Preparing Active Directory for User Logins

You already set up Active Directory in Chapter 1. When you did, you created a centralized repository for user, group , and computer accounts to be authenticated to. In this chapter, we'll start to leverage that repository and make it worth the money you paid for it.

Now is a great time to create some sample user accounts in some sample OUs (organizational units). Otherwise, we'll have no user accounts to authenticate against (other than the administrator account).

Creating Active Directory Organizational Units (OUs)

First, we'll create our OUs, then we'll put some sample users inside. To create our OUs:

Log on to your Windows Active Directory server as the domain administrator. Select Start Programs Administrative Tools Active Directory Users & Computers.
Right-click the domain name ( ad.corp.com ) and select New Organizational Unit, as shown in Figure 3.1.
In the "New Object Organizational Unit" dialog, enter Sales .

Figure 3.1: Create two new OUs Sales and Marketing

Repeat these steps and create another OU for Marketing and another for Human Resources.

Creating Active Directory User Accounts

It's easy to create Active Directory users. Simply right-click the OU in which you want to create your users and select New User. Then, follow the wizard to create your first user.

In the Sales OU, create two users: salesperson1 and salesperson2 .
In the Marketing OU, create two users: marketperson1 and marketperson2 .
In the Human Resources OU, create two users: HRperson1 and HRperson2 .

Be sure to give everyone the same password. For this book, we'll stick with p@ssw0rd . We'll use these users a bit later.

Creating Active Directory Group Accounts

It's also easy to create Active Directory groups. Simply right-click the OU in which you want to create the group and select New Group. Then follow the wizard to create your first user. In the Sales OU, create a group named SalesGroup .

To add salesperson1 and salesperson2 to that group, press Shift and click both salesperson1 and salesperson2 , right-click and select "Add to a group," then choose the new SalesGroup you created.

Repeat by creating MarketingGroup and adding marketperson1 and marketperson2 to it. Additionally, create HRGroup and add HRperson1 and HRperson2 to it.

We'll use the SalesGroup a bit later in this chapter and the others in the next chapter.

Authenticating Windows Clients to Active Directory

To authenticate Windows clients to Active Directory, the computer account has to be "joined" to the domain. You should have already done this in Chapter 1 during setup, but if you weren't able to perform this step for some reason, here's how to do it.

Joining Windows XP Machines to Active Directory

Select Start, then right-click My Computer and select "Properties." Select the "Computer Name" tab, then click the "Change " button. At the "Computer Name Changes" screen, select the radio button labeled "Domain:" then enter the name of the domain. You can enter either AD (the short name) or ad.corp.com (the Fully Qualified Domain Name); then press Enter. Enter your administrative credentials to join the domain, then reboot.

If you're having trouble joining the domain, be sure to check the client's IP address, subnet mask, and DNS settings. Specifically, make sure the client machine is using the IP address of windc1.ad.corp.com (192.168.2.226) as the "Preferred DNS server."

Logging into Active Directory from Windows XP

There's nothing special that you need to do to authenticate Windows Clients to Active Directory. On rebooting your Windows XP machine, you'll be asked to select the domain to authenticate to in the Ctl+Alt+Del drop-down, as shown in Figure 3.2.

Figure 3.2: Use the "Log on to" drop-down to select the domain.