Active Directory - Migrating workstation clients to the ENG OU

Revised 11/28/2003, sr

 

  1. Domain structure

a.       Active Directory (AD) child domain = irm.ad.fau.edu

b.      Tier 1 Organizational Unit (OU) = ENG

c.       Full path of ENG OU = irm.ad.fau.edu/FAU/ENG

 

  1. Requirements to join clients to the FAU Active Directory

a.       Windows 2000 and Windows XP clients only

b.      Client hostnames must be added to the Active Directory prior to joining the client to the AD

                                                               i.      Primary method

1.      Hostnames added remotely to an OU from the client (on site)

2.      http://tssrv.fau.edu/tsweb/

3.      IE 5.01 or higher required at client

4.      These procedures are based on this method

                                                             ii.      Backup method

1.      Hostnames added prior to going to the client from a dedicated AD Console

2.      Dedicated AD Console requires Windows 2000 workstation (or server) with Windows 2000 Server Admin Pak installed

 

  1. Add workstation hostname to the ENG OU

a.       Open Internet Explorer

b.      Login to the AD Console

                                                               i.      http://tssrv.fau.edu/tsweb/

                                                             ii.      Server: ADCON.FAU.EDU

                                                            iii.      Username: enter your AD user account

Login to: IRM

c.       Active Directory Users and Computers will run automatically

d.      Navigate to irm.ad.fau.edu/FAU/ENG/subdir

e.       Add client workstation to subdir

                                                               i.      Right-click, then click -> New -> Computer

1.      Computer name: hostname (enter hostname of  the client)

2.      Click Change…button to change group

a.       Name: ENG-GRP-ADMIN

                                                             ii.      Accept all other defaults

                                                            iii.      Set description for computer (right click on the new machine name)

1.      Format is XXX-YY-####

a.       XXX = WS (for workstations)  SRV (for servers)

b.      YY = 2-letter building code  (SE  or EG)

c.       #### = Room number

d.      Examples: WS-EG-231, SRV-SE-433a

Migration Procedures

 

  1. Login as LOCAL administrator

 

  1. Update Userinfo.txt file on client

a.       Use web form at http://acstech.fau.edu/userinfo.htm

b.      Save the confirmation page as a Text File (*.txt) C:\Irmadmin\Userinfo.txt

 

  1. Remove client from the old domain

a.       Join to WORKGROUP

b.      DO NOT RESTART

 

  1. Change hostname (to new DNS naming convention, if old format exists)

a.       DO NOT RESTART

 

  1. Update DNS: http://www.ecs.fau.edu/dns.html

 

  1. RESTART

 

  1. To join client to the ENG OU :

a.       Login as an administrator

b.      Configure Advanced TCP/IP Settings as follows:

 

 

 

                                                               i.      DNS settings

1.      DNS server search order

a.       131.91.131.67

b.      131.91.131.16

2.      DNS Suffix for this connection: irm.ad.fau.edu

3.      Check Register this computer’s address in DNS

4.      Check Use this connection’s DNS suffix in DNS registration

 

c.       Configure WINS settings (in this order)

                                                               i.      131.91.128.238

                                                             ii.      131.91.130.201

 

d.      Force a dynamic update with the DNS

                                                               i.      Go to a command prompt and type ipconfig /registerdns

 

e.       Join workstation to AD child domain: irm.ad.fau.edu

                                                               i.      User name: username (where username is your ENG Support Group or ENG Admin Group account)

                                                            ii.      password

 

f.        RESTART when prompted

 

g.       Login as an administrator

 

  1. Define Local Administrators group (user and group accounts) as follows:

 

a.       Add IRM domain groups to local Administrators group

                                                               i.      IRM\ENG-GRP-ADMIN

1.      Members are ENG AD admins (IRM accounts)

                                                             ii.      IRM\ENG-GRP-SYSADMIN

1.      Members are ENG AD admins (FAU accounts)

 

b.      If present, delete all other groups, except for local admin.  Might include:

                                                              i.      IRM\Domain Admins

                                                            ii.      Irmadmin (local Administrator)

 

 

  1. Define Local Users group (user and group accounts)

a.       Add proper group, such as ENG-GRP-DEAN; ENG-GRP-EE

 

b.      ** IMPORTANT – SECURITY

                                                               i.      REMOVE IRM\Domain Users from local Users group

                                                             ii.      REMOVE NT AUTHORITY\Authenticated Users

                                                          iii.      REMOVE NT AUTHORITY\INTERACTIVE

 

  1. **** WIN2K ONLY **** (Skip this step for WINXP)

      IMPORTANT -  Set time on WIN2K (only) systems to synchronize with AD      server

a. From the command prompt, type

net time /setsntp:bocdcfau01.ad.fau.edu

 

  1. IMPORTANT – Verify time synchronization

a.       Change time settings to test

                                                               i.      For both WIN2K and WINXP systems:

1.      At Clock (a lower-right corner of Desktop)

a.       Temporarily change time

b.      Verify time settings

                                                               i.      If WIN2K system

1.      At the command prompt, type w32tm –s

2.      Verify reply:

RPC to local server returned 0x0

3.      At Clock, verify has changed back, to reflect server time

 

                                                             ii.      If WINXP system

1.      At the command prompt, type net time /set

2.      Do you want to set the local computer’s time to match the time at \\BOCDCIRM01? (Y/N) [Y]: Y

3.      At Clock, verify has changed back, to reflect server time

 

Appendix

 

  1. How to confirm client is registered in the Active Directory
    1. From the command prompt, type nslookup

                                                               i.      Type server bocdcfau01.ad.fau.edu

1.      Verify reply:

Default Server: bocdcfau01.ad.fau.edu

Address: 131.91.128.89

                                                             ii.      Type hostname.irm.ad.fau.edu (where hostname is the computer’s host name)

1.      Verify reply:

Server: bocdcfau01.ad.fau.edu

Address: 131.91.128.89

Name: hostname.irm.ad.fau.edu

Address: 131.91.xxx.xxx

    1. If the hostname does not immediately register, repeat verification until registration is confirmed
    2. If the hostname continues to not register properly, troubleshoot accordingly (i.e., check active network connection, DNS settings, WINS settings, etc)
    3. Upon confirmation of registration, exit command prompt