Skip to main content

Active Directory Tutorial (Windows Server 2008)


Active Directory (AD) is a Microsoft technology, directory service structure or database created for Windows networks and domains for the purpose of storing informations about users, printers, and other network resources. It also allows or denies access according to permissions of the entity who is requesting specific resource. AD runs on servers called domain controllers which as a platform use Windows server Operating sy
stems, uses Lightweight Directory Access Protocol (LDAP), Kerberos and it is highly dependent on DNS. 

Domain controllers are central location for network administration and security, from where system administrators can perform various tasks as install updates and apply new patches. To perform this, administrator can update a single object in AD and make it apply to all resources in a domain. 
(There's no need to go applying changes to every single machine.) 

Domain controllers are responsible for assigning and enforcing security policies for all resources, authentication and authorization of all users and computers within a windows network domain. Meaning, when a user logs into a computer that is part of a domain, Active Directory verifies login password and specifies whether the account is authorized to access specific resource. 



    Installation of Domain Controller
To install Active Directory on a server that runs Windows Server 2008 or Windows Server 2008 R2 operating system, we can use Active Directory Domain Services Installation Wizard or Dcpromo.exe. By installing theActive Directory Domain Services (AD-DS) role on the server, the server will actually become a Domain Controller. Also notice that the first domain controller in a forest must be a global catalog server and it cannot be an RODC. To complete this procedure, on the server we should have an account with membership in the local Administrators. 

To install AD simple follow these steps:

1. Open Server Manager and click on Roles > Add Roles link, and proceed with the next

server manager


















2. Select Server Roles Active Directory Domain Services, and then click Next

Add roles


















3.Next ... 



















4. Confirm installation Selections... 

Install


















5. When finished, simply close

Add roles wizard


















6. Once finished, on the Server Manager, follow the Active Directory Domain Services link, which will activateDCPROMO or enter the command from run manually. 

Run dcpromo


















7. In the Operating System Compatibility window, click Next

dcpromo


















8. In Deployment Configuration window, select "Create a new domain in a new forest and click Next

Dcpromo


















9. Chose the name for the new domain. Here make sure you enter the domain name you want correctly because renaming domains is not an easy task. Do NOT use a single name domain names such as "mydomain" or similar. You MUST chose a full domain name such as "mydomain.local" or "mydomain.com". Click Next

Dcpromo


















10. Select forest function level. Windows 2000 mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the forest you're creating. If You You're not planning to have older version of the Windows in the forest, chose Windows server 2008

Dcpromo


















11. The wizard will check if DNS is properly configured on the local network. If no DNS server has been configured, the wizard will offer to automatically install DNS on the server. 

Dcpromo


















 


12. The first DC in a forest must also be a Global Catalog, and cannot be a Read Only Domain controller. 

Dcpromo


















13. At this time You might get an error if the server has dynamically configure IP Address. If this is the case, please give the static IP address for the server. ( Also You will get this warning if the IPv6 is turned on and not configured but You can ignore the warning or turn it off.) 

Dcpromo


















14. Warning about DNS delegation might be generated since no DNS has been configured yet, so you can ignore the message and proceed: Yes

Dcpromo


















15. Setup AD databaselog files and SYSVOL folder. You can leave this as default, Next... 

Dcpromo


















16. Enter the Recovery Mode password for the Active Directory. Password should be complex and at least 7 characters long. Write it down and store it in a locker, Next

dcpromo


















17. After clicking Next on the summary screen, the wizard will create the Active Directory domain. 

dcpromo


















18. When finished, you will need to press Finish and reboot your computer. 

dcpromo


















That's it. Server now acts as a Domain Controller. We can test functionality by using AD management toolssuch as Active Directory Users and Computers, or Groups, examine the Event Logs, services and folders and shares that have been created. 
Labels:

Comments

Post a Comment

Popular posts from this blog

Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse technologies, Cisco has developed a layered hierarchical model for designing a reliable network infrastructure. This three-layer model helps you design, implement, and maintain a scalable
Post a Comment
Read more

Access Control Lists (extended)

Access Control List  or  ACL  is a technic of controling network traffic. It is a list of rules with which traffic flow can be manipulated - permitted or denied. By default, traffic flow from the interface with the higher security level (for example "inside" interface) to interface with the lower security level (example "outside" interface) is allowed by default, but the flow of traffic from "outside" to the "inside" interface must be explicitly permited. 
Post a Comment
Read more

Classes of IP addresses

TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of valid IP addresses. The value of the first octet determines the class. IP addresses
Post a Comment
Read more