Windows 2000 Domain Setup

Posted on 2002-06-24
Medium Priority
Last Modified: 2010-04-13

I'd like to setup a domain, currently on the network everyone has their own admin usernames an and passwords, and there is no domain controller. I want to create a domain in which the file server controls the domain. The domain will just be for those shared files. But I also want the uses to still log onto Administrator on their local machine and log onto the domain of the file server. Also while making sure it works under netbui. How would I go about doing this?
Question by:anolith
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 96

Expert Comment

by:Lee W, MVP
ID: 7105162
Run DCPROMO from the 2000 server.  Setup a domain with the wizard that presents itself.  If your network doesn't have have an internet connection that's always on (DSL/Cable/T1/etc) and/or you only have one server, setup the domain to use the domain name "mycompany.local" or something to that effect.  

I strongly advise against making your users domain admins or giving them admin access to the server, but if you must, add them to the domain admins group from the Active Directory users and computers application once the domain is setup (It may actually add them for you if they already have local accounts).  The domain admins group has administrative rights to all computers in the domain.  So any user has admin rights to any domain machine (unless you take the domain admins group out of the local admins group on the workstations).

If you want to simply have the workstations allow users to be administrators, then add the "domain users" group to the local administrators group and all domain users will have admin rights on the workstations while NOT having admin rights on the server.

You will also have to configure each computer to participate in the domain.  This is a simple process of going to each computer and going to the system control panel (right clicking the "my computer" icon) and going to the network Identification tab.  From there, click the Properties button and on the window that appears, change the setting for "member of" from Workgroup to Domain, entering the domain name you used.  You'll then be prompted for an administrator password (administrators must approve computers joining the domain - this is how it's done) and then a moment later, you'll be in the domain.  The computer will now be setup for domain usage.

You will likely need to install and configure TCP/IP - NetBEUI is non-routable, broadcast based, and old.  Windows 2000 domains rely heavily on DNS which REQUIRES TCP/IP.  If you install DHCP on the server, it can hand out IP Addresses to each system so client configuration is minimal, but you need to setup DHCP first, which, if you're not an experienced TCP/IP person - and even if you are - it might be difficult and/or confusing.

If you don't install DHCP, you just have to manually configure each workstation.  I recommend the following settings:

IP Address 192.168.0.x (where x is unique to each machine and a number between 1 and 254).

Subnet Mask

You can leave all other settings blank.

Note: this will obviously limit you to 254 computers on your network - but if you don't have a domain and aren't using TCP/IP already, you probably only have 5-15 computers on the network.

There are ways to expand the number of computers beyond the 254 limit, but they generally require a router or might otherwise significantly increase broadcast traffic on the network (If you set the subnet mask to you could have somewhere around 65000 computers on the network, but because TCP/IP also does some broadcasting, this would cause serious collisions and network performance issues - if you had that many machines on one subnet).

Author Comment

ID: 7105305
So will users have a separate username/pass configured on the domain? And then entered in the Windows Network ID page?

Author Comment

ID: 7105311
Also is it a "no no" to host the domain on the file server itslelf?
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

LVL 96

Accepted Solution

Lee W, MVP earned 200 total points
ID: 7105479
Yes, the idea behind a domain is to allow ONE user name and password to be used on all domain computers.  It allows much greater security and user's don't have to remember "was my password this on this computer or that on that computer?"  You may have to setup the accounts manually for your users, but once done, you only need to make an account on the domain - you never again have to create accounts on all the other computers.  

In your case I wouldn't worry about the file server being your domain controller (as you describe it, host the domain).  There's very little overhead involved in running the domain, especially for a network as small as yours (again, I'm assuming it's small if your working in a workgroup - HOW MANY COMPUTERS and USERS?)

I manage a 800 users/800 computer domain and my domain controllers do other things and there's no problem with performance.

Of course the more you host on one machine, the greater the catastrophe if that system goes down, but that's about the only reason I'd be concerned.

Expert Comment

ID: 7105502
It's all about the power. If your server can handle doing both things, then go for it. It will save you money. You will have to weigh how much activity your server is doing and what your hardware is.

If you are transferring and using HUGE files all day back and forth to the server, it is the Domain controller for 1000 clients, Its a Pentium III 500 Mhz, and it's storing almost a Terabyte of data, then yes, that is a BAD thing.

If you are using a dual Xeon 2 Ghz with 4GB of RAM server with Gigabit Ethernet, 20 Clients, and storing only 40GB of data, then that would be no problem for it at all!

It will depend on your complete scenario.

Author Comment

ID: 7105823
Thank you for all your help, I really appreciate it. One more thing. . . are you absolutely sure that netbeui won't work once this domain is setup. Will it absolutely not work with netbeui?

Expert Comment

ID: 8963070
---- CLEAN UP ----

No comment has been added lately (392 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

RECOMMENDATION: [ Award points to leew ]

Please leave any comments here within the next seven days.


Rajiv Makhijani
EE Cleanup Volunteer

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question