Warning If this server is a domain controller, read this section and complete the hands−on part. If this server is a stand−alone server, read through this section, but dont do the hands−on part. Remember my discussions in Chapters 5 and 6 on the division of responsibility for Windows 2003 and Exchange 2003 management? If your organization wont let you touch
Active Directory, then much of this section will either be hands−off or have to happen on a test server. I do encourage you to go the test−server route. Even if youll never touch Active Directory in the real world, you need to understand it and how it works to do an effective job as an Exchange 2003 system manager.
Ive talked much about Active Directory in this book. Given its central role, I can think of no better place to start our exploration of Windows Server 2003. For now, well concentrate on users and computers, so lets open the tree for Active Directory Users and Computers. Figure 7.20 shows the domain container (mine is
bgerber.local) and its five default subcontainers. The Builtin container holds security groups created during installation. Any computers in your domain are placed in the Computers containerthat is, any computers except for domain controllers. These live in the Domain Controllers container. Because there is one and only one computer in your new domain and it is a domain controller, you should see nothing in the Computers container and just your new computer in the Domain Controllers container.
Figure 7.20: The Active Directory Users and Computers domain container and default subcontainers The ForeignSecurityPrincipals container holds security information for domains other than the current domain. These can be domains in the same forest or in another forest. Because you currently have only one domain, you shouldnt see anything in this container.
You will come to know and love the Users container. This is where you create Windows users and security groups. And after Exchange is installed, this is where you mail− and mailbox−enable Windows users and create Exchange contacts and distribution groups. This is the Windows Server 2003 equivalent of NT 4s User Manager for Domains. Figure 7.21 shows the Users container on my newly installed server. NT Server 4 users should have no difficulty identifying many of the users and groups in the container.
Figure 7.21: The Active Directory Users and Computer Users container
Heres how to create a new user. Right−click the Users container. Then select New > User from the pop−up menu (see Figure 7.22).
Figure 7.22: Creating a new user: step 1
Note Instead of right−clicking on objects in your MMC to view and select from your options, you can use the Action menu. See Figure 7.22 for the location of the Action menu. Just select an object and open the Action menu to see your options.
On the New Object − User Wizard, shown in Figure 7.23, fill in the First Name, Initials, and Last Name fields. The Full Name field is automatically filled in and shows the name in FIRST_NAME
MIDDLE_INITIAL LAST_NAME order. I edited the field so that the Full Name is shown as LAST_NAME, FIRST_NAME MIDDLE INITIAL. Next, enter the user logon name. The pre Windows 2000 (NT) logon name is filled in automatically (you can edit it, if you need to).
Figure 7.23: Creating a new user: step 2
Click Next, and enter a password and select any special options relating to the password (see Figure 7.24). Finally, review the information presented in the dialog box in Figure 7.25, and click Finish. Your new user shows up at the end of the list in the right pane of MMC. To get the list in correct alphabetical order, you might have to click the gray column header labeled Name in the pane at the right.
Figure 7.24: Creating a new user: step 3
Figure 7.25: Creating a new user: step 4
The new user account that you just created for yourself will be able to log into your domain and function with minimal rights. Windows Server 2003 comes equipped with some of the very best security features around. Well talk about some of them in later chapters. Suffice it to say that youll need to spend some time working out the details of your security system and implementing it.
Dont give your account any more rights than you would give a standard user. That way, youll be able to test to see whether a particular setup, such as Outlook client access to Exchange Server 2003, works for a typical user. When you need to do administrator−like tasks, log in as Administrator or as a user with just enough rights to complete a specific task. You can also use the Run As feature of Windows 2003 to run an application as a user with adequate rights to run the application. For example, to run a saved MMC as an Administrator when youre logged in to a different Windows 2003 account, find and right−click Start > All Programs > Administrative Tools and then the name of the saved MMC. Then select Run As from the pop−up menu. Enter the username, password, and Windows domain on the Run As Another User dialog box, and click OK to start the MMC.