I have a couple of questions about Active Directory.
I want to have sperate groups of users in AD who would receive different group policies, would I do this by creating organizational units? Ultimatately I would like to have different departments receive different group policies.
One of my problems is logon scripts, the Administrator account receives the same logon script as all of the user accounts. This could be a potential problem for me.
--------------------------------------------------------------------------------------
Maybe some knows this question also. I am trying to change the local administrator account for all of the workstations on the domain I administer by using the net command "net user Administrator password". I would like to put this in a logon script. The problem is this script gets run when I logon to one of the servers using the domain Administrator account. If I type in "net user" on the domain controller for example it lists all of the users accounts in active directory for the domain. I thought that local user accounts were disabled on a domain controller. Why then does the "net user" command give results. Can I use the "net" command to change accounts on the domain controller?
Thanks,
DMS
For Login Scripts, I'm still using the old "Profile" tab in the user properties. However, you can assign login scripts in a GPO as well, so all you need to do is make your administrator accounts members of a different OU.
Another neat trick that GPO's allow you to do is automatically rename the local administrator account on all your workstations.
On a domain controller, ALL accounts are effectively "local" accounts, since "Local" in the context of the domain controller is the domain.
When you say that you want to "Change" the administrator account, what exactly are you trying to do?