Active Directory FAQs
- Victoria Harpe
Active Directory
Active Directory is a database of users and network resources that Tier 1's can use to manage security and other functions in a networked computing environment.
Frequently Asked Questions
What will I need to manage that Active Directory system in my unit?
The Remote Server Administration tool pack will need to be downloaded from this link: Microsoft Download Page.
After installation of the Remote Server Administration tool completes, please look at this page for configuration of ADUC and GPMC. The two vital tools that will be used for managing your unit.
NOTE: The primary computer used for management will need to be running Windows 7 or Windows 8/8.1.
How do I migrate my organizational unit to Active Directory?
You will need to set up the workstations within your organizational unit to use Active Directory. To get started:
- Review the recommended workstation naming convention.
- Follow the instructions here for adding a machine to the domain: Add Machine
How do I keep my Organizational Units clean?
In most departments, computers are added and removed frequently for various reasons. It is good to try and keep track of these additions and removals. Always try to delete old computer objects from your OU after the machines have been removed. This will prevent problems with authentication as well as management through GPOs and SCCM. Some IT personnel keep an excel spread sheet of all of the machine names and their associated users. The sooner a management system is put in place, the easier the overall management will be as time goes on.
How do I add a non Microsoft workstation to Active Directory
See the following documents
Why have my desktop icons changed?
This will occur if a migrated user tries to login to their local account. Ensure that the user is logging into their domain account.
I recently added a Windows 7 workstation to Active Directory. Why is it logging the user in to a temporary profile?
This is a known issue with Windows 7/Vista. Occasionally, when changes are made to a user profile, the user will not longer be able to log in to their account. To correct this issue, visit http://support.microsoft.com/kb/947242
Why have I lost my File/Folder Permissions?
Occasionally when migrating a user into their domain profile some files and folders will not have the correct permissions applied to a user's new domain account. Most commonly this occurs when the permissions to the files and folders were assigned to specific users and not groups. To correct this select the affected files and folders and manually assign the proper permission via the security tab.
Why am I still getting prompted for my password when logging into SharePoint? My computer is already a member in AD.
Usually this is caused by a user still logging into their local account. Ensure that the user is logging into their domain account. You will also want to ensure that you have the appropriate group policy client side extensions (KB943729) update installed on the machine.
Why can I no longer open files that I encrypted using windows EFS?
This is because as far as windows is concerned you are now logging into a new windows account that does not have permission to these encrypted files. The simplest solution to this problem is to log back in as your local account, decrypt the files then re-encrypt them under your AD account.
What if I have other questions concerning the migration process?
Contact IT's Directory Service team at INFDSIT@LISTSERV.LOUISVILLE.EDU
How do I lock down a workstation so that only specific users can log in?
You will need to remove the domain users group from the local users group and the domain administrators* group from the local administrators group. You will then need to add each user's domain account that will need access to the workstation to either the local administrators group or users group depending on the level of access that is required. Step-by-step instructions for locking down AD workstations.
*It should be noted that removing the domain administrators group will severely limit the amount of assistance that IT can provide at the workstation level.
Why am I experiencing slow logins after being added in AD?
If you experience this problem first try disabling IPV6 if on a Vista or Windows 7 machine. Should the problem persist disable dynamic DNS by linking the IT-DisableDynamicDNS GPO to your OU.
Is Microsoft Active Directory a requirement for Microsoft Exchange?
Microsoft Active Directory is not required to use Microsoft Exchange email services. Users can always use the web client for Exchange. There are reasons why we recommend that users' workstations be added to Active Directory:
- The Exchange client and updates can be pushed by IT to the workstations, making it simpler to set up the Exchange client.
- Other software (Windows updates, etc.) can be pushed by IT to the workstations, making it easier to keep workstations up to date.
- If the users are logged into Active Directory on their workstations, they do not have to input their credentials whenever they log into Exchange or SharePoint.
Will sponsored accounts need Active Directory?
Each sponsored account has different needs, but all sponsored account holders receive Active Directory accounts. The requester of the sponsored account will need to determine if they need a workstation linked to Active Directory or need the Exchange client (Outlook).