What the hell did you watch?



You could also do it from the command line if you wanted to for some crazy reason

Just join them to the Domain. The issue will be I expect the laptops will have the Home version of Windows. If so before it can join the domain you need to upgrade Windows.

First question: is it a SBS server?

For some reason, SBS servers don't like it if you don't use the little connection wizard. Just go to the workstation, point your web browser at HTTP://connect

Otherwise, I just verify the computer name doesn't already exist in ADUC, go to the workstation, join to the domain through the System Properties -> Computer Name screen...

An entry for the computer in ADUC will be created automatically when you join a computer to the domain.

(This all assumes like-default settings. It's possible to configure things so a strange procedure is required, but I haven't run into it often)

Presuming you have the correct infrastructure in place, the proper client O/S edition and the proper domain privilege, it takes less than 10 seconds to add a new computer to AD.

On the laptop right click 'Computer', select properties, then 'Change' next to the identity settings, and simply join the domain. In most cases that is all you need to do, no need for the MMC and no need to pre create the computer accounts, etc.


INFRASTRUCTURE:
- You must have a domain controller available
- You need a DNS server with the correct SRV records for AD
- You must have a domain account with the right to add computers (usually a domain admin but could be others, generally not regular users though).


CLIENT:
- You must have a client O/S edition of Professional or higher, no home versions.
- You need a unique computer name or if reusing a name the computer account must be reset in AD first
- You need an IP, a DNS entry for the aforementioned DNS server, and a route to the DNS server and to the domain controller

Wait a sec then.

This would be on an enterprise network of course. So then why can you create computers in active directory? What is the purpose for that?

So then I have been adding computers to the domain all the time (as an admin with the rights to join the domain and what not) and not aware that I was doing this, but from the node perspective and not from a server with the mmc opened up.

Yeah I thought this was a bit easy. AD is an easy to grasp concept and all. I just thought that for such a ***** of a thing that it would have more meat to it. It seems that I already know how to do this.

So then what does moving computers from domain to domain do on an AD screen? Just give them different rights? I thought the roaming profiles did that.

:\ heh.


Here is another thing I noticed, why did I get a message telling me that another computer with that name existed once? I had changed the name, and then did something and changed the name back and I was told that another computer already existed on the domain with that name. Oh, I left the domain, changed the name, then rejoined it, and tried to change the name back to the original. So I then ended up leaving the domain, changing back to the original and then rejoining the domain and it let me do that. Odd...

Moving computers from domain to domain? You're be putting the computer in a different domain. Do you mean a different domain within the same forest? You can assign group policies to computer accounts and OUs, depending on policies between domains(like the use of a computer) it may be different.

I am not on top of all of the proper terminology.

Forest is the cluster of all of the things on the entire network? The schema or something I think? When I open the toolbox I would see three domains, one of which was being whittled down and soon to be dropped. But I never paid attention to computers in there, just names/users. I was not even aware really that computers needed to be there or that they did show up there. I recall that once we dragged and dropped a computer from one group to another within the main active domain, but I forgot why and I had not done it since. It might have been a new laptop that we were getting ready to give to a new manager or other department that had ordered one.

I was only showed that once and then I never heard about doing it or being asked to do it again so it faded away.

Then all of a sudden I am being told by a potential new employer that I need to know how to add nodes to an AD out in the field. I figured that it was more than just joining a domain with an admin account.

Did I over-analyze this again? I said that I had not done that before because I thought it was some new protocol and I had not been asked if I had added a machine to the active directory. I had not, but I have joined many machines to the domain while at the city. And I found that once you join a domain, you can not change your computer name and then change it back. You must leave the domain, change it back and then rejoin the domain. But just because I join a domain on a computer, that will create an entry in the AD automatically? Let's say that for this I am talking about a single domain on an enterprise network.

What kinds of group policies can you put onto computers within a domain? I would think that user policies or rights would overrule those policies. Like taking a new user and making them a member of the internet group so that they can have access to the internet. If they were to log into a computer that is on the network, I would think that they now have permission to go out onto the internet because they are a member of the internet group. So it is possible to put a certain computer or computers into a group that has no internet access and then even though they are on the network and they have all of the information, they can not get out onto the internet? What policy overrides what policy? Is there a pyramid as to what permissions override others?

You can add a computer object directly into Active Directory, but all that really does is place the object in the OU you want it to be in ahead of time. Someone on the client side still needs to join it to the domain with an account with privileges.

You might want to brush up on AD (and LDAP) fundamentals. AD itself is easy to start working in, but you really need to know what's going on underneath such as the implications when you move objects around from OU to OU (specifically with GPOs).

Oh boy.

I spent $64 for some MS server book, that is supposed to be the complete authoritative bible on rolling out server 2012 and they had a LOT of acros in it. But it is good reading and seems to tell a lot, but it is one of those technical books that does not give you a crash course. I guess I need to see a crash course in AD and then refer to this book I have for more details as to what is going on behind the scenes.

I am sure it is not that hard, it is just that I am a specific guy and I have kinda been down this road before in this forum but that was before I even played with AD and now that I have played with it I am convinced that it is either not that complicated like some make it out to be or I am just missing something. I think I will have a test this week and I want to make sure that I can do what the people ask of me so I am getting paranoid and looking at all different angles to make sure I am covered.

It's definitely not hard(the reality is that no experienced admin is going to remember everything at all times), but you need to know enough to know how to look something up. For example, you mentioned in a post above that your employer wants you adding "nodes" in the field, I have no idea if you just mean another computer, or a node for a failover cluster.

Aside from MS butchering the UI in server 2012 for the sake of it looking like windows 8, they've actually been pretty decent over the years about not changing fundamentals of existing features too much since 2000.

When you read up on GPO's(like I suspect you will now), you're also going to learn a lot about the order that things are applied in, what they can be applied to, and how things interact.

There isn't a cash course in AD(well, there's those bootcamps for certs, but they cost an arm and a leg and they're more of an information dump than a place to actually learn something).

It is unfortunate that Technet Plus subscriptions no longer exist. It was hugely beneficial for students.
(M$ is STILL pushing people toward Linux, daily. )

Are there Win Server evals that would be beneficial, these days?

yes, I suspect the potential new boss to be formally trained/schooled as well as picked up knowledge in the field and I took Node to mean another computer, be it laptop or desktop. He started by saying adding a computer to active directory and then later switched over to node (prolly trying to see if I understood what he was talking about). I always connected Nodes with Linux but I know that through early formal learning a Node is simply (was anyways) a computer on a network (usually).

And yes, GPOs I have read about but they are on my list as a refresher now. Group Policy Objects? The things that group policy encompases and affects and the order in which... Or something like that. I just need to work with this stuff some more. The internship at the City exposed me to a lot of things, but the names and acros were never really referred to their formal titles, just, do this and do that. So now I am getting excited and running around, but the reality is that it looks like I have already done a lot of these things. crazy... So much information and communication and redundancy and yet the left hand still does not know what the right hand is doing.

Call it a host, and go old school.