Window Server 2003 Create Manage Computer Accounts in Active Directory Envir.

  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |

Create/Manage Computer Accounts in Active Directory Environments: Computer accounts are unique in the Windows Server 2003 domain and are used by Windows Server 2003 to allow users to login to the domain and authenticate, as well as for auditing the use of network resources and devices. Computer accounts are not assigned to older legacy operating systems such as Windows 95 or Windows 98 machines. Administrators can add, delete, reset or disable computer accounts. 

Active Directory Users and Computers console: The Active Directory Users and Computers console can be accessed on a Windows Server 2003 machine running Active Directory by using the following steps:
1. Click on Start.
2. Click on Administrative Tools.
3. Select Active Directory Users and Computers.
4. Open the organizational unit (OU) or domain you wish to manage.
5. To create a new computer account just right-click in the OU or Domain and select the New.

Creating a new computer account using the Active Directory Users and Computers console: After this you will have the option to enter a computer name for the new computer. Naming the Computer. Enter a name for the computer and, if needed, change the default user or group to one that has the right to add the computer to the domain by selecting the Change option. Select the Next option and a screen. It gives you the option of entering managed information, if the computer is a managed computer. Select Next and the computer will be added to the OU or domain you selected in Step 1.Final step to add a new computer using the Active Directory Users and Groups console.

Pop Quiz Questions:
1. How do you change a profile from normal to mandatory?
2. What is the difference between a local profile and a roaming profile?
3. What is a temporary profile and when is it used?
4. You are running a Windows 98 machine on a Server 2003 network. Does it have a computer account?
5. What tool does an Administrator use to add or disable computer accounts?

Pop Quiz  Answers:
1. To change a profile from normal to mandatory, simply rename the Ntuser.dat to
2. A local profile is stored locally on the machine, and is applied only when the user logs onto that machine. A roaming profile is stored on a server and "follows" the user; no matter what machine the user logs onto, the profile is applied.
3. A Temporary User Profile is only used in the event that the local user profile or server-side profile cannot be loaded on the client machine. This profile behaves much like the mandatory user profile inthat all changes that are made to a machine are lost after the client has logged off. The temporary profile is also deleted once the client has logged off of the machine.
4. No. Computer accounts are not assigned to older legacy operating systems such as Windows 95 or Windows 98 machines.
5. Administrators can add, delete, reset or disable computer accounts by using the Active Directory Users and Computers console.

Create and manage groups: In this section, we will discuss how you create and manage groups using Group Scopes in Windows Server 2003 and Active Directory. Some of the key points covered are:
• Active Directory group types,
• Active Directory group scopes, and
• Modification of group scope.
In the old days of NT4 domain administration, there were two group scopes that could be created in User Manager for Domains. You could either make a global group or a local group, and that local group was
essentially a shared local group-it could be used on any domain controller, but only on a domain controller.
Identify and modify the scope of a group: With Active Directory, we now have two types of groups and three different scopes of groups, each with their own advantages and limitations. Figure 1.5 shows the New Object dialog box.

Creating a User Group using the Active Directory console:
There are three scopes of groups. Each scope has its advantages, as well as having limitations. Again, for the purpose of this discussion, we will only be talking about group scopes in Active Directory, rather than also discussing the groups that can be created on any non-domain controller. The three group scopes in Active Directory are:
• Universal,
• Global, and
• Domain.

The scopes apply to both security and distribution type groups.
The two types of groups are security and distribution. Distribution groups are used in the same way distribution lists are, while security groups are what we use for managing resource access and other security related functions. This article will focus on security groups, as distribution groups are more appropriately covered when studying Exchange Server 2000. There are two ways of identifying the scope of a group in Active Directory Users and Computers. One is to find the group in its container, where you will see information similar to what is displayed inIdentifying image scopes using the Active Directory User and Computers console. Note that the type column lists both the type and scope for the group. You can also open the properties for the group. Using this method you can also perform various management tasks.  general tab of the properties

Jada Brock-Soldavini is author of book InsideScoop to Windows Server 2003 Certification Examination 70-290 Managing and Maintaining a Microsoft Windows ServerTM 2003 Environment. Jada works for the State of Georgia as a Network Services Administrator. She has co-authored or contributed to other numerous works pertaining to Microsoft Windows technologies. In her spare time she enjoys cooking, writing and reading anything that pertains to Network and Security technology. To buy my book, please visit

Article Rating (2.5 stars):
  • article full star
  • article full star
  • article half star
  • article no star
  • article no star
Rate this Article:
  • Article Word Count: 857
  • |
  • Total Views: 8473
  • |
  • permalink
  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |