Announcement

Collapse
No announcement yet.

active directory project

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • active directory project

    i have a project coming up soon that i have to figure out how to do. I have very little details on it so far.

    Converting to active directory

    copy user profiles from old environment (which i don't know what it is)

    how to add a script to the gpo to automatically remap their network shares?

    please advise me on this. I appreciate it.

  • #2
    Re: active directory project

    With those little details there's not alot we can help you with.

    What are you moving from???

    Copying profiles could be as simple as using ADMT (Active Directory Migration Tool).

    http://www.microsoft.com/downloads/d...displaylang=en

    Setting up a logon script via GPO Server 2008

    http://www.petri.com/setting-up-logo...erver-2008.htm

    Comment


    • #3
      Re: active directory project

      well, i do know this: we won't be using 2008. we'll be using server 2003. if you could give me any of the possible methods and a good link to learn more about scripting gpo to remap network drives or shares?

      Comment


      • #4
        Re: active directory project

        Originally posted by rayc View Post
        well, i do know this: we won't be using 2008. we'll be using server 2003. if you could give me any of the possible methods and a good link to learn more about scripting gpo to remap network drives or shares?
        I'm no scripting expert... in fact, I haven't even attained the status of "Scripting Newb", however I do believe that VBS is the preferred method for logon scripts these days (preferred over batch files). Take a look at this Google Search. Notice that the search string is simply "VBS logon script" and yet the fist return has to do with mapping network drives.
        Wesley David
        LinkedIn | Careers 2.0
        -------------------------------
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

        Comment


        • #5
          Re: active directory project

          You could also use the 'net use' command in a batch file.

          Type net use /? in to the command prompt for switches.

          For user's own network drives, you would allow them to map automatically to their area via setting their User Account Properties in AD.

          Comment


          • #6
            Re: active directory project

            Originally posted by rayc View Post
            well, i do know this: we won't be using 2008. we'll be using server 2003. if you could give me any of the possible methods and a good link to learn more about scripting gpo to remap network drives or shares?
            Have you done any investigation into this???

            http://www.google.com.au/search?hl=e...G=Search&meta=

            You still haven't told us which platform you will be migrating from either.

            Comment


            • #7
              Re: active directory project

              Originally posted by wullieb1 View Post
              Have you done any investigation into this???

              http://www.google.com.au/search?hl=e...G=Search&meta=

              You still haven't told us which platform you will be migrating from either.
              well, i did say earlier that i have no idea what platform we're migrating from. today's a holiday and i didn't get a chance to ask the mgr.

              i've been doing some reading and memorizing of the active directory basics. i'm a beginner at ad. Not trained in it.

              i'm doing my research by reading quickstart guides. and some other manuals. i'm getting the basics of it down first and then i'll study the scripting gpo portion and see if i can implement in a test environment at home. i have server 2003 and a couple of windows xp workstations, so i should be able to simulate an environment and try to auto map network drives based on groups.

              Any quick tips on how to simulate an environment. I was wondering how would i separate accounting, IT, HR, and etc? Would i just use one domain and then create 1 OU (what should i call it? ) and then 3 groups? and then create some kind of script for if they log on to accounting then show H drive and then if they log onto IT, show G drive? or so on? What's the best way to do this. Please provide step by step instructions. I would appreciate the guidance. By the way, how do they script it so that each and every computer gets its own HOME DRIVE? that's all something i'm interested in. Please give tips.

              Comment


              • #8
                Re: active directory project

                Rayc,
                What experience do you have with an AD environment so far (certifications, practical experience etc)?
                What support are you getting in this project (it sounds as if you are on your own)?
                How large is the environment to be migrated (servers, PCs, users, printers etc)?
                As asked, what is being used now?
                What sort of business is it?

                From experience, do NOT let anyone push you into "we need to migrate to AD by Friday" (unless Ray C translates into R Crusoe ) and spend a long time planning as the decisions YOU make now will come back to haunt you later


                For simulation, get a good, fast PC with lots of RAM and VirtualPC and you can get several machines pretending to talk. Whatever you do, use a dummy name for your AD domain in case of conflicts with the real one.
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: active directory project

                  Originally posted by Ossian View Post
                  Rayc,
                  What experience do you have with an AD environment so far (certifications, practical experience etc)?
                  What support are you getting in this project (it sounds as if you are on your own)?
                  How large is the environment to be migrated (servers, PCs, users, printers etc)?
                  As asked, what is being used now?
                  What sort of business is it?

                  From experience, do NOT let anyone push you into "we need to migrate to AD by Friday" (unless Ray C translates into R Crusoe ) and spend a long time planning as the decisions YOU make now will come back to haunt you later


                  For simulation, get a good, fast PC with lots of RAM and VirtualPC and you can get several machines pretending to talk. Whatever you do, use a dummy name for your AD domain in case of conflicts with the real one.
                  I only have A+, network+, Lenovo certifications, and HP Certifications. I'm not microsoft certified yet. I will be as soon as i get a chance to take my first. 70-270.

                  I'm basically a technician. Not a network administrator or server admin quite yet.

                  I'm new to this. i work for a consulting company and my manager is taking me to work onsite at some company on friday i think. The environment is 40 workstations with Windows XP. We're installing windows server 2003 w/ active directory cuz that's what the client wants.

                  we need to transfer their user profiles to a share on the server. But we don't have local admin accounts on all the user's computers. So Will USMT work? or what's the best course of action. How are we to copy their profiles without local admin accts? that's something's that's confusing me. i'm basically on my own. my mgr will be setting up active directory (he's not very technical, so i'd like to help as much as i can. ) These are the details he's given me. Not really enough info.

                  We also need to script gpo to map network drives and i was wondering how i would setup a home drive for each just in case i need to do that.

                  let me know. Thanks.

                  Comment


                  • #10
                    Re: active directory project

                    Home drives can be configured via setting the properties of the AD account. That way, regardless of the machine a user logs on to, their Home drive will move with them.

                    You will need to get local admin rights on the client machines to join them to the domain. There are ways of allowing normal users to add computer accounts to the domain but that's not best practice.

                    You want to research LDIFDE and CSVDE. These will allow you to create AD accounts quicker etc. and maybe change home profiles.

                    I am not entirely sure but sometimes certain properties can be set on AD accounts my selecting them all and then going to the properties. If Home Drive path is then settable, you can use a convention such as \\Server\UserShares\%username%

                    %username% will automatically map to the username of the AD object. If the username folder does not then exist, it will be created for you.

                    It would be best to do what you are doing and research as much as you can. Planning is key to any successful AD deployment.

                    Comment


                    • #11
                      Re: active directory project

                      Originally posted by Virtual View Post
                      Home drives can be configured via setting the properties of the AD account. That way, regardless of the machine a user logs on to, their Home drive will move with them.

                      You will need to get local admin rights on the client machines to join them to the domain. There are ways of allowing normal users to add computer accounts to the domain but that's not best practice.

                      You want to research LDIFDE and CSVDE. These will allow you to create AD accounts quicker etc. and maybe change home profiles.

                      I am not entirely sure but sometimes certain properties can be set on AD accounts my selecting them all and then going to the properties. If Home Drive path is then settable, you can use a convention such as \\Server\UserShares\%username%

                      %username% will automatically map to the username of the AD object. If the username folder does not then exist, it will be created for you.

                      It would be best to do what you are doing and research as much as you can. Planning is key to any successful AD deployment.

                      I've found out that they have 2 groups only. And that they do have passwords to all the user accounts. So what's your advice? the LDIFDE and CSVDE? What is this? What script would be perfect for this? and easily customizable for me?

                      Comment


                      • #12
                        Re: active directory project

                        When you move to AD you will have a totally new set of user accounts and can also create as many groups as you want

                        Roughly what you will need to do
                        Build the server (off site) and DCPROMO to make it a DC
                        Create users (Use CSVDE to do it in bulk)
                        IMHO create computer accounts in advance but not required
                        On clients:
                        Log on as main user
                        Run MigWiz to clone profile (or ADMT to do it in bulk)
                        Join to domain using local admin account
                        Log on as main users domain account
                        Run MigWiz to reload profile
                        Log off and back on to test profile is OK

                        Separately, on server
                        Create shares
                        Create logon scripts and assign to users

                        There is a heck of a lot more, but this gives you a framework
                        As I said before, go slow, plan and if necessary tell the boss to wait a week!
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: active directory project

                          my boss has it set for friday i think. he's the type to want things done right away.

                          He was planning on copying the profiles manually one by one on 38 workstations.

                          basically all we need to do is join each workstation to the domain(is there a script i can use to facilitate the process or do i just have to go to each machine one by one and right click on my computer, properties, computername/change to join domain?

                          we won't be building the server offsite. this is going to be a 2 man operation. me and my boss. they have the server at this company already. they just need to have it setup correctly.

                          i've also found out they use outlook, but we won't be touching their outlook according to the boss.

                          what do i need to use csvde? all we have a is a newly installed win server 2003 and 38 windows xp pro workstations.

                          2 groups , somebody please help out. i'd appreciate it.

                          can i really run migwiz or admt with these settings, and could please provide some step by step instructions on running these.

                          I'd also like to test this out with my home environment just to see if it works.

                          Comment


                          • #14
                            Re: active directory project

                            If you are creating 38 user accounts CSVDE will speed up the process, but you dont have to use it (just as you have a choice how you join the computers to the domain

                            Migwiz will be no problems (ADMT wil not work from workgroup to domain -- sorry for misleading you above)

                            Can you explain about the groups a bit more please?

                            How do they get their email in Outlook - not via Exchange I presume?
                            Tom Jones
                            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                            PhD, MSc, FIAP, MIITT
                            IT Trainer / Consultant
                            Ossian Ltd
                            Scotland

                            ** Remember to give credit where credit is due and leave reputation points where appropriate **

                            Comment


                            • #15
                              Re: active directory project

                              Originally posted by Ossian View Post
                              If you are creating 38 user accounts CSVDE will speed up the process, but you dont have to use it (just as you have a choice how you join the computers to the domain

                              Migwiz will be no problems (ADMT wil not work from workgroup to domain -- sorry for misleading you above)

                              Can you explain about the groups a bit more please?

                              How do they get their email in Outlook - not via Exchange I presume?
                              out of curiosity, why is important that we know whether they use exchange?

                              also somebody suggested to me that i would have local admin access on each machine if i just joined it to the domain? But then I would lose all user settings the second it joined the domain?

                              Also i'm pretty sure you can't copy a user's profile when you're logged in as that user?

                              Please correct me if i'm wrong. and tell what i can do to rectify this situation.

                              Comment

                              Working...
                              X