and letting users install applications like AIM and WS_FTP and stuff would be nice too We don't really restrict what people install, I just don't want them to have full access to their machines to hose them (which, unfortunitly, keeps happening).

__________________
Patterns have a habit of repeating themselves.

bendsley

Ok, you need to have the Win2003 Administration Pack installed on your computer, makes things a lot easier. Also, it keeps you from having to log into your server everytime you want to do something, and you can just do it from your desk.

You need to setup a personalized MMC (microsoft management console) for yourself. After you install Win2003 Admin Pack, goto Run and type "MMC". This will bring you up a console. Go to File and then you can Add/Remove Snap ins from there. There is a great group policy editor that MS makes that I can send to you (that way you don't have to hunt all over the place for it). It's a snap in and makes things quick and easy.

You need to have an over all group policy that applies to everyone. This might be something like a computer lockdown policy, etc. The way I have our AD setup is like our company's organizational chart. I set shares and department directories via group policies (dependent on department). Things like permissions to shares and whatnot are set in AD.

AD isn't hard to learn how to use, it's using it to its fullest potential in making your job easier thats the difficult part.

Remember, I can send you the admin pak and gp snap-in along with a couple of other things of you wish.

__________________
"You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane."

asshopo

By all means, please, send them I belive I have the gp snap in installed on the server. It's basicly like gpedit on WinXP, only on the AD server. If thats not it, then I would love to get ahold of it.

Thanks.

__________________
Patterns have a habit of repeating themselves.

asshopo

Ok, so I havent gotten the care package and still haven't figured my origional problem out.

Anyone have any suggestions?

__________________
Patterns have a habit of repeating themselves.

hrdwareguy

What OS are the workstations running?

__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today

MikeSty

Bahhaha.. sounds like my school's network ... which I'll be maintaining soon

*extremely depressed smiley face *

belkins

Do users have admin rights on their boxes or do you set them up as Power Users?

I'm guessing the problems you mentioned are related to some users and not all users, is that right? Also, is it the box or the particular user?

aratheff

I have not used it myself but MS does have stripped down version FAZAM, at http://www.microsoft.com/windows2000...azam2000-o.asp Or you can run Gpresult, download from MS, on the local machines you are having trouble with. It will give you a list of all group polices applied to a certain machine and there settings. I have used this one before works pretty good. Remember once you change GPO you can run gpupdate /force to apply to change w/o having to wait for it to update.