can anyone tell me the benefits of having workstations log on thru a domain?

Discussion in 'OT Technology' started by jdub12, Jul 16, 2004.

  1. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    can anyone run down the main benefits of having client computers in a network environment log on thru a domain rather than just a traditional networking setup like the same workgroup, etc.? where else might i find more infomation on this and how to configure one properly too?
     
  2. maczter

    maczter Life is trying things to see if they work.

    Joined:
    Sep 30, 2003
    Messages:
    3,622
    Likes Received:
    0
    Location:
    Austin, TX
    Benefits of Domains

    Grouping computers into domains provides two main benefits to network administrators and users. The more important one is that the domain controllers form a single administrative unit, sharing security and user account information. In this way, administrators need to manage only one account for each user, and each user needs to use (and remember the password for) only one account. By extending the administrative unit from individual servers to an entire domain, Advanced Server saves administrators and users time and effort.

    The second benefit of grouping computers into domains is user convenience. When users browse the network for available resources, they see the network grouped into domains, rather than seeing all of the network servers and printers at once.

    Edit: Just a note: I did not write this. :) Googled until I found an intelligently worded answer. Didn't feel like writing it out myself at the moment. :)
     
    Last edited: Jul 17, 2004
  3. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    sweet thanks, any tutorials, sites or books you would recommend?
     
  4. maczter

    maczter Life is trying things to see if they work.

    Joined:
    Sep 30, 2003
    Messages:
    3,622
    Likes Received:
    0
    Location:
    Austin, TX
    Hmmm...

    Which OS?
     
  5. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,500
    Likes Received:
    315
    Location:
    Northwest Mejicooooooo
    You can also use useful things like logon scripts. You can't do that unless you're a Win9x machine that logs onto a domain or an NT/2k/XPPro machine that joins the domain. Reason #1 to avoid XP Home if you have a LAN. Ditto on group policies. Centralized management > changing settings on 10, 20, or 1000 computers.
     
  6. Supadoggie

    Supadoggie I ♥ my doggah

    Joined:
    May 22, 2000
    Messages:
    32,484
    Likes Received:
    0
    Location:
    NYC
    Group Policies are great :cool:

    no need to run around to each computer to change a setting..
     
  7. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    is it possible to install a piece of software on the server to distribute to all the workstations?
     
  8. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    yes with software rollouts. we did some of this using windows 2003 enterprise and ms office xp and norton corp. really cool stuff!
     
  9. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    ok well i have server2k3 running with a DNS, WINS, DHCP, and AD running. Ive been trying to follow this server 2k3 book I have and I guess I dont have it quite running like I want it to.

    First off, ive configured the forward and reverse lookups, the dhcp server while disabling the dhcp on my router according to the book. For some reason, I cannot get my workstations to join my domain that I have created. Is there anyone that might be able to walk me thru the steps of properly configuring this beast? Thanks.
     
  10. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,500
    Likes Received:
    315
    Location:
    Northwest Mejicooooooo
    First make sure the workstations can see the server when they're not joined to the domain. Go to an explorer window and type "\\servername" in the address box. If you can see it, you're good. When you go to the properties on My computer and tell it to join the domain, it should prompt you for the name and password of an account on the domain with permission to join computers. (admin account) That's about it.
     
  11. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    for some reason, all my workstations can see the server, but it says that there is no user name on that domain when i try to connect them....strange, because i created several new ones, and none work. any ideas?
     
  12. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    heres the exact problem im getting while trying to connect my workstations:

    "the following error occured while attempting to join the domain "test"

    multiple connections to a server, shared resource by the same user, using more than 1 user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again."

    Now it seems that its trying to join, because i specify the domain, and then it prompts for a user name and pass, but when i punch those in, I get that error. i configured the users in the Active Directory Users and Computer. I added the computer to the computer section which matches the workstation that im trying to join and then I also made an account. Anything you can think of why i cant join? My server gets internet access, but my workstations are stuck..and I'm assuming that this is because they cannot connect. They however are getting DHCP from the server, not the router and in the ipconfig results for the workstations..i am showing my domain for the dns suffix portion. Hope thats a good sign?!?
     
  13. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,500
    Likes Received:
    315
    Location:
    Northwest Mejicooooooo
    I'm not sure it has anything to do with your problems, but its a common mistake (at least with Server 2000, soooo..... make sure that your Win2k3's DNS server doesn't have a root (.) zone defined and that your ISP's DNS servers are listed under the forwarders tab of your DNS server properties. So all workstations use your server as their only DNS server, then the server forwards lookups for other domains (ie. offtopic.com, microsoft.com, etc.) to your ISP's DNS server. Having the workstations use only your server as their DNS server ensures AD works right. The server's TCP/IP properties should have DNS set to either its own IP address or 127.0.0.1 (loopback).

    This article: http://www.wown.com/articles_tutorials/wxpjoind.html suggests that you have to logout and back in before attempting to join the domain. You might also try going to the server, getting properties on My Computer, and going to the shared folders item under computer management. Click into Sessions and see if you have some orphaned sessions. Kill as needed. Sometimes workstations don't close the session properly.
     
  14. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    welp, looks like ive made some progress. I added my user to the domain admins group as well as the domain users group. before it was just a part of the domain users group and it would not work. but as soon as i added it to the domain admins, it connected without a hitch. any suggestions as to how to get it working with the domain users group so I dont give the workstation so many privaledges? also, as people were saying, how can I control things that the user can and cannot do, like add remove software, etc.? Where can I learn about creating login scripts and how about software rollouts? Anything unsual have to be installed to do this? thanks for all the help guys
     
  15. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,500
    Likes Received:
    315
    Location:
    Northwest Mejicooooooo
    Once the machine is joined to the domain using a domain admin account, you can logon to the domain through the workstation using a domain user account unless you have a security policy defined forbiding it.
     
  16. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    are you familiar with how to distro software? do i just use the gpedit feature where i can make all the changes and privaledges?
     
  17. cmsurfer

    cmsurfer ºllllllº

    Joined:
    Jun 6, 2003
    Messages:
    5,079
    Likes Received:
    0
    Location:
    NJ
    You can search the "How To" articles on the Microsoft site to setup a Domain Controller.

    CM.
     
  18. maczter

    maczter Life is trying things to see if they work.

    Joined:
    Sep 30, 2003
    Messages:
    3,622
    Likes Received:
    0
    Location:
    Austin, TX
    A little slow on the draw there. I think he's already well past that point. :)
     
  19. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Yeah, you can't join the domain without it you being an admin. I don't even add the computers in initially in the server, I just join the domain and when it asks, "Who the fuck are you?" I type in, "I'm your fucking god, now let me join bitch!" (ie the admin name and password of the domain).
     
  20. maczter

    maczter Life is trying things to see if they work.

    Joined:
    Sep 30, 2003
    Messages:
    3,622
    Likes Received:
    0
    Location:
    Austin, TX
    :rofl::rofl::rofl:
     
  21. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    i figured you could at least join a computer on a domain...but you might not be able to actually log onto it cause you have to have valid credentials. I guess this isnt the case?
     
  22. maczter

    maczter Life is trying things to see if they work.

    Joined:
    Sep 30, 2003
    Messages:
    3,622
    Likes Received:
    0
    Location:
    Austin, TX
    if you are a domain admin, you can log onto any machine on the domain and do anything you want to it.
     
  23. jdub12

    jdub12 New Member

    Joined:
    Apr 27, 2002
    Messages:
    654
    Likes Received:
    0
    Location:
    \
    i know, im just saying...I didnt know you had to specify log on information just to have the computer join the domain. now logging on is another story...but just to have it join up to the domain thru the network properties is what was confusing me. i had to specify admin priv's just to get it to see the domain i created...and that wasnt even logging onto it yet with a domain account.
     
  24. maczter

    maczter Life is trying things to see if they work.

    Joined:
    Sep 30, 2003
    Messages:
    3,622
    Likes Received:
    0
    Location:
    Austin, TX
    gotcha.
     
  25. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    There's actually a policy in their that specifically gives rights to "join a domain". By default it's the admin group only but you can change it (I think - never tried though because it's a good idea to leave it alone). The reason is that a domain computer has certain rights that a computer that does not belong (things like a pipe to the domain for logon attempts). Just another layer of security.
     

Share This Page