[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 340
  • Last Modified:

Adding inital users to Active Directory

I am setting up a server in Windows 2008 Server.  Initially, I had not set up Domain Controller as a role for the server, not realizing that the users would then be forced to be local rather than members of a domain.  When I realized this mistake after adding several users, I added Domain Controller as a role, but now I have a catch 22 because it won't let me add users to Active Directory unless I am a Domain User, and there are no Domain users.  What do I do to add a user?  Also, is there any way to transfer local users to the domain?
0
mandbru99
Asked:
mandbru99
  • 6
  • 5
  • 3
1 Solution
 
Chris DentPowerShell DeveloperCommented:

> unless I am a Domain User

You mean a domain administrator?

Who did you install AD with? Can you log onto the server?

> Also, is there any way to transfer local users to the domain?

Duplication of the account can be scripted, but if you only have a very small number if would be far quicker to just create them manually.

Chris
0
 
AmericomCommented:
When you first install the win2k8 server, if you use the account Administrator, and create local users you would have local users account as you have indicated. If you on the same server now used the account Administrator and promote your server to a domain controller, you would have a new Active Directory database. You need to logon with the same account Administrator to the same server which is now a domain controller and no option for you to logon to a computername but a domain name. Once you logged with this account, you then can create admin account as well as users account. By default this Administrator account is a member of the Domain Admins group whcih have full access to your Active Directory database. To create initial users, computer, or groups accounts, use OU to organize them. Like create an OU call "CompanyName Users" and place all the user account there. You can further organize them by sub-OU etc. Do the same for Computer accounts etc. This is the best time to organize your Active Directory objects to avoid a big mess wthin no time. If you keep this organized, you will be ahead of the game moving forward when comes to administration such as GPO etc..which I'm sure you will get into later.
0
 
mandbru99Author Commented:
So yeah, I guess the message it gives me is that it needs to be a domain user with administrative privileges.  I am able to log onto the server, but only as a local user, not as a user on the domain.  Active Directory was installed with a local user (jdberman) with administrative privileges.
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
AmericomCommented:
By default, a domain user cannot logon locally or via terminal session. So if you can logon as a domain user the the user account must have domain administrative rights. According to your description, jdbergman have admin right and should be able to logon locally or remotely and be able to create account etc.
0
 
mandbru99Author Commented:
The computer does not allow me to log on as Administrator or any other user name to the domain -- only the local computer.
0
 
AmericomCommented:
The computer we are talking about is the computer you installed the active directory on? If so, there is no computername where you can logon to. It should be only a domain as it is a domain controller once you installed active directory on it. Need some clarification here...
0
 
Chris DentPowerShell DeveloperCommented:

Indeed, if you can log onto the local computer (in the Log On To) box then you're not logging onto a Domain Controller.

Chris
0
 
mandbru99Author Commented:
But then how do I log onto a domain controller if there are no users that are members of the domain?  When I try to log on to thee domain, no username or password -- not even Administrator works.
0
 
Chris DentPowerShell DeveloperCommented:

What was the local Administrator is the first Domain Administrator for your AD domain. But... if you get the option to log onto the local machine you are not logging onto a Domain Controller.

Chris
0
 
AmericomCommented:
we are missing something here...can you do a screen capture of your computer properties, like showing the computer name and the domain name?
May be we are taking about two different things here. When you added the domain controller role, you were asked to input a domain name, what is the domain name? that's the domain name you are and can only longon to. If you don't see this name and only logged on to the computername, then, you don't have a domain or a domain controller.
0
 
mandbru99Author Commented:
Okay, I have uploaded 6 screen shots.  Please let me know if there is anything else that will clarify any of the settings.
Picture-1.jpg
Picture-2.jpg
Picture-3.jpg
Picture-4.jpg
Picture-5.jpg
Picture-6.jpg
0
 
AmericomCommented:
Screen1: You either have a computername or a domainame called Master2008

Screen2:  It's not a domain controller. Wish I can see the computername here....

Screen3: This shows you have a domain name called GREENWOOD.LOCAL, weird. Is screen1 and Screen2 from the same machine??

Screen4:  Outch!, you have 3 DCs and one of which is the "MASTER2008" from Screen1

Screen5:  This one showing you were trying to logon to a domain GREENWOOD with the account jdberman.

Screen6: As expected as you were trying to logon to a Domain controler and you get this message either the account you used does not have admin right. But according to the message, the account does existin in the domain GREENWOOD.

Question1: Can you do a screen capture like Screen2 but showing the computername?

Question2: If all the screen shots were from the same machine, then you may have inappropriately removed or demote the Computername or Domain Controller "MASTER2008". The current status of MASTER2008 is no long a domain controller, even it appears in your screen4 as a domain controller but it is probably just left over defect which you need to do metadata cleaning. But before that, lets double check and answer my questions.

Question3: You have two other domain controllers "MASTER" and "MASTER2008X", what is the history of these two domain controllers? Can you logon to anyone of them with any account? If these two controllers are good, you gotta to be able to logon with an administrator account or the account you used to install these two domain controllers.

Question 4: On screen4, can you click and hightlight the container "Users" to show what users you have there. Also do a screen that shows the container "Computer".

0
 
mandbru99Author Commented:
Question 1:  see attached file

Question 2:  Not a question, but as I said in the initial message, I did not initially set up Domain Conroller as a role for this server, and I set up several local users, and then realized that I should make it a domain controller so that I could use the Active Directory

Question 3:  Master is our old server that I am trying to transition from.  It is a Windows 2003 Server.  The Greenwood domain was already in existence before I started setting up this server.  Master2008 and Master2008X are actually both Virtual Machines that are running on a Sun Solaris server.  Master2008X is basically a clone of Master2008 (although I haven't changed it's role to Domain Controller yet).  I can log on to Master with any account in the Greenwood Domain.  I am just trying to be able to do the same with Master2008.

Question4: The users in that container are the same as the users in Master.  I am a little afraid to post screen shots of all of the users and computers online, but take my word for it that jdberman is one of the users listed.  There are several computer listed in the Computers container.  In order to get Master2008 and Master2008X in the Domain Controllers container, I had to drag them from Computers, so they are no longer in there.

Thanks for your help so far...
Picture-7.jpg
0
 
mandbru99Author Commented:
I was able to fix the problem by logging on to the domain administrator's account.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now