Logic Development: Network Software

Configuring Your Active Directory Network

by Kevin Spaeth

Introduction

You have already created a basic Active Directory network and are now ready to take advantage of some of the more advanced features that Active Directory has to offer. This article will take you through an overview of utilizing these features and solving some basic common problems that network administrators have with their networks.

Configuring Your DNS

My begginer's article, "Getting Your Microsoft Active Directory Network Off the Ground", briefly talked about DNS and how to configure your client workstations to reference your domain controller as their DNS server. This is a crucial step to making your network run properly, failing to do this may result in slow login times and the inability to access some network resources. Most networks are private, and while they can access the internet, they are not generally accessible from the internet. Since this is the case, internet DNS servers will have no knowledge of the computers in your network and therefore will not be able to resolve computer names from your network into IP addresses.

This being the case, we need to configure the workstations on your network to reference your domain controller as their DNS server. To do this, go to the control panel on the workstation and access the network properties on. Open your LAN connection and go into the properties for the TCP/IP protocol. Once here you need to specify a DNS server in the bottom section of the screen. Click on the option to manually specify DNS servers, then enter the IP address of your server into the box. As a note, you may instead reconfigure your DHCP server to do this, but that is outside of this article.

Once you have your workstations configured to reference the domain controller as their DNS server. Everything should work fine on your local network, however, chances are that they will no longer be able to access the internet. This is because your domain controller will not be able to resolve www.google.com into 66.169.79.202. We need to configure your domain controller to do so. Go to your domain controller, open the Administrative Tools, and open the DNS program. When the program opens, right-click on your DNS server and go into Properties.

At the point, we will need to configure the DNS server to forward all queries that it does not know the answer to. This DNS server will know the IP addresses for local computers, but will not know that IP address for websites such as www.google.com and will need to forward these on to another server. So here we will click on the Forwarders tab. Towards the bottom of the screen we can enter an IP address of a DNS server to forward queries to, use the IP address the your internet service provider has given you. If you do not know these values here are some ones that I use: 199.202.55.2 and 66.169.79.202. These addresses are valid as I write the article, but at any point in time they could become inactive so it is best to use the ones your ISP gave you. Once the address is enter, click on the add button and hit ok.Now you workstations will be able to access local resources and the internet.

Sharing Folders on Your Network

One of the great advantages to having a network is to share files. Not only can you share files on a Microsoft Network, but you can also set permissions on those files to limit access to certain users. I would recommend doing all your file sharing off either the domain controller or another server on your network. I would recommend this since servers are usually running all the time meaning that your users will always be able to access the files. That being said, you can also follow these instructions on a client workstation.

To share a folder on the network, first you must have a folder that you want to share. It does not matter where this folder resides on the server. It could be on your desktop or on the root hard drive. Once you have created the folder, right-click on it and go into Sharing and Security. At this point you can click on the Share this folder radio button and give the share a name and optionally a description. If you would like to control who may access this share click on the permissions button. Right now everyone will have read access to the contents of the folder. You can remove the everyone account if you like and add in certain users. By checking of different permissions at the bottom, you can give them full control, read only, or change permissions.

Note that permissions on a share are very different from the security of the folder. The security of the folder is all encompasing and override the share permissions. So if you want to allow a user to access a share, they must also have access in the security tab of the folder or else the will not be able to access the share.

Sharing Printers on Your Network

If you would like to share printers on your network, the procedure is very similar to sharing folders. Right click on the printer you want to share and select sharing. You can then click on the radio to enable sharing and give the printer a name. You also have the option to publish drivers for workstations to use when they connect to your shared printer.

Unlike a shared folder, you do not have the option of setting the permissions on the share. However, you van set the general security on the printer to control user access.

Using Login Scripts

Now that you have files and printers shared on your network, you van take advantage of login scripts to automatically connect the resouces when a user logs in. A login script is a script that executes when the user logs in to a computer on the domain. This script is very flexible and can do almost anything that you want. You can automatically connect a printer to the computer when a certain user logs on, so if John Smith like to print to the printer down the hall you can automatically connect that printer to any computer he logs into.

You can also connect to shared folders by mapping network drives. A network drive is a virtual hard drive the connects to the shared file. For instance, I can define the k drive on the computer to point to the \\server1\myshare folder. Whenever the users wants to access the shared folder, all they have to do is open the k drive. Below I have a sample login script that will automatically connect a printer and map a network drive.

Dim wshNetwork
Set wshNetwork = CreateObject("Wscript.Network")
wshNetwork.MapNetworkDrive "k:", "\\server1\myshare"

PrinterPath = "\\server1\myprinter"
PrinterDriver = "HP LaserJet 6P"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
WshNetwork.SetDefaultPrinter "\\server1\myprinter"

To utilize this login script, the first thing you need to do is save it as a vbs file on your computer. I would just copy and paste the code into notepad and save it as logintest.vbs. Once you have the file saved, then you will need to copy it into the proper folder on the server and tell the Active Directory to use it as a login script.

First, while your file is on your screen, copy it. Right-click on the file and select the copy option. Next, open Active Directory Users and Computers in the Adminitrative Tools. Right-click on the domain or an organizational unit and click on properties. Click on the Group Policy tab which will list the Group Policies. If one exists already, click on the edit button, otherwise click new to make a new one, then click edit to edit the policy.

Once you are in the Group Policy Editor, click on the User Configuration on the left side and select Scripts (Logon/Logoff). Double click on the Logon. In the ensuing dialog hit the add button, click on the browse button, then right click in the white area and paste the script that you copied earlier. Click on the open button to select the script, then click the ok button. Now the script is added into the Group Policy for either the whole domain or for an organizational unit. Users who login will have access to printers and/or mapped network drives, just make sure the referenced printers or shared folders acutally exist.

Conclusion

Your users can now start to access the internet and network resources on your network. You have facilitated this by connecting printers and mapping network drives via login script. This setup that we have completed will meet the needs of more than 90% of your users for a descent running network.