Windows Services Index | Overview | Getting Started | How To | Forest Design | Resources | Troubleshooting | Policies | Contact Info

How To: Installing a PC into an Organizational Unit (OU)

Prerequisites:

1. You have completed the OU application process.
2. You have an OU administrative account or and account given permissions within an OU.

Step 1: Decide which method to use when adding a machine.

Three methods exist for adding machines to the ACCESS domain:

1. The first option is to install a single Client Machine into Active Directory®.
• This option is only available to admins with an OU admin account given to them from an ACCESS Enterprise Administrator.
• This option is best suited for adding a single user's workstation.
• The procedure is outlined below.
2. The second option is to pre-create and install a single Client Machine into Active Directory®.
• This option is only available to administrators delegated the right to install machines into an organization's OU.
• This option is best suited for delegating the addition of a single users workstation
• The procedure is outlined here.
3. The third option is to pre-create and install multiple Client Machines into Active Directory®.
• This option is only available to administrators delegated the right to install machines into an organization's OU.
• This option is best suited for delegating and adding a large number of machines at one time into an organization's OU.
• The procedure is outlined here.

Step 2: Patch the machine and setup the machine name (EXTREMELY IMPORTANT).

Patching the Machine

It is extremely important to have an updated machine prior to installing the machine into Active Directory. You can use the Windows® Software Update Service to patch and update the machine, or another method of your choice.

Setting Up the Machine Name:

1. Right-click My Computer and choose Properties.
2. Choose Computer Name.
3. Click <Change>.
4. Ensure that the Computer name text box has the correct machine name and that the machine name is correctly prefix with your organization's designated two- or three-letter prefix.



5. Click <More>.
6. Click the Change primary DNS suffix when domain membership changes check box to disable this option.
7. Enter the DNS suffix of the machine where YourDNSsuffix.psu.edu is the the DNS suffix of the Fully Qualified Domain Name (FQDN) for the machine.



8. Click <OK> for the next four windows.
9. Click <Yes> to restart the computer.
10. After rebooting, right-click My Network Places and choose Properties. Choose the connection used to access the network.
11. Right-click and choose Properties.
12. Double-click Internet Protocol (TCP/IP).
13. Click Advanced.
14. Choose the DNS Tab.
15. Ensure that the DNS servers listed are the DNS servers you generally use to resolve DNS names; you may use the two listed or DNS servers run by your organization.
16. In the Append, these DNS suffixes (in order) text box replace your DNSsuffix.psu.edu with your organization's DNS suffix and be sure to include aset.psu.edu as well.
17. Click the Register the connection's addresses in DNS check box to disable this option.



18. You can also set a WINS server. (optional)
19. Under Advanced TCP/IP Settings, select the WINS tab.
20. Click <Add>.
21. You may use the WINS server provided by us or a WINS server of your choice.
22. Click <Add>.



23. Click <OK>.
24. Click <OK>.
25. Click <OK>.

Step 3: Use one of the following options to add the machine:

Option 1: Install a single Client Machine into Active Directory®.

1. Log on to the client workstation as a local administrator.
2. Right-click My Computer and choose Properties.
3. Choose the Computer Name Tab.



4. Click <Change>
5. Click the Domain radio button.
6. Enter ACCESS.PSU.EDU.



7. Click <OK>.
8. Enter the username and password of the user you chose to install on the machine in step 2.
9. Click <OK> for the next few screens, including the reboot prompt.
10. Click <Yes> for the Do you want to restart your computer now? message.

Option 2: Pre-create and and install a single Client Machine into Active Directory®.

Pre-create the Computer Account in Your OU.

1. Log on using the account that has been delegated permissions for your OU.
2. This machine with the installed administrative pack must be in the domain.
3. Open the Active Directory Users and Computers administrative snap-in.
4. Navigate to your OU.



5. Right-click in the right-side panel of the window, and choose New –>Computer..



6. Enter the DNS short name of the client workstation to be added to Active Directory®.
7. Click <Change> for The following user or group can join to this domain.
8. Enter the user name of the account to install on the client machine.



9. Click <OK>.



10. Click <Next>.
11. Click <Next>.
12. Click <Finish>.

Install the Client Machine into Active Directory®.

1. Log on to the client workstation as a local administrator.
2. Right-click My Computer and choose Properties.
3. Choose the Computer Name Tab.



4. Click <Change>.
5. Click the Domain radio button.
6. Enter ACCESS.PSU.EDU.



7. Click <OK>.
8. Enter the username and password of the user you chose to install on the machine in step 2.
9. Click <OK> for the next few screens, including the reboot prompt.
10. Click <Yes> for the Do you want to restart your computer now? message.

Option 3: Pre-create and install multiple Client Machines into Active Directory®.

Pre-create the Computer Account in Your OU.

1. Log on to machine already in the domain with an account.
2. Download the scribt, addpcstoOU.vbs.
3. Edit the following two lines:
1. Edit this line to delegate the following user or group the ability to install the machine into the OU
   strComputerUser = "access\admin_mcc171"
2. Edit this line to reflect your OU in the ACCESS Domain
   Set objContainer = GetObject("LDAP://OU=workstations,OU=AIT,OU=ASET,OU=ITS,OU=UP,OU=PSUOUs," & _
   objRootDSE.Get("defaultNamingContext"))
4. Create a text file in the same directory as you saved the scripted in and name it pcs.txt.
5. Open the pcs.txt and put all the names of machines you want to pre-create one per line in the file.
6. Open a command prompt and cd into the directory with the script
7. Execute the command 'cscript addpctoOU.vbs < workstations.txt'
8. Using the Active Directory users and computers snap in, verify that the machines accounts were created.

Add the Client Machine to the domain.

1. Log on to the client workstation as a local administrator.
2. Right-click My Computer and choose Properties.
3. Choose the Computer Name Tab.
4. Make sure that the computer name matches one of the machine accounts that was created.



5. Click <Change>.
6. Click the Domain radio button.
7. Enter ACCESS.PSU.EDU.



8. Click <OK>.
9. Enter the username and password of the user you chose to install on the machine in step 2.
10. Click <OK> for the next few screens, including the reboot prompt.
11. Click <Yes> for the Do you want to restart your computer now? message.

Step 4: Setup the registry keys.

Setting Up the Registry Entries for the K5 KDCs

1. Click here to run the Registry setup file.
2. Test the configuration by using your Penn State Access Account userid and password to log on. In this case, you will enter (for example) xyz123@dce.psu.edu and the password, where xyz123 represents your Access Account userid.
3. If the message, local policy of this system does not permit you to log on interactively, appears or the machine allows you to log in, then the trust works.