After setting up a Windows Server Domain Controller and Windows 10 client, in my previous posts, I practiced some basic Active Directory tasks. Here's the list:
Create Users
Create Groups
Create a new OU
Adding users to groups, and groups to OUs
Map a network drive (for a user, or group)
Most of these are very straightforward. Creating users and groups just requires right-clicking in a folder and selecting 'New.' You can also find shortcuts for these commands on the toolbar at the top of the window.
1. For users, you will need to configure a name, a username to use on the domain, a password, and initial password settings.
2. For groups, you will need to choose both a group scope and a group type. Per the Microsoft documentation, the group type options are Distribution (meant for email lists), and Security (for assigning permissions). Security groups are useful for managing what resources users have access to.
Group scope defines where the group exists, who can be added, and where permissions can be granted. The options are Universal, Global, and Domain Local; Universal is the broadest option.
3. To create a new Organizational Unit, make sure you are in the Domain folder, and not a sub-folder. Either right-click to create, or find the button on the toolbar. You only need a name to create one of these.
4. To add users to groups, right-click on the user, go to Properties, select the 'Member Of' tab, and Add the group. To add a group to an OU, right-click on the group, select 'Move,' and select the OU.
5. I referenced a video by Kevtech IT about NTFS and network shares to practice mapping drives.
First, we set up the folder for sharing, and add our group. Find the folder you want to share in File Explorer. Change the Share settings: Right-click, open Properties, go to the 'Share' tab, and click 'Share.'
Then, we change the NTFS permissions: go to the 'Security' tab, and click add. There, enter the name of the group or user you want to have access to the folder. You can edit the permissions that user or group has from the Security tab. Open 'Advanced,' select your group and click 'Edit.'
Kevtech recommends adding the drive path to the group description for easy reference. First, copy the path from the folder's 'Share' tab. Find the group in Active Directory, right-click on it, go to Properties, and add the folder's path to the description.
To map the drive, you need access to the client's machine. Go to This PC, right-click, and select 'Map a drive.' Select a drive letter, and enter the folder path under 'Folder.' (This is where having the folder path under 'Description' comes in handy.) Here's Microsoft's handy visual guide if you want one. Click 'Finish.' The folder should show up under This PC.
Now the user has easy and automatic access to the shared folder!
Comments