Hey all,
Why does my network suck?? Or, how can you help me make it better?
This is basically a test environment to learn the ins and outs of networking in an active directory environment. The picture is a little off, but nothing is too radically different (no slave AD/DNS server). All servers (save the web server and VOIP server) are Windows 2003 (Enterprise, I think, if that makes a difference), and all interconnecting devices are 10/100Mb switches.
Ok, our problems:
We were given the false glimmer of hope that we *might* get internet access this year. Nope. Under this pretense I assigned IP ranges of 192.168.2.x for the top level network (the named computers) and 192.168.1.x for the lower computers, with a subnet mask of 255.255.255.0 for both. Kudos if you spot the error.
So we sat for weeks not being able to figure out just why the two active directory servers could not establish a trust between them. I finally discovered the subnet was wrong, and set the IP ranges to 199.199.199.x and 199.199.198.x with a subnet of 255.0.0.0. Just FYI, we were told why subnets were used, but never how to calculate them like that. What's worse is the teacher didn't even catch it. UGHH!
However, now none of the workstation computers can log on or find their roaming profiles.
I temporarily put all the machines into a workgroup while the servers are sorted out, but they still try to synchronize their profiles! it's infuriating... takes ages to log in or out.
I first tried deleting the domain within the existing AD server and creating new DNS forward and reverse lookup zones. No dice, however with that done we can ping machines by their name and not just by IP.
I then tried removing all of the server roles and going through the "set up your server for the first time wizard." That didn't help things either... whenever we tried to join the domain it always gave an error like "semaphor time expired" or the like.
At the end of class the machine was reformatted and there's a Windows 2003 server waiting with a clean slate.
Now the questions:
What should I do to get an Active Directory server up and running? So far outside of wizards I've done nothing.
What are good practices in maintaining users? Currently we make OU's specific to the group of users (LAN Admins or Networking) and add in new group polices for them.
What groups should users be made part of if they need full control (i.e. changing the IP and the like) over their own computers? Administrators and Domain Admins?
How, specifically, can I set up a trust between two domains? Is the wizard the only option? Last year we did the SAME EXACT THING in the last month of school, and everything worked PERFECTLY.
Admittedly, we've received absolutely no training on the subject matter nor do we have a knowledgeable teacher to guide us. The class is supposed to teach us these things (as per the class description) but that is just not the case.
Why does my network suck?? Or, how can you help me make it better?
This is basically a test environment to learn the ins and outs of networking in an active directory environment. The picture is a little off, but nothing is too radically different (no slave AD/DNS server). All servers (save the web server and VOIP server) are Windows 2003 (Enterprise, I think, if that makes a difference), and all interconnecting devices are 10/100Mb switches.
Ok, our problems:
We were given the false glimmer of hope that we *might* get internet access this year. Nope. Under this pretense I assigned IP ranges of 192.168.2.x for the top level network (the named computers) and 192.168.1.x for the lower computers, with a subnet mask of 255.255.255.0 for both. Kudos if you spot the error.
Code:
11000000.10101000.00000010.x
11000000.10101000.00000001.x
11111111.11111111.11111111.00000000
So we sat for weeks not being able to figure out just why the two active directory servers could not establish a trust between them. I finally discovered the subnet was wrong, and set the IP ranges to 199.199.199.x and 199.199.198.x with a subnet of 255.0.0.0. Just FYI, we were told why subnets were used, but never how to calculate them like that. What's worse is the teacher didn't even catch it. UGHH!
However, now none of the workstation computers can log on or find their roaming profiles.
I temporarily put all the machines into a workgroup while the servers are sorted out, but they still try to synchronize their profiles! it's infuriating... takes ages to log in or out.
I first tried deleting the domain within the existing AD server and creating new DNS forward and reverse lookup zones. No dice, however with that done we can ping machines by their name and not just by IP.
I then tried removing all of the server roles and going through the "set up your server for the first time wizard." That didn't help things either... whenever we tried to join the domain it always gave an error like "semaphor time expired" or the like.
At the end of class the machine was reformatted and there's a Windows 2003 server waiting with a clean slate.
Now the questions:
What should I do to get an Active Directory server up and running? So far outside of wizards I've done nothing.
What are good practices in maintaining users? Currently we make OU's specific to the group of users (LAN Admins or Networking) and add in new group polices for them.
What groups should users be made part of if they need full control (i.e. changing the IP and the like) over their own computers? Administrators and Domain Admins?
How, specifically, can I set up a trust between two domains? Is the wizard the only option? Last year we did the SAME EXACT THING in the last month of school, and everything worked PERFECTLY.
Admittedly, we've received absolutely no training on the subject matter nor do we have a knowledgeable teacher to guide us. The class is supposed to teach us these things (as per the class description) but that is just not the case.