Getting started with Active Directory

server2003This article shows you how to get started with Active Directory.  I'm using Server 2003, but much of what you see also applies to Server 2008.


Raising Domain Functional Level

By default your new Server 2003 domain is actually set at Windows 2000 native functional level.  Raise this functional level to take advantage of nested group membership.

  1. Go to Start > Administrative Tools > Active Directory Users and Computers.
  2. Right-click your domain and select Raise Domain Functional Level...
  3. Select Windows Server 2003 from the drop-down.
  4. Click Raise.
  5. Click OK to the warning.

 

Organisational Units

Organisational Units (OUs) are the building blocks of Active Director (AD).  They represent the directory structure in AD.  Let's create our own OUs to build our own structure.

  1. Go to Start > Administrative Tools > Active Directory Users and Computers.
    1. (you might want to pin this to the Start Menu).
  2. You'll see your domain (eg yourdomain.local).
  3. Expand your domain to see the sub-level OUs.

 

Creating OUs

The default OU structure is fine for smaller deployments, but for schools with hundreds of students and computers, you will need to be more organised.

  1. Right-click your domain.
  2. Choose New > Organisational Unit.
  3. Name it your domain (eg Your Domain).
  4. Right-click your new OU.
  5. Choose New > Organisational Unit.
  6. Name it Users.
  7. Repeat this last step but name the new OU Computers.
  8. Repeat and name this OU Groups.

 

OU Structure

Keep going until you have a structure something like this

  • Computers
    • Application Servers
    • ClassroomA
    • ClassroomB
    • Staffroom
  • Groups
    • People
    • Subjects
    • Years of entry
  • Users
    • IT Support
    • Management
    • Students
      • 2008
      • 2009
    • Teachers

    Now your computers and users won't get mixed up with the system user accounts, and you'll have a more intuitive control when you next visit AD Users and Computers.

     

    Important note

    Whilst it's a good idea to move computers from the default Computers OU to your new My School > Computers > Application Servers OU, do not move any Domain Controllers from their default Domain Controllers OU location.

     

    Next steps

     

    Thanks for visiting.