When first log in as administrator, a window comes up with "Configure Your Server". You can also access this through Start-Programs-Administrative Tools-Configure Your Server.

First question is whether this is the only server on the network. I tried checking "This is the only server", but got an error message saying that it found other servers on the network. These must be the other Windows 2000 machines. So I ended up checking "One or more servers".

The big thing to know about domain controllers is Active Domain. This is what you need to set up to change the machine from a plain old Windows 2000 computer to a Domain Controller. So start the Active Directory Wizard because I don't know enough about it to run it by myself.

Here are the items I checked at each question:

Domain controller for a new domain

Create a new domain tree
I tried Create a new child domain in an existing domain tree, using uchicago.edu as the existing tree and shop1 as the new domain. This didn't work and I think it's because shop1 is the name of the machine that server was installed on. If I had used a name like elecshop, everything probably would have been ok. Alas, I only thought of this after everything was done.

Create a new forest of domain trees

Type the full DNS name for the new domain: elecshop.uchicago.edu

Domain NetBIOS Name: ELECSHOP

Active Directory Database: c:\winnt\ntds

Active Directory Log: c:\winnt\ntds

Sysvol folder: d:\winnt\sysvol (on D because it has to be an NTFS volume)

The message "The wizard cannot contact the DNS server that handles the name "elecshop.uchicago.edu" to determine if it supports dynamic update. Confirm your DNS configuration or install and configure a DNS server on this computer" apppears. So I say "Yes install and configure DNS".

Permissions compatible with pre-Windows 2000 servers

Admin's password for when the computer is started in Directory Services Restore Mode is the same as always

Some stuff runs and the machine reboots. When it comes back, you can now log in to ELECSHOP domain.

Summary of above
Start-Run-mmc
Console-Add/Remove Snap-in-Add-double click Group Policy snap-in
Browse for the group policy object and then double-click the folder for the domain controller
Double click Default Domain Controllers Policy, click Finish, Close, OK
Default Domain Controllers Policy-double click Computer Configuration, double click Windows Setting
Double click Security Settings-double click Local Policies
Double click User Rights Assignment, double click Log On Locally, click Add
Click the users or groups you want to add-OK-OK
Console-Exit-NO (You don't have to save the console settings for the change to take effect)

In Windows 2000, you have Resources, which are printers, drives, etc. Then you have Resources Access Groups, which is how you assign permissions to the resources. Next, you have User Groups, which is how you sort the users into the resource access groups. Finally you have the users. So our current setup is:

Resources Access Groups: cdflocal, atlaslocal, edglocal - Domain local
User Groups: cdf, atlas, edg - global
Users: Put into either cdf, atlas or edg

When granting permission to log on locally, the groups that you want to add are cdflocal, atlaslocal and edglocal.

Solution: Write a logon script in VBscript to do this

Script logon.vbs

'LOGON.VBS
'Logon script for users on domain ELECSHOP

'by Mary Heintz June 26, 2001

Dim WshNetwork
Dim Drive1, ShareDrive1
Dim Drive2, ShareDrive2
Dim PrinterPath1, PrinterDriver1
Dim PrinterPath2, PrinterDriver2

Set WshNetwork = WScript.CreateObject("WScript.Network")

'Map drive software to S for software and drive data to U for users
Drive1 = "S:"
ShareDrive1 = "\\shop1\software

Drive2 = "U:"
ShareDrive2 = "\\shop1\data"

WshNetwork.MapNetworkDrive Drive1, ShareDrive1
WshNetwork.MapNetworkDrive Drive2, ShareDrive2

'Set up all printers on shop1 for all users
'

PrinterPath1 = "\\shop1\plotter"
PrinterDriver1 = "HP DesignJet 750C"

WshNetwork.AddWindowsPrinterConnection PrinterPath1, PrinterDriver1

PrinterPath2 = "\\shop1\DeskJet"
PrinterDriver2 = "HP DeskJet 1220C"

WshNetwork.AddWindowsPrinterConnection PrinterPath2, PrinterDriver2

Note that this script still needs to be modified to not add the printers if the user is logging in on shop1 because this is where they are physically connected. As is, this script generates an error when it is run on shop1.

Solution: Set up roaming profiles

First create a directory on \\shop1\data called profiles. Start-Programs- Administrative Tools-Active Directory Users and Computers. Under the Users heading, double click on the user name, select Profile and put in the Profile Path: \\shop1\data\profiles\%username%

Solution: Redirect My Documents to the users home directory

For this to work, the home directory has to be a shared directory. For us, our share is \\shop1\data. Bring up Active Directory Users and Computers. Right click on elecshop.uchicago.edu and bring up Properties. Click Group Policy. Then highlight Default Domain Policy and click Edit. Go to User Configuration- Windows Settings-Folder Redirection. Right click My Documents and bring up Properties. Change the Setting to Basic-Redirect everyone's folder to the same location and the target location to \\shop1\data\users\%username%. Now when ever a user saves to My Documents, it's actually saved to \\shop1\data\users\, which is the home directory of the user.