March 09, 2005
Once you've contacted firstname.lastname@example.org to join the ADSTEST domain, there are a few simple steps to get you on your way. Step #1 is to setup Kerberos so you can log in using your campus ID and password:
C:\> ksetup /addkdc INS.CWRU.EDU KERBEROS.CWRU.EDU
C:\> ksetup /addkdc INS.CWRU.EDU KERBEROS2.CWRU.EDU
C:\> ksetup /addkdc INS.CWRU.EDU KERBEROS3.CWRU.EDU
C:\> ksetup /addkpasswd INS.CWRU.EDU KERBEROS.CWRU.EDU
C:\> ksetup /mapuser * *
The ksetup.exe tool is part of the Windows XP Service Pack 2 Support Tools or can also be found in the SUPPORT.CAB file on your Windows 2000/XP/2003 install disc.
Next, join the computer to the ADSTEST domain.
1. Go to the System Control Panel and click on the "Computer Name" tab.
2. Click the "Change" button. Set the domain as "adstest.case.edu"
3. Click the "More" button. Set the Primary DNS suffix of the computer to "case.edu" and uncheck the box labeled "Change primary DNS suffix when domain membership changes".
Reboot and you should now be able to log onto the machine either with your OU Administrator account into the ADSTEST domain or with your campus ID & password using the INS.CWRU.EDU Kerberos Realm. Follow the same procedure for subsequent machines, except you MUST first pre-create the computer object in the Organizational Unit you'd like it to reside in. To do this and administer other aspects of your Organizational Unit install the following tools on atleast one machine:
Download the Windows Server 2003 Service Pack 1 Administration Tools Pack which will add the Active Directory Users and Computers Control Panel to your system (among others). Next, download and install the Group Policy Management Console, which requires the .NET runtime to be installed. Installing .NET took me several reboots; After installing the .NET runtime a service pack appeared in windows update, and then on the second reboot a security update for the service pack appeared. This adds the "Group Policy Management" control panel, which along with the Active Directory Users and Computers Control Panel are pretty much all you need.
Posted by djc6 at March 9, 2005 08:22 PM
TrackBack URL for this entry: