If the PC is showing up in the builtin Computers OU then you've joined it to the domain properly. If you're able to login with a domain account to the domain, then you're authenticating to the domain properly. Error messages to look for in Event Viewer would be any relating to the application of policies (GPO's). I only plan to use the default domain policy GPO just to see if it's applying GPO's correctly. Once upon a time I was labbing 2000 Server at home. I was using the domain level GPO to do everything for the same reason you were. I accidentally (ie: did something stupid) locked the administrators group (and all members thereof) out of being able to edit GPO's. End result, I had to reinstall the OS in order to "fix" the problem I created. That experience taught me a valuable lesson. Never again have I touched the default domain level GPO. The reason being, any settings applied at that level flow down throughout the entire domain. I now use the methodology I described in my previous post when working with OU's and an active directory domain because if you mess up at a lower level, you don't lock yourself out of everything and can fix the problem and thus avoid having to reinstall. Granted one of the best ways to learn is to make mistakes like that and then have to figure out how to fix them, but I thought I'd save you some time and a minor headache by passing the info along to you so you could avoid making a similar mistake. Check Event Viewer. If nothing appears there then disable the default domain and do something like I stated above with regard to OU's and GPO's and then see if that doesn't work correctly. Or, if you don't want to create new OU's, use the GPO in the "User" OU to apply settings to users and see if it doesn't work.

0

Hi Curt R, I created a OU and GPO called test and linked and enforced the GPO to the OU. Then I changed "Hide setting tab" in default domain policy/user configuration/Administrative Templates/Control Panel/Display Then I disabled default domain GPO. Then I ran "gpupdate /force" on domain controller and xp workstation but still did not apply above settings to xp workstation only applied to domain controller. Then I looked in domain contoller event log but did not find any error messages regarding GPO's. A few Questions, Do I have to have DNS installed on DC? I have a Router do I need a Special setup? I have to turn off DC firewall to change from workgroup to domain in My Computer properties/computer Name is this normal? Wob

0

Yes, you really DO need to run DNS on the DC. Everything in your AD hinges on DNS, i.e. no DNS = no working GPO's. So install and configure the dns on the server, also make it run dhcp, and configure that as well. Make sure that your client receives the ip adress from the server and can do name resolution on your net. Your clients need to point their dns queries towards your server, otherwise they will not get the correct answers (hence your server must run dhcp as well). In the dhcp options, you must set the router/ gateway options to point to your router. Same thing for your server. hth

0

You don't have to run DNS on a DC although it will allow you to run Active Directory integrated DNS, so it's generally recommended you do so. DHCP, while it's better to run it on a Windows 2000/2003 server, is best to NOT run it on a DC for security reasons. Please help survivors of Hurricane Katrina! www.redcross.org

0

finn, heropsycho2177, I tried what you suggested still not working. Let me apologise before I start This is getting very complex, why make wizards that don't seem to work, oh I forgot it's microsoft LOL. Looks like I need to throw away my router and get a switch and modem and connect them to my server and then run dcpromo 10,000 times yet again. Getting tired of reading books, following procedures and getting nowhere, windows 2003 seems rubbish, it's to complex for it's own good. Thinking of trying alternative to win 2003, win 2003 is no good for newbies. Typical Microsoft you need to go on trainig course for 10 years just to install LOL. HELP! Wob

0

"This is getting very complex, why make wizards that don't seem to work, oh I forgot it's microsoft LOL." Active Directory IS complex. Precisely why I didn't really help after you finally gave info about your network because it was pretty evident you didn't have a clue. You need to have a good understanding of DNS, TCP/IP, as well as Active Directory before you implement. You obviously don't. For example... "Looks like I need to throw away my router and get a switch and modem and connect them to my server and then run dcpromo 10,000 times yet again." No, you need to read a book. You're doing something horribly wrong. "Getting tired of reading books, following procedures and getting nowhere, windows 2003 seems rubbish, it's to complex for it's own good." It's a complex product without question. If you don't want to spend some time learning it, don't deploy it. It's not rubbish. If it were, no one would be running it. "Thinking of trying alternative to win 2003, win 2003 is no good for newbies." AD is one of the least complicated and easiest to administer directory services available. Good luck finding an alternative that's easier to implement and manage. Not slamming other directory services out there today. Novell makes a good one, but ease to manage and implement isn't it's strong suit. Windows 2003 is fine for newbies. ANY DIRECTORY SERVICE is not newbie friendly. So gain that foundational knowledge either by reading or training, THEN deploy in production. Don't blame the product because you don't know what you're doing on a basic level. And just to show I'm not a cold hearted guy... Recommended links to check out... Free virtualization software to build yourself a lab to learn on. http://www.microsoft.com/downloads/details.aspx?FamilyId=6D58729D-DFA8-40BF-AFAF-20BCB7F01CD1&displaylang=en Great training material for all things basic Windows/AD, even some Cisco/Linux now... http://www.trainsignal.com/ Get your own microsoft software to mess with on your own. http://www.petri.co.il/ms_action_pack_subscription.htm Microsoft's free virtual lab series for hands on learning for lots of stuff. http://www.microsoft.com/technet/traincert/virtuallab/default.mspx Please help survivors of Hurricane Katrina! www.redcross.org

0

heropsycho2177 Ok let me put it like this the technology is there to make a wizard that sets up and detects your system setting allowing you to a least get active directory to WORK!! But microsoft don't want that they want people like yourselfs to go on corses etc... win xp install with basic setup that WORKS why not Win 2003 server?????? Wob

0

A. If you don't want to learn how to do it, that's your problem. B. Every directory service like Active Directory is complex and requires you to understand it. Are you seriously trying to say Novell doesn't offer training?! They don't even have a freaking "wizard". C. Wizards are not a "get out of having to understand what you're doing free card". You must basically understand basically how AD works. Sorry if that's such a burden! D. I have never taken a Microsoft course that I paid for (been sent by employers and got paid to go, not gonna turn down free training during work hours!). I never attended any course to get my MCSE 2000 or 2003. I don't have a problem actually reading and experimenting with a product to learn it. Not sure why you do, but I suggest you get over it. E. Windows 2003 basic setup works just like XP. You're going WELL BEYOND "basic setup". This is Active Directory!!! So you can keep whining and getting your butt kicked by "the wizard", OR you can stop trying to fly by the seat of your pants repeatedly crashing and burning, and actually go read some, understand what you're doing, and try again. "Milk was a bad choice!"

0

heropsycho2177 You must have shares in microsoft. Bye Wob

0

LOL, let me know how any of that was biased in favor of Microsoft. Novell's directory service is strikingly similar to Active Directory. You can't get away with just running a wizard to get it going. You still have to understand it. I didn't slam Novell in any possible way. Any directory service is complex and requires foundational knowledge by the implementer to get functional. So go try Novell, and get your butt handed to you on that, too. Then maybe you'll realize that the problem isn't the products. *cough* PEBCAK *cough*... And no, I don't own stock in Microsoft. I am an MCSE 2000/2003, though, so I actually know what I'm doing. Please help survivors of Hurricane Katrina! www.redcross.org

0

heropsycho2177 You don't get it do you, you just accept that this is how it is and don't look at how it should be. For example : You don't go into a garage and buy I car but first you need to go on mechanics course to be able to use it. Window server should be the same, you should be able to buy off shelf and it should do what it says on the box, you should not have to be a geek to be able to setup and use it like yourself!! wether it's basic, advanced, super advanced or geeky level LOL Understand me now God help us newbies if we have to rely on people with your attitude to develop "USER FRIENDLY SOFEWARE"......... Wob.

0

"You don't go into a garage and buy I car but first you need to go on mechanics course to be able to use it." LOL, then what's driving school? :-P Seriously, using a car is driving. Using Active Directory = signing in. Implementing it and administering it is what the mechanic does to a car. So get the analogy right. You're supposed to be the "mechanic" in IT. I don't hear mechanics moan that cars are too complex. Do I wish it were easier? Sure, we all do. You're missing the crucial point - NO DIRECTORY SERVICE IS EASY!!! So you can whine and complain that AD isn't easy. So switch to a different one like Novell, and guess what? Same thing! You're obviously gonna complain about this instead of learning it. I don't complain that a car is so complex I can't easily fix it. It's a complex piece of machinery. I either pay the mechanic or learn to fix it myself. If you want it up and running, commit yourself to learning it, or pay someone to do it for you who actually knows what they're doing. Either choice gets you a functioning directory service. Complaining and whining will just make you look more pathetic. "You don't get it do you, you just accept that this is how it is and don't look at how it should be." Great, it should be easier. Now, I'll just keep telling myself that. In the meantime, NO ONE'S DIRECTORY SERVICE IS EASY! So let me tell myself that another 100 times. ... Okay, magically everything is easier, right? HEY! IT'S STILL COMPLEX! Maybe if I go post on some forums and complain endlessly and helplessly about it instead of learning it. That'll make it easier! Please help survivors of Hurricane Katrina! www.redcross.org

0

Did you even look at and complete the GPO stuff in the *FREE* virtual lab series?! Tons of GPO labs. http://www.microsoft.com/technet/traincert/virtuallab/windowsserver2003.mspx Or are you just gonna keep whining and complaining? Please help survivors of Hurricane Katrina! www.redcross.org

0

heropsycho2177 Your links? I have to register, don't want to do that so they are useless. Anyway you obviously have got to have the last word so I will not be replying to you posts again then you get the last word. That's all you seem to be bothered with. FYI I am not gonna bother with a ds it not worth the effort, for now I am gonna use ghost it works great. Not got time to read millions of books about ds to get it to work, but you don't understand that. Happy now? Wob

0

"Anyway you obviously have got to have the last word so I will not be replying to you posts again then you get the last word." Not so concerned about getting the last word in. I just like to make sure that when lazy people like you spout off about this stuff when you don't have a clue, you get put in your place. How lazy can you be? Oh, we just found out... "Your links? I have to register, don't want to do that so they are useless." Now THAT is laziness! Wow... "FYI I am not gonna bother with a ds it not worth the effort, for now I am gonna use ghost it works great." First off, at least you seem to know now that it's not a Microsoft problem here, so congrats to that. (I think that means I was right btw.) But it also illustrates you're too lazy to even see if what I said about Novell or other ds's is correct. Secondly, it's highly entertaining how ignorant you are about Windows in general. ROFL! There's a way to remove Control Panel for some users without using Active Directory or (lol) Ghost. Ghost doesn't work great for this. Should you need to change security settings, you're gonna reimage the machines?! ROFL! Have fun with that! I don't have time to sit around reimaging desktops, but you don't understand that. "Not got time to read millions of books about ds to get it to work, but you don't understand that." To know how to implement AD, you need to read one book, maybe two if you don't know general TCP/IP. I read seven books for MCSE 2000, and that was to gain knowledge well beyond just implementing Active Directory. Heck, one of those books was how to implement and admin Exchange, and another was strictly on security. So it's not the impossible, daunting task that you're making it out to be. If it were, no one would use AD. But it's by far the most widely used directory service. The reality is you won't even read one book. Lastly, there are these people called IT professionals. Kinda neat how it works. You PAY THEM to do these services for you if you don't have time or don't know what the heck you're doing. Granted, good ones aren't cheap, but they can do things that people like you can't, so that's why they get paid the big bucks. I don't know about you, but when my car breaks, I don't get rid of the car just because I can't fix it. I go pay a mechanic to fix it. Novel concept, eh? "Happy now?" Yep! Nothing like a little BBQ during the Labor Day weekend! "How many squirrels had to die to make you look fly?!"

0

You guys are fighting a loosing battle.. You're trying to tell someone how to fix something but it's just not sinking in. His mind's made up don't confuse him with facts. Do you get on a plane and fly it or do you have to go on endless courses (or whatever they go on) to fly and still have to go on more when new technology is applied to an aircraft? Do yoursalf a favour. Learn about AD etc etc or just leave it to the people who actually went through the time and effort to learn. Appologies for my post.

0

PS. Thanks heropsycho2177, your links helped me refresh my memory and solved a few problems. Was an IT engineer 4 years ago.. Amazing how much you forget especially when new systems/software is released. :)

0