User setup on a windows 2003 server

Posted on 2007-04-10
Last Modified: 2013-12-27
How are users setup on a windows 2003 server?  Are they added into groups? How do user profiles work on a widows 2003 server?  
Question by:mutec1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18884376
How is your server setup?  A domain or workgroup?

Author Comment

ID: 18885371

Accepted Solution

Nishant_pritam earned 250 total points
ID: 18887842
In domain invironment users are added to Active Directory (AD) and they can login from any computer which is a part of that domain. First of all I am telling you hou to add a user account to AD. As you might noticed that after making your windows 2003 server a domain controler you cannot add user from computer management => Local users and group, now you have to add users from “Active Directory Users and Computers” manegment console. Here are the steps

Login to the server with administrator account

Click Start, highlight "Administrative Tools" and select "Active Directory Users and Computers”
Now, expand your domain name on the left side, and go to the bottom where it says "Users".  Once you click on that, you will see all of the automatically created users; you will also see all of the users you made before you made your server a domain controller - that's because they all stay through the promotion to DC.  Anyway, to add a user, you can right click the "Users" folder on the left side, or the blank area on the right side, and highlight "New" then click "User"

In the next dialog we can set the user's First name, Last name and various other pieces of information, including their log-on name, and domain to which we want to add them

After clicking "Next" you are presented with the password-settings screen.  You can set the user's password and then have them change it on their first log-on by selecting "User must change password at next logon".  Or you can user set their password, and not allow them to ever change it without asking the administrator to change it for them (commonly this is done for shared account).

In the next dialog, we get a summary of the user to be created.  Click "Finish" and the user has been created

Now to logon with this account you have to join other computers in your network this domain. Here are the steps to joining a Windows XP computer to domain.

Click Start, right click "My Computer" and click "Properties"

Go to the "Computer Name" tab and click "Change..."

Select the "Domain" radio button then put in your domain name, not including the. Extension (for if example If your domain name is "test.local" than when joining the computer to a domain, you will only type "test")

Press "OK".  Then you will be presented with a user name and password prompt.  Enter the user name and password of a Domain Administrator

Press "OK" and after a minute or two you will receive a message welcoming you to the domain.  Then you will receive a message telling you that a reboot is required; click "OK" to that, and the properties window.  Then click "Yes" when you are prompted to reboot.


After the XP computer boots to Control-Alt-Delete you may need to change it from logging onto itself (which will use the local info) to logging onto the domain.  To do this, press Ctrl-Alt-Del, then the "Options >>>" button on the log on screen.  Then select the domain from the drop-down box
Some things to note about adding a Windows XP computer to a domain are the following:
•      You need Windows XP Professional to join a XP computer to a domain.  Home can't be used fully for this
•      You will loose the "fancy" log on screen and you will receive the "classic" log on screen instead.  This is for security and cannot be changed, unless you revert to workgroup mode
•      You will loose the "Fast User Switching".  This cannot be restored, except by reverting back to workgroup mode.
To add users to group open "Active Directory Users and Computers” management console nevigate and select that user, right click on it select properties
Click on member of TAB now you can add this user to as many groups as you want, alternatively you can choose members from group properties. Profiles are by default stored locally you can store them on server by creating a roaming profile.
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.


Author Comment

ID: 18890666
Not sure how groups are setup and how users are added to those groups.
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18890714
In the future if you provide a context in the question and details you could have answers faster.

Author Comment

ID: 18890919

Expert Comment

ID: 18895656
Once Windows Server 2003 is installed and promoted to a domain controller several default domain local groups are created. Each of the groups are automatically assigned certain rights and adding a user to one of these built in groups will give them the right to perform specific tasks. You can use these default groups or you can create new ones based on your administrative model and practices. If you do add a user to one of these groups, make sure to review the rights assigned to them before hand to ensure you aren’t giving a user more administrative power than they need.

The default domain local groups within the Built-in container are described below.

Account Operators: Members of the account operators group can create, modify, and delete user, group and computer accounts with the exception of those accounts located within the Built-in folder and the Domain Controllers OU.

Administrators: Members of this group have full control within the domain.
Backup Operators: Members of this group can backup and restore data on all domain controllers within the domain.

Guests: Members of this group have limited access to the network.
Incoming Forest Trust Builders: Members of this group have the right to create one-way incoming trusts to the domain.

Network Configuration Operators: Members of this group can make changes to TCP/IP settings on all domain controllers within the domain.

Performance Log Users: Members of this group have access to schedule logging of performance counters on all domain controllers within the domain.

Performance Monitor Users: Members of this group have the right to monitor domain controllers.

Pre-Windows Compatible Access: This group if for backwards compatibility with Windows NT 4.0. Members of this group have read access on all user and group accounts within the domain.

Print Operators: Members are permitted to administer all domain printers.

Remote Desktop Users: Members have the right to remotely logon to domain controllers.

Replicator: This group is used by the file replication service to support directory replication.
Server Operators: Members of this group have the right to administer servers within the domain. They can perform tasks such as backup and restore data, log on locally, stop and start network services, format hard drives, and shut down the system.

Users: Members of this group have limited ability within a domain.


Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
disable USB on Dell Printers 14 82
SMPS issue 1 72
Battery Backup unit (Cyberpower CPS1500AVR) Battery Testing 20 157
base to cord ratio 3 48
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question