Computer Management


Again, you use the Active Directory Users and Computers MMC snap-in to manage computers in the domain. Click the Computers folder in the left pane, and the right pane displays a list of computers in your domain, as you can see in Figure 37.7.

Figure 37.7. The Computers folder is used to administer computers in the domain.


The Action menu for managing computers is similar to that for managing users. The first thing to do is add a computer to the domain. This should be done when you are setting up new computers on the network. In addition to creating user accounts, computers must have an entry in the Active Directory database.

Adding a Computer to the Domain

To add a new computer, you can use the Action menu and select New and then Computer. Alternatively, you can right-click on the Computers folder and select the same items. The New Object-Computer dialog box, shown in Figure 37.8, enables you to input basic information about the computer, such as the hostname.

Figure 37.8. You enter basic computer information in this dialog box when adding a computer to the domain.


What TCP/IP users typically call a hostname goes in the Computer Name field. There is also a field to enter a pre-Windows 2000 computer name that can be recognized by older computers. Another field enables you to specify the users or groups that can add computers to the domain. The default is the Domain Admins group. If the user who will be joining the computer to the domain is not a member of the Domain Admins group, you should change this value to either the user's name or a group to which the user belongs. If you are uncertain who will be adding a particular computer account to the domain, you can specify the Everyone group. Finally, if the computer is not a Windows 2000 or Windows XP client, select the check box labeled Allow Pre-Windows 2000 Computers to Use This Account. You would want to check this box for Windows NT and Windows 98 computers, for example. Click the Next button to continue the process of adding the new computer.

The next dialog box prompts you to specify whether this is a managed computer and, if so, the GUID/UUID for the computer. These values are usually found in the computer's BIOS or on a label attached to the computer. Click the Next button to continue adding the computer.

Finally, a dialog box displays a summary view of the information you've entered. Click Finish to create the computer account. After you've done this, the computer should be able to boot and join the domain. Users who have accounts on the domain should be able to log in to the domain using the computer.

Managing Other Computer Account Information

Just like the user objects you create, the computer objects have a lot more attributes than you are prompted for when creating the initial computer account in the Active Directory. You can get to the properties page for a computer by right-clicking on the computer in the left pane and selecting Properties, or by highlighting the computer and selecting Properties from the Action menu. In Figure 37.9 you can see an example of a computer object properties page.

Figure 37.9. The properties of a computer account enable you to manage a large amount of information about the computer.


There are six tabs for this properties sheet: General, Operating System, Member Of, Location, Managed By, and Dial-In.

The General Tab

This tab shows you the fully qualified domain name of a computer, as well as its pre-Windows 2000 name. You also can see what role the computer plays in the network (workstation or server). The Description field enables you to enter useful information that will help you identify this computer or its use (or perhaps its location), depending on the information you want to enter. Finally, you can select the check box labeled Trust Computer for Delegation. This allows services running on the computer to request services from other computers as long as the service is running under the localsystem special account.

The Operating System Tab

This tab has only a few fields. Here you can see the operating system running on the computer, the version, and the highest level service pack installed.

The Member Of Tab

This tab enables you to add the computer to a group. For example, a domain controller computer is a member of the Domain Computers group, and this is its primary group. However, you can use other built-in groups or create new groups to assist you in managing computers that are similarly configured or used.

Use the Add button to add a new group. A list of groups is displayed in another dialog box, and you can select the groups from there. You also can remove group membership by using the Remove button. The Advanced button on the Select Groups dialog box that pops up from the Add button enables you to search for groups based on search criteria you enter so that you can refine your group selection to the greatest degree. The search function allows you to specify a term and then choose from these options:

  • Starts with

  • Is exactly

Another button on this page, Location, allows you to select the location from which the search should be executed, such as the domain, the built-in groups, and other computers such as domain controllers.

The Location Tab

This tab has only one field: Location. Use it to specify the particular office, or perhaps building, in which a computer is located. This information can be very useful when you get a call from a user and need to visit the computer for maintenance purposes. The Browse button enables you to select from other locations that have been entered previously.

The Managed By Tab

This tab enables you to select the user that manages this computer. Use the Change button to bring up a dialog box to select the user. After a user has been selected, the fields on this tab show the following information:

  • The user's name

  • The user's office

  • The user's street address

  • The user's city, state/province, country/region data

  • The user's telephone number

  • The user's fax number

Again, you can see that this kind of information can be valuable when trying to locate the person responsible for managing this computer in a large network. When this detailed information is kept in the Active Directory, it is accessible by computers throughout the domain, provided that the user has the access rights.

The Dial-In Tab

This tab allows you to specify values that allow dial-in access for this computer. You can use two radio buttons to either allow or deny dial-in access. If you choose to allow dial-in access, you can select to control the access using a Remote Access Policy (another topic entirely, and beyond the scope of this book). You can also specify callback options, specify a callback number set by the user, and specify to always call back. These fields are the same as those used for a user account, and they allow you to add a static IP address and static route to be used for dial-in access.




Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2006
Pages: 411

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net