Tuesday, 22 March 2011

Joining the Domain

20:50    No comments


Joining the Domain


At this point, you should have a customized OU for your Member Server and can add the Server to the Domain with the NETDOM utility.  NETDOM is a powerful tool for automating domain membership activity on client systems.  Please see the Administration Guide for Andrew Windows for specific instructions. 

Do not attempt to add the machine to the Domain via the “My Computer” -> Network Identification method.  By default, this will place the server into the Active Directory Computer Container.  If the server is mistakenly added to this container, upon reboot it will unintentionally pick up the Andrew GPO’s.
The Microsoft Knowledge-base article describes automating the creation of computer accounts within a domain.

3.5 Local Administration Access from Andrew Accounts and Groups

One of the first server changes you should consider is the addition of your departmental OU administrators group to the local administrators group on your Member Server. This will enable you to perform local Server administration tasks without logging in as the local administrator.   Please see the Administration Guide for Andrew Windows for specific instructions.
  
Local vice Andrew Domain Accounts

When Member Servers join the Andrew Domain, resources can then be adjusted to give permissions to Andrew Users.  In addition, Member Servers still have the ability to host local accounts for resource control.  Server administrators are responsible for local machine accounts.  For security reasons, it is recommended that these accounts be minimized.

 Local Logon Access

We recommend that departments customize their local logon policies to restrict access to non-departmental Administrators.  Please see the Administration Guide for Andrew Windows for specific instructions.

Restricting Server Access

By default, when a computer is joined to a domain, several domain groups are added to local machine groups. The Domain Users group is joined to the Local Users group and the Domain Administrators group is joined to the local computer's Administrators group. These domain groups can be removed from the local groups to increase the security of your computers.

Directions for customizing local machine access can be found in the Administration Guide for Andrew Windows

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)