Windows Server 2012 R2 Computer Account Management


Computer Account Management

What is a Computer Account?
Located in Active Directory, the Computers container keeps entry records and manages all client machines connected to a server domain environment. Building on from our lesson in Windows Server User Account Management, Launch AD and expand the local domain tree > Select Computers container and notice there are currently no computers listed in the directory as shown below. 




Joining Client Workstations to a Domain Server
There are multiple reasons why a network administrator would join a client computer to a domain environment. Central control of resources such as file shares, printers, applications, terminal services and security policies could be easily implemented across the entire network if the client computer is part of a single domain environment.

User account password management, group policy management and varying levels of resource allocations and permissions become easier to manage from a central location with full audit capabilities, provided the client work stations are connected to the domain. 

To achieve this in your home lab setting, you will need at least one client operating system like Windows 7 Pro or Windows 10 Pro with a local administrator account. Bear in mind that not all versions of Windows operating system can be part of a domain environment. Windows Home editions for example do not have the capability of joining a domain environment.


Joining Windows 7 Professional to a Domain Server
Fire up and access the Win 7 Pro OS with administrator credentials. Click Start > Right Click Computer and Select Properties. 


The version of the operating system, processor and RAM information, architecture type of either 32-bit or 64-bit OS and full computer name are displayed in this window.

Click on Change Settings and a dialog box will open with the option to change the computer name and also join the computer to a domain.

Select Domain and type in the address you created in your server. Eg. Myserver.local. Insert the server admin username and password. Remember to use ServerName\ to ensure you are connecting to the correct server. 


Once the domain admin credentials are accepted, you will get a prompt saying Welcome to your domain. Click OK and restart the computer the new change to take effect.


Notice the Press CTRL+ALT+DELETE to log on option which becomes available after your computer is connected to a domain. Press the buttons to log on for the first time.


Using any of the User Accounts we previously created during the server set up, log into the client computer and give it a moment to create your new desktop profile for that particular user.


Log back into your server and access the computer container to discover a new computer which we just joined to the domain is now visible with the name of the workstation for easy identification in active directory users and computers.

Joining Windows 10 Professional to a Domain Server
The process for joining a Windows 10 Pro computer to a domain is similar to Windows 7 Pro. Log in as admin and access properties of My Computer. 


Enter the domain Admin credentials and get a welcome prompt when you have successfully joined the domain. Click to restart the machine and prepare to log in with domain user account for the first time.


 In Windows 10, you will have to Click Other User at the bottom left of your log in screen user access.


Finally log back into the domain controller server and notice two computers now appear in the Computer container, confirming the domain joining process has successfully completed.


Computer Lost Trust Relation with Domain Environment
Sometimes, a user may log a support call with an administrator with an error, the computer has lost trust relationship with the domain environment which prevents a user from logging on.

This is due to the connection between client and server being corrupt and unable to authenticate.

To resolve this, access Active Directory Users and Computer and expand the computer container. Locate the exact computer in question by name and right click then Reset the connection.

You may also want to remove the computer from the domain by switching it to WORKGROUP and rebooting. Make sure a valid local administrator account is available on the workstation as failure to do so may result in total loss of control to that workstation.

After reboot, go through the process of re-joining the untrusted computer back onto the domain and power cycle the machine.

You may now successfully log into the computer using the user domain account credentials. 


                                  Conclusion & Final Thoughts

Congratulations for making it this far in the lessons, hopefully your understanding of managing computer accounts on your domain controller server has become clearer after practicing these tutorials.

Join us again as we go further with Windows Server 2012 R2 configuration for our next topic in Group Account Management. Thank you for investing your time with us.

 By:codexploitcybersecurity.com    Twitter:@ixploitsecurity    Facebookhttps://www.facebook.com/icybersecure


                    Credits to all organisations and development teams at Microsoft Corporation 







0 Comments:

Post a Comment