How do users in active directory winserv2008 work?

Madhattan

Member
Mar 20, 2006
141
0
0
I am trying to share a folder on a windows server 2008 r2 box on a local network with windows xp clients.

I have installed the active directory role and understand how to make users and groups, but I was wondering how to manage the users.

If an xp client logs in as "x" on their local machine, does this x user need to be added to the server?

In other words, should the usernames and passwords of all the client machines be manually entered into the servers Users window?
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Two key objects in an Active Directory Domain are Computer accounts and User accounts. In order to easily manage Computers and Users there should be Domain accounts for both and, generally, all client PCs should be joined to the Domain and Users should access the PCs using their Domain User accounts.

Create accounts for all Users on the Server. Without those Domain accounts, you can't manage much of anything.
 

Madhattan

Member
Mar 20, 2006
141
0
0
So I make a user on the server, then go to the xp client > Control Panel > User Accounts and make the same user?
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
So I make a user on the server, then go to the xp client > Control Panel > User Accounts and make the same user?
No. Unless you have some very special requirements, you will STOP using local accounts on the client PCs. Everybody logs in using their Domain accounts. Once you've got everything working, it's best to DELETE all local accounts except for the Local Administrator.

You don't want people getting into PCs they aren't supposed to be getting into by using an old Local account with an easy (or non-existent) password. I'd also set the Local Administrator password on all the PCs to the same setting, with a good, long password that isn't the same as the Domain Administrator. If the Domain goes away for some reason, you'll want to know the Local Administrator password so you still have access to the PC.

Note that when you change from Local to Domain login accounts, Users' old profiles won't be used and brand new profiles will be established. You need to be prepared with a way to migrate their old Local profiles or, at least, their important data to their new Domain profiles. Servers like SBS 2008 have wizards to do this. Straight Server 2008 doesn't. There are utilities and hacks for doing this with XP. With Vista and Win7 be sure to test your profile migration technique since many of the old ones no longer work.
 
Last edited:

Madhattan

Member
Mar 20, 2006
141
0
0
Thanks for the info RebateMonger.

I will set up SBS 2008 and migrate local accounts to domain accounts.
 

Madhattan

Member
Mar 20, 2006
141
0
0
oops, misunderstood. I thought you meant the lightweight AD, not small business OS.

I will backup the local accounts and make domain accounts, and stick with standard server 2008 r2 and AD DS
 

Tbirdkid

Diamond Member
Apr 16, 2002
3,758
4
81
SBS is a different animal. Look up how to join computers to the domain via sbs on microsofts website. There is a specific way to do it, and do it correctly.
 

Madhattan

Member
Mar 20, 2006
141
0
0
Can I share a folder from windows server 2008 to XP clients without using active directory?
After doing some more research, it seems like a bit overkill for this small office.

We are currently using a workgroup, but have hit it's limit of 10 or so connections.

Is there something in the middle between a workgroup and a full-blown AD?
 

MedicBob

Diamond Member
Nov 29, 2001
4,151
1
0
File Services. Then just share to folder on the server to everyone.

However, there is absolutely no security. Everyone owns everything.

Best bet is as suggested. Create it as a Domain Controller and join the computers to the domain.

Do alot of reading on AD/DC esp. related to SBS as it really is a differant animal even though it looks very similar.
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Workgroups are pretty much meaningless. They are a convenience to help you sort out different groups of computers in a large organization.

As far as non-Domain logins, yes, you can create shares that non-Domain users can access. Just create a local account on the server for every user and create those same local accounts (same Username/Password) on people's computers.

This will normally work except when it doesn't work.

It's a LOT easier to manage a Domain with Domain-joined PCs and Domain User accounts then to manage a large workgroup with a bunch of local accounts on a bunch of computers.