Configuring Active Directory

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

If you want to create security groups in Active Directory or raise the domain functional level, perform the following procedures.

Important

If you have or will have any domain controllers running Windows NT 4.0 and earlier, then do not raise the domain functional level to Windows 2000 native. After the domain functional level is set to Windows 2000 native, it cannot be changed back to Windows 2000 mixed. If you have or will have any domain controllers running Windows NT 4.0 and earlier or Windows 2000, then do not raise the domain functional level to Windows Server 2003. After the domain functional level is set to Windows Server 2003, it cannot be changed back to Windows 2000 mixed or Windows 2000 native.

If you want to raise the domain functional level to either Windows 2000 native or Windows Server 2003, do the following:

  1. Open the Active Directory Domains and Trusts snap-in. To open Active Directory Domains and Trusts, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Domains and Trusts.

  2. In the console tree, right-click the domain for which you want to raise the domain functional level, and then click Raise Domain Functional Level.

  3. In Select an available domain functional level, do one of the following:

    • To raise the domain functional level to Windows 2000 native, click Windows 2000 native, and then click Raise.

    • To raise the domain functional level to Windows Server 2003, click Windows Server 2003, and then click Raise.

Note

To perform this procedure, you must be a member of the Domain Admins group in the domain for which you want to raise functionality or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. The current domain functional level is displayed under Current domain functional level in the Raise Domain Functional Level dialog box.

To create a group and add members to the group, do the following:

  1. Open the Active Directory Users and Computers snap-in.

  2. In the console tree, right-click the folder in which you want to add a new group.

  3. Point to New, and then click Group.

  4. Type the name of the new group. By default, the name you type is automatically entered in Group name (pre-Windows 2000).

  5. In Group scope, click one of the options.

  6. In Group type, click one of the options, and then click OK.

  7. In the details pane, right-click the group you just created, and then click Properties.

  8. On the Members tab, click Add.

  9. In Enter the object names to select, type the name of the user, group, or computer that you want to add to the group, and then click OK.

For more information, see “To create a new group” at https://go.microsoft.com/fwlink/?LinkId=20018 and “Assign user rights to a group in Active Directory” at https://go.microsoft.com/fwlink/?LinkId=20019.