Missing computers in AD, and other AD questions...
Im learning about implementing Group Policy to a small domain with 14 computers and users.
If I understand correctly I need to get things organized in AD before I can move very far in GP tasks. I'm running into a couple of challenges there right away. Im hoping for some experience to help me along the way. Here's a couple of questions...
1. I don't see any of the computers on this domain in AD. They are not listed in any of the folders. (Seriously, I've looked in every folder) However, if I do an AD query, they are all listed in the results. Where are they and how do I add them to an OU for GP purposes? All 14 computers login to the domain, and otherwise seem to be attached to the domain.
2. Under the domain container are all the default containers (Builtin, computers, Users, etc.) but only 1 OU, named Domain Controllers. If I understand, I need the items I want to manage to be in OU folders and not just containers. Can I create new OU folders and just move existing users (all in the Users container) to a new Domain-Users OU? Will that break anything?
3. If I fix these two problems, can I assume Im ready to starting learning and deploying GP?
Some info on the environment...
A single domain controller, running Win Server 2016 Essentials updates are current. All workstations are on the local network, running Win10 Pro and show that they are members of the domain. It's a pretty plain vanilla setup. I've attached screenshots of the installed roles and features, incase some may question what's installed.
Thanks from a grateful newbie.
Roles-1-31-20.PNG
Features1-1-31-20.PNG
Features2-1-31-20.PNG
If I understand correctly I need to get things organized in AD before I can move very far in GP tasks. I'm running into a couple of challenges there right away. Im hoping for some experience to help me along the way. Here's a couple of questions...
1. I don't see any of the computers on this domain in AD. They are not listed in any of the folders. (Seriously, I've looked in every folder) However, if I do an AD query, they are all listed in the results. Where are they and how do I add them to an OU for GP purposes? All 14 computers login to the domain, and otherwise seem to be attached to the domain.
2. Under the domain container are all the default containers (Builtin, computers, Users, etc.) but only 1 OU, named Domain Controllers. If I understand, I need the items I want to manage to be in OU folders and not just containers. Can I create new OU folders and just move existing users (all in the Users container) to a new Domain-Users OU? Will that break anything?
3. If I fix these two problems, can I assume Im ready to starting learning and deploying GP?
Some info on the environment...
A single domain controller, running Win Server 2016 Essentials updates are current. All workstations are on the local network, running Win10 Pro and show that they are members of the domain. It's a pretty plain vanilla setup. I've attached screenshots of the installed roles and features, incase some may question what's installed.
Thanks from a grateful newbie.
Roles-1-31-20.PNG
Features1-1-31-20.PNG
Features2-1-31-20.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you join a computer to a domain, the computer object is placed in the default domain.local\Computers container. You can't link a GPO to a container so just create a Computers OU somewhere in your OU hierarchy and move all computer objects there prior to applying the GPO
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gentlemen...
All very helpful advice. Fortunately, tip #1 from DrDave242 was the issue.
As they say, the simplest solution is the place to start. The view was filtered to only include users.
With almost zero experience in AD, I had no idea that little nugget was there.
I selected "Show all types of objects" an miraculously, all the computers are now seen in the standard computers folder.
All I need to do now is create an OU-Computers folder and drag the into (thanks Fred_Marshall for the good instruction on that too!)
Much appreciated!
AD---Filtered-2-3-20.PNG
All very helpful advice. Fortunately, tip #1 from DrDave242 was the issue.
As they say, the simplest solution is the place to start. The view was filtered to only include users.
With almost zero experience in AD, I had no idea that little nugget was there.
I selected "Show all types of objects" an miraculously, all the computers are now seen in the standard computers folder.
All I need to do now is create an OU-Computers folder and drag the into (thanks Fred_Marshall for the good instruction on that too!)
Much appreciated!
AD---Filtered-2-3-20.PNG
ASKER
Gentlemen...
This is exactly why EE is so valuable.
The help and instruction from both of you was very useful and I can now move ahead learning more of the magic of AD!
Thanks much,
Ken C.
This is exactly why EE is so valuable.
The help and instruction from both of you was very useful and I can now move ahead learning more of the magic of AD!
Thanks much,
Ken C.
I would NOT "drag" anything. You want to use the MOVE option. That way, I'm sure of the action I'm taking. Otherwise things can get messed up e.g. like using cut and paste.
I've since implemented a few domains with Windows Server Standard 2019.
As a result, I can say these things:
1) It appears that nobody knows much about Essentials. So, it's hard to get help that isn't more oriented to Standard. I was never able to solve this problem. But, I'm still running it so could experiment a bit.
2) I found Standard *much* easier to understand as, it appears, Essentials makes a bunch of assumptions regarding what you need and just does it.
Another source of difficulty in my opinion.
I would highly recommend that you go to Standard.
Perhaps someone else could shed more light on the whole thing....