|
Last Updated: October 22, 2009 Creating Servers and Workstations in a Delegated OUPre-allocating ComputersAdministrators of Orgnaizational Units (OUs) must "pre-allocate" computer objects within their OU before attempting to join that computer to the domain.Pre-allocating a computer object is a simple process, and can be accomplished either via the "Users and Computers" snap-in, or programmatically, via an ADSI script. Using the "Users and Computers" snap-in, one just right-clicks for a context menu within the designated OU, and then chooses New->Computer. The "new Object - Computer" dialog then pops up, giving the administrator four choices: Computer Name, Computer Name (pre-Windows 2000), the "Joining User or Group", and a check-box to allow "pre-Windows 2000" clients to join the Windows domain.
Computer NamesThe "Computer Name" and "Pre-Windows 2000 Computer Name" need to be unique within the Windows domain. Therefore we require a naming standard for computer names. Please refer to the U-M Windows naming standards page.The U-M standard for creating a Windows computer name specifies that each organization must prefix their computer names with a unique string of two or more characters, followed by a dash. In practice, a two or three character prefix is best, since it leaves more room for a unique suffix string. In the example above, the organizational prefix is "LNG-". The suffix might be a U-M asset code, followed by a location code. The suffix used is entirely up to the organization creating the computer object.
Joining GroupFortunately, not every computer in the world can join our W2k domain. The individual attempting to join a computer to a Windows domain must either be personally authorized to do so, or must possess the credentials of an authorized Windows account. In pre-allocating the Windows computer object, the Windows administrator should specify a Windows security group containing some number of Windows accounts that are authorized to create computer objects within the delegated OU. If you choose to create a security group for this purpose, please read the Naming Standards for the U-M Windows 2000 Forest section when choosing a name for the security group.
Pre-Windows 2000 ComputersIf the computer you are joining to the domain runs an operating system older than Windows 2000, you must check this box. Operating systems that meet this "back-level" criteria include NT 4, Windows ME, Windows 98, Windows 95 (these back-level clients are not recommended) and the Macintosh operating system.
Registering a Computer PrefixTypically, a U-M organization will choose a computer prefix when joining the forest. If you are already a member of the U-M forest, and would like to register another prefix, please send your request to W2kSupport@umich.edu. Existing prefixes are listed in the "U-M Windows Organizational Prefixes" section, so be sure to look there before submitting a request. Prefixes are handed out on a "first-come, first-serve" basis.
|
