Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
Welcome to the wonderful world of domains and active directory. I recently wrote a post about pushing out Internet Explorer parental control settings, using group policy. Group policy is great but when combined with Active Directory it becomes so much better!
Active Directory is centralized network management at it’s best. There are lots of reasons to set up a network domain and they include security, ease of administration and the ability to automate a lot of features that are cumbersome to roll out manually. Think about being able to manage all your user and computer accounts from one console. You can set “rules” for specific groups of users and say who can and cannot do what on YOUR network!
We will walk you through how to set up a Windows 2003 Active Directory Domain. To start you will need a Windows 2003 Server and the installation media that came with it. We will need to install the Windows DNS Server, configure the machine to have a static IP address and let it point to itself as your server’s DNS server. Grab everything you need and let’s get started.
When you start up your Windows 2003 Server you will see this screen:
To begin we will need to click the green arrow pointing to the right that says add or remove a role. This will start the wizard. Make sure you have all your network cables connected and your server online.
I would set your IP address to be static at this point if you have not already. To do so obtain a static IP address from your network administrator or choose one yourself if you are on your own network. To do this right click on network neighborhood and choose properties.
Next highlight Internet Protocol TCP/IP and hit the properties button to configure your IP address.
You will want to have the use the following IP address button checked as well as the use the following DNS server addresses button. Fill in the appropriate information and let’s move on. Click OK. That will take us back to our add a server role wizard. It will detect your settings as seen below:
Once it completes you will see the following screen:
If this is your first time setting up a domain run with the first option. This will install DNS and DHCP for you automatically. DNS stands for Domain Name Service and allows for your computers to talk to each other as well as connect to the Internet. DHCP stands for Dynamic Host Configuration Protocol and this allows computers to automatically have their IP addresses configured for them from your server. These services are very important for your network.
After you hit next we will see the screen that allows us to name our domain:
Choose your name carefully as it is almost impossible to change it later. You can use the extension .local instead of .com or .net to separate your domain from an Internet address. In this case we have AskTheAdmin.com which is a internet address and and active directory domain. If you are just testing you can use whatever you want to. The next screen asks you for your netbios names. You can leave these as the default. This is how older machines will see your computer and domain name.
Now we will get into how you want to handle name resolution. When you set up your clients to use your new internal DNS server you have an option of what to do with requests for Internet names like www.makeuseof.com. If you choose to forward queries to another server you can use your ISP’s DNS server to allow websites to be resolved. If you choose no your DNS server will not return web addresses and you might be unable to browse the Internet.
Click next and continue on. You will be asked to insert your Windows 2003 Server media and then you will see this screen telling you that you are complete.
You can now restart your server and begin setting up your users using the new shortcut on your start menu called Active Directory Users and computers like so:
That will take you to this console:
You can set up group policy or “rules” for each of your OU’s (organizational units) and that is a fancy name for the folders on the left. You can right click on any folder and choose properties ““> group policy ““> open to configure it. We will get further into what you can do with your domain and group policy in future posts.
Let me know if you run into problems or need help with other aspects of Active Directory and group policy.