This report is regarding the addition of Active Directory to the current Ken 7 Windows Limited network environment. The following are some considerations about Active Directory and the integration with the current network.
Currently, system administrators create Ken 7 users in each computer where users need access. In the Active Directory, where will system administrators create Ken 7 users? In Active Directory (AD) system administrators would create users in the Group Policy Management Console (GPMC), which is used to create & edit GPO’s (Group Policy Object), import & export GPO’s, copy & paste GPO’s, back-up & restore GPO’s, search for GPO’s, or create reports on GPO’s. By creating the GPO’s for each department (eg. Administrators, Planners, Shop Floor users, ...view middle of the document...
This is randomly handled by AD in a “90” or “120” day timeframe.
What action should administrators take for the existing workgroup user accounts after converting to the Active Directory? As prior to the implementation of Active Directory, the existing workgroups were managed individually (mistakes could easily be made with improper privileges), where with AD makes it much simpler to manage from an administrative perspective. Specifically pertaining to the existing users in the workgroups: accounting, planning, & purchasing, you need to create a new Active Directory domain and Create new user accounts for all users. Then you need to manually join these computers to the AD domain. Or you can script it using various exe commands (eg. Netdom).
How will the administrators resolve the differences between the user accounts defined on the different computers? In other words, if user accounts have different settings on different computers, how will the Active Directory address that issue? Active Directory allow users to “move” or “roam” from computer to computer, and their access/privileges follow them. The sys admin doesn’t have to configure user accounts per computer, it is now held in Active Directory based on the Group Policy Object (GPO) they are a part of. There are four levels of access, the most specific being the Local GPO’s, next is the Site GPO’s , next is Domain GPO’s, and last is the Organizational Unit GPO.
How will the procedure for defining access controls change after converting to the Active Directory? The defining access controls change is now grouped from Organization, to Domain, to Site, to local. The Local GPO’s is where each user is allowed to have different privileges as long as the changes are still allowed from a higher level. Think of a tree, how it branches out from the trunk, to the branches, to the leaves.