domain controllers and active directory

James McDermott ([email protected])

Installing and Configuring a Domain Controller and Active Directory Services


1

Table of Contents

Introduction.......................................................................................................................... 2 A.1 Windows Server 2008 R2 Standard Server Core Installation ......................................... 3 A.2 Windows Sever 2008 Datacenter Full Installation ....................................................... 12 B.1 Setting up a Domain Controller .................................................................................... 19 B.2 Adding a second Domain Controller (server2) ............................................................. 29 B.3 Setting up a member server (MS-Core) ...................................................................... 36 C.1 Setting up a disk mirror ................................................................................................ 41 C.2 Creating Spanned Volumes .......................................................................................... 46 D.1 Setting up Organizational Units (OUs) ......................................................................... 49 D.2 Setting up Users ........................................................................................................... 52 D.3 Setting user logon times .............................................................................................. 56 E.1 Setting up groups ......................................................................................................... 58 E.2 Restrict view to Organizational Unit with a Group Policy ............................................ 64 E.3 Redirecting My Documents from client machine to server ......................................... 68 E.4 Blocking access to Control Panel with GPOs ................................................................ 79 E.5 Publishing software to Users with GPOs ...................................................................... 85 F.1 Installing print server role ............................................................................................ 89 F.2 Installing Printers .......................................................................................................... 92 F.3 Publishing printer to directory ..................................................................................... 96 F.4 Installing a generic unshared printer ............................................................................ 99 G.1 Setting up server core file services ............................................................................ 100 G.2 Configuring Remote Desktop on Server Core ............................................................ 103 G.3 Remote connecting to Server Core from Windows 7 ................................................ 105 H.1 Setting up DHCP Services (Server2) ........................................................................... 108 H.2 Setting up windows 7 to obtain IP from server2 ....................................................... 114 H.3 Removing DHCP services ........................................................................................... 115 I.1 Decommissioning a domain controller ....................................................................... 118 References ........................................................................................................................ 120


2

Introduction

This manual will demonstrate how to configure a domain controller and use active directory services. We will be setting up two server machines which will be used as domain controllers (each running a full installation of Windows Sever 2008 R2), a member server (running a core installation of Windows Server 2008 R2) and a client machine (running windows 7) which will be connected to the domain. The four machines will be named as follows:

Server1 - will be the first domain controller

Server2 - will be a second domain controller

MS-Core - will be the member server

Client1 - will be the client machine For the purpose of this manual a domain will be created to host a college network for staff members, which will include trainers, managers and administrative staff. The college is called IPA and has trainers for both IT and Marketing. The IT department is subdivided into two locations Dublin and Belfast. There are also managers and administrative staff within the college that will be represented in the domain.


3

A.1 Windows Server 2008 R2 Standard Server Core Installation The core installation of Windows server gives us a textual user interface (TUI) which is lighter and requires less processing power to run (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.111). As this is a light installation it can run on machines that have limited resources. Due to the fact that there are fewer features installed (such as graphic interfaces) there is less need to repair or patching. This makes for a more stable installation of the system.

Installing the system

Start the windows installation.

1. Choose the install language and keyboard input (See Figure 1: Language and Input)

Figure 1: Language and Input

Next screen click Install now, setup will now begin.

2. Select Windows Server 2008 R2 Standard (Server Core Installation) and click Next (See Figure 2: Installation Version)

Figure 2: Installation Version


4

3. Click I accept to aggree to the license term then click Next (See Figure 3: Licensing Agreement).

Figure 3: Licensing Agreement

4. Click Custom to install a fresh copy of Windows (See Figure 4: Custom Installation).

Figure 4: Custom Installation


5

5. Select Drive Options to create a partition and install the OS (See Figure 5:

Configuring Hard Drive)

Figure 5: Configuring Hard Drive

6. Click New (See Figure 6: Adding Partition).

Figure 6: Adding Partition

7. Enter the size of partition required in MB then click Apply (here we will use 30000MB, 30GB, see Figure 7: Set Partition Size).

Figure 7: Set Partition Size


6

8. Click OK to the notification window. (See Figure 8: Windows Drive Usage Notification).

Figure 8: Windows Drive Usage Notification

9. Next click on partiaion that has just been created and click Next (See Figure 9: Install to Partition).

Figure 9: Install to Partition

10. Windows will now install the system; Windows will restart several times before finishing (See Figure 10: Windows Installation)

Figure 10: Windows Installation


7

11. Click OK to change password on first use (See Figure 11: Password Change Prompt).

Figure 11: Password Change Prompt

12. Enter the new password (here we use Pa$$w0rd) and click the blue arrow (See Figure 12: New Password Entry).

Figure 12: New Password Entry


8

Renaming the server

Server core contains a very useful tool which includes a menu oriented command interface

called server configuration (sconfig) which allows us to manage many configuration settings

(Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p. 1277)

1. Using the server core command prompt window, type sconfig and press Enter

(See Figure 1: sconfig command).

Figure 1: sconfig command

2. In the sconfig console type 2 and press Enter (See Figure 2: Computer Name Option).

Figure 2: Computer Name Option

3. Type in a new computer name (here we are using MS-Core) and press Enter (See Figure 3: Rename Core Server).

Figure 3: Rename Core Server


9

4. You will be prompted to restart the computer. Click Yes and restart (See Figure 4: Restart Prompt).

Figure 4: Restart Prompt

5. Log into the server once Windows restarts and run sconfig again (See Figure 5: Servers New Name).

Figure 5: Servers New Name

The computer name field will now display the new name setting.


10

Setting static IP address

When dealing with domain controllers the IP4 address should be statically assigned (Tittel, E. & Korelc, J.,2008,p.107). It is beneficial to set up static IP addresses for any server machine that is connected to the domain as it may be later upgraded to be a domain controller. Here we will set the static IP address for the server core installation.

1. Run sconfig and type 8, then press Enter (See Figure 1: sconfig window Network Settings).

Figure 1: sconfig window Network Settings

2. Choose the index number of the network adapter that you want to edit (in our case we use 0, see Figure 2: Choose Network Adapter).

Figure 2: Choose Network Adapter

3. In network adapter settings type 1 and press Enter. Then type S and press Enter to set a static IP address (See Figure 3: Static IP Options)

Figure 3: Static IP Options


11

4. Type the IP address you wish to use if you are changing the IP and press Enter. Then type the subnet mask if you wish to change it and press Enter

Figure 4: Static IP Settings

Set a static IP of 192.168.0.34 and press Enter, subnet mask of 255.255.255.0 (the default setting) which is the same as /24 in the Classless Inter-Domain Routing (CIDR) notation and press Enter. As we are not looking at internet access leave gateway blank.

5. The new static IP settings are displayed (See Figure 5: New IP Settings).

Figure 5: New IP Settings

6. Type 4 then press Enter to exit to the main menu. Next type 12 and press Enter to

shut down the server (See Figure 6: Restart Server).

Figure 6: Restart Server


12

A.2 Windows Sever 2008 Datacenter Full Installation

The full installation of windows server presents us with a graphical interface to change the setting of the server, it also has more features than the server core installation which uses a minimal server operating environment (Tittel, E. & Korelc, J., 2008, p.284). It is heavier than the core installation and requires more resources to run, however it is more user friendly.

Installing the system

Installing the full installation is similar to A.1 Installing the System 1. At step 2 select Windows Server 2008 R2 Datacenter (Full Installation) (See Figure

1: Full Installation Option).

Figure 1: Full Installation Option

Once installation has completed, log in using the password set up during installation. Now rather than being presented with a command line interface, we are presented with the familiar windows interface (See Figure 2: Server Startup).

Figure 2: Server Startup


13

Configuring computer name and IP address

Setting name settings and static IP address in the full installation of Windows Server 2008 R2

is not the same as the core installation. Similar to a standard windows environment we

change these settings using properties windows and control panel. Here we will set a staticIP

address for Server1 and name the server appropriately.

1. Go to Start Computer (Right Click)Properties (See Figure 1: Computer

Properties Option).

Figure 1: Computer Properties Option

2. Click Advanced System Settings from the left-hand pane (See Figure 2: Advanced System Settings).

Figure 2: Advanced System Settings


14

3. From the System properties window select the Computer Name tab

4. Next select Change (See Figure 3: Computer Name Tab).

Figure 3: Computer Name Tab

5. Enter a new Computer name (here we use Server1) and click OK (See Figure 4: Computer Name Change).

Figure 4: Computer Name Change


15

6. You will be prompted to restart your computer. Click OK, then click Restart now (See Figure 5: Restart Prompts).

Figure 5: Restart Prompts

7. Once the computer has restarted go to StartNetwork (Right

Click)Properties (See Figure 6: Network Properties Option).

Figure 6: Network Properties Option

This will open the Network and Sharing Center


16

8. Choose Change adapter settings from the left-hand pane (See Figure 7: Network Sharing Center).

Figure 7: Network and Sharing Center

9. In the Network Connections window right click on the connection you want to

edit. (See Figure 8: Network Adapter Properties)

Figure 8: Network Adapter Properties


17

10. Select Internet Protocol Version 4 form the list then click Properties (See Figure 9: Adapter Properties).

Figure 9: Adapter Properties

11. Set static IP to 192.168.0.1 and subnet of 255.255.255.0 Leave all other fields blank and click OK (See Figure 10: Static IP Settings).

Figure 10: Static IP Settings

The defaul gateway is used when dealing communication outside of the local network, i.e. internet communication (Northrup, T. & Mackin, J.C., 2010, p.536). As we are not looking at internet access we will leave this setting blank. The server itself will act as a DNS server (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.260), so it is also unnecesary to enter in an ip address into the DNS fields.


18

Setting up Network configuration on Server2 and Client

For the purpose of this manual we will set up another domain controller as in Part 2 we will name this domain controller Server2 and the IP address to 192.168.0.3 with a subnet mask of 255.255.255.0. We will also use a client machine running windows 7. This machine will be named client1 and will have a static IP of 192.168.0.35, a subnet mask of 255.255.255.0 and a DNS of 192.168.0.1 (The IP address of Server1, as this will be a workstation on the domain see Section B: Part 2) For a full listing of the network settings see Table 1: Serer2 and Client1 Network Settings

Server2 Client1 (windows 7)

Static IP Address 192.168.0.2 192.168.0.4

Subnet Mask 255.255.255.0 255.255.255.0

DNS 192.168.0.1 192.168.0.1

Table 1: Server2 and Client1 Network Settings

As we are going to use Server2 as a second domain controller we need to point its primary dns server to the static IP of Server1 Client1 will be used as a workstation on the domain therefore we need to point the primary DNS server to the static IP of Client1 and the alternative DNS to the static IP address of Server2.


19

B.1 Setting up a Domain Controller

A domain controller (DC) is a tool primarily used for network security, and user

authentication. However it can also incorporate several features and roles that can extend

the functionality of the DC (Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G., 2009,

p.5).

To enable domain controller roles and services we need to use dcpromo (domain controller

promotion).

Running dcpromo

1. Go to Start and type dcpromo in the search box (See Figure 1: Search For

dcpromo).

Figure 1: Search For dcpromo

Click on dcpromo search result and wait for application to load


20

2. You will be presented with a wizard interface, leave Use advanced mode installation unchecked and click Next (See Figure 2: dcpromo Wizard).

Figure 2: dcpromo Wizard

3. You will be presented with information about Operating System Compatibility, click Next to continue (See Figure 3: Compatibility Information).

Figure 3: Compatibility Information


21

4. As we are setting up our first domain controller chose Create a new domain in a new forest and click Next (See Figure 4: Deployment Configuration).

Figure 4: Deployment Configuration

5. Enter a name for the domain (here we use MSCCONV.IPA) and click Next (See Figure 5: Name Domain).

Figure 5: Name Domain


22

6. Next we will be prompted to set the domain and forest fuctional level, leave both as Windows Server 2003 and click Next (See Figure 6: Forest Functional Level).

Figure 6: Forest Functional Level

Set to the same level as all other domain controllers on the network Click Next for the forest function level and the domain functional level The funtional level defines which features are available to the domain or forest. Higher levels often incorporate features from lower levels (i.e. 2008 has features from 2003). Once a functional level is set all other domain controllers within the forest or domain must be at the same funtional level (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.118).


23

7. On the Additional Domain Controller Options, make sure the DNS server is checked and click Next (See Figure 7: Additional DC Options).

Figure 7: Additional DC Options

The global catalog is contains information on every object in the entire domain forest, it can

be accessed by any client that supports active directory can query this catalog (Tittel, E. &

Korelc, J., 2008, p.121). The domain name services (DNS) role allows the domain controller

to associate fully qualified domain names (FQDN) to their network IP address (Minasi, M.,

Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.180).

8. When prompted, click Yes to continue (See Figure 8: DNS Delegation Prompt)

Figure 8: DNS Delegation Prompt


24

9. Leave the Location for Database, Log Files, and SYSVOL set to the default settings and click Next (See Figure 9: Location for DB, Log File and SYSVOL).

Figure 9: Location for DB, Log Files and SYSVOL

10. A restore administrator password needs to be set, in case there are any issues with the server. Enter a password (Pa$$w0rd) and click Next

Figure 10: Restore Admin Password


25

11. Click Next on the summary page to continue (See Figure 11: Server Summary).

Figure 11: Server Summary

12. The Active Directory will now be configured. Click Reboot on completion and wait for system to restart.

Figure 12: Active Directory Install


26

Adding a Windows 7 workstation member to the Domain

By adding a client machine to the domain we can log onto the computer using any domain account (Bott, E., Sienchert, C. and Stinson, C., 2011, p.650). The client machine will then be a workstation on the domain. Assuming that the networks settings have been set up using the settings given in A.2: Setting up Network configuration on Server2 and Client.

1. Go to Start, right click on Computer and select Properties (See Figure 1: Computer Properties Option)

Figure 1: Computer Properties Option

2. Choose Advanced system settings from the left-hand pane (See Figure 2:

Advanced System Settings Option)

Figure 2: Advanced System Settings Option


27

3. Choose the Computer Name tab then click Change (See Figure 3: System Properties Window)

Figure 3: System Properties Window

4. In the Domain text box type the name of the domain we set up earlier (MSCCONV.IPA), see Figure 4: Join Domain Settings.

Figure 4: Join Domain Settings

5. You will be prompted to enter the domain administrator details. Username: administrator, Password: Pa$$w0rd, (See Figure 5: Logon Prompt)

Figure 5: Logon Prompt

NOTE: The local administrator of the first domain controller is promoted to the domain administrator


28

6. Once the client has joined the domain a welcome message will appear, click OK

(See Figure 6: Domain Welcome)

Figure 6: Domain Welcome

7. Restart the computer when prompted. Note: Currently there are no domain user accounts set up other than the administrator account, so we cannot log on to the domain. However sets 8 and 9 demonstrate how to log on to the network.

8. When windows restarts at the logon screen choose Switch User (See Figure 7: Domain Logon Window).

Figure 7: Domain Logon Window

9. Choose Other User and then enter domain_name\username and enter the

password (e.g. Username: MSCCONV.IPA\user Password: Pa$$w0rd).


29

B.2 Adding a second Domain Controller (server2) As with all computer systems, domain controllers are susceptible to failures and viruses. It is

advisable to use a secondary domain controller to maintain the domain should anything

happen to the primary domain controller (Morimoto, R., Noel, M., Droubi, O., Mistry, R. &

Amaris, C., 2010, p.158). Having more than one domain controller can also be useful for

decentralized administration and load sharing. Using an additional domain controller to

provide DNS services will lighten the load on the primary domain controller.

Using dcpromo to join existing forest

Assuming that the networks settings have been set up using the settings given in A.2: Setting up Network configuration on Server2 and Client

1. Start dcpromo on Server2 (see Section B Step 1: Setting up Server1 as a Domain Controller and creating a forest).

The installation process is similar to the setup of Server1 however as this will be the second domain, we are adding it to an existing forest.

2. when prompted to Choose a Deployment Configuration, choose Existing Forest and Add a domain controller to an existing domain, then click Next (See Figure 1: Add Domain Controller).

Figure 1: Add domain controller


30

3. Enter the name of the domain we set up earlier (MSCCONV.IPA) in the box provided, then click Set.. (See Figure 2: Identify Domain)

Figure 2: Identify domain

4. When prompted, enter the domain administrator details (username: Administrator

and password: Pa$$w0rd), see Figure 3: Administrator Logon

Figure 3: Administrator Logon


31

5. MSCCONV.IP should appear highlighted (see figure 4), click Next (See Figure 4: Select a Domain).

Figure 4: Select a Domain

6. Leave the settings as default on the Select a Site screen and click Next (Figure 5: Select a Site)

Figure 5: Select a Site


32

7. Make sure DNS server and Global catalog are selected and click Next (See Figure 6: Additional Options).

Figure 6: Additional Options

8. Click Yes to the DNS notification (See Figure 7. DNS Notification).

Figure 7: DNS Notification


33

9. Leave the default settings on the Location for Database window and click Next (See Figure 8: Location for Database).

Figure 8: Location for Database...

10. Enter a restore password and click Next (See Figure 9: Restore Mode Password Settings).

Figure 9: Restore Mode Password Settings


34

11. Click Next on the Summary window to continue (See Figure 10: Summary Window).

Figure 10: Summary Window

12. Check Reboot on completion on the installation window (See Figure 11:

Installation Window).

Figure 11: Installation window


35

13. After reboot you will now see a domain logon window (See Figure 12: Domain Logon).

Figure 12: Domain Logon


36

B.3 Setting up a member server (MS-Core) Following the same method as in Section A Part 1 Step 3 we can use sconfig to configure the DNS settings of the MS-Core server.

1. Run sconfig, type 8 and press Enter to view the network settings console (See Figure 1. Sconfig Network Settings).

Figure 1: Sconfig - Network Settings

2. Choose the index number of the network connection you wish to configure from the

list (here we choose 0) and press Enter. The adapter setting for this network connection will be displayed.

3. Next type 2 and press Enter to configure the DNS settings

4. Enter in the IP address of server1 (192.168.0.1) and press Enter (See Figure 2: DNS Settings).

Figure 2: DNS Settings


37

5. Click OK on the Preferred DNS server set notification

6. Enter the IP address of the alternative DNS server (server2, 192.168.0.2) and press Enter (See Figure 3: Alternative DNS Settings).

Figure 3: Alternative DNS Settings

7. Click OK on the Alternative DNS server set notification

8. Once completed type 4 and press Enter to return to main menu (See Figure 4: Return to Main Menu).

Figure 4: Return to Main Menu

9. Type 1 and press Enter, to edit the Domain/Workgoup settings


38

10. Type D and click Enter to select domain (See Figure 5: Change Domain)

Figure 5: Change Domain

11. Type the name of the domain you wish to join (MSCCONV.IPA) and press Enter

(See Figure 6: Name of Domain to Join).

Figure 6: Name of Domain to Join

12. When prompted to enter a domain username enter the administrator details for the domain (UN: administrator PW: Pa$$w0rd), see Figure 7: Domain Logon

Figure 7: Domain logon


39

NOTE: The password window will pop up but will look like nothing is being typed. Enter the password and press Enter (See Figure 8: Password Entry Window)

Figure 8: Password entry window

13. When prompted if you want to change the computer name, as the computer was

name previously, click No (See Figure 9: Change Name Prompt).

Figure 9: Change Name Prompt

14. You will then be prompted to restart. Click Yes and restart the server (See Figure

10: Restart Prompt).



40

15. Once the server has restarted, run sconfig. MSCCONV.IPA is now listed as the domain. MS-Core is now a member server (See Figure 11: Domain Change Confirmation).

Figure 11: Domain Change Confirmation


41

C.1 Setting up a disk mirror A disk mirror allows for one disk to be copied to another, each disk must be the same size to

allow for mirroring. Data is duplicated across each disk and can therefore withstand the

failure of a single disk (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010,

p.1108).

Here we add connect extra hard disks to the server, both 40GB in size, once the disks are

physically installed we begin this process.

1. Click the Server Manager, see Figure 1: Server Manager Icon.

Figure 1: Server Manager Icon

2. Select Disk Management from the item tree in the left-hand of the server manager

console. This will display the disks and volumes on the system (See Figure 2: Disk Management).

Figure 2: Disk Management

The hard disks cannot be used until they are online and initialised


42

3. Right click on Disk 1 and Disk 2 and choose Online (See Figure 3: Set Disks Online).

Figure 3: Set Disks Online

4. Right click on Disk 1 and Disk 2 again and choose Initialize Disk (See Figure 4:

Initialize Disks).

Figure 4: Initialize Disks


43

5. Check the disks to be initialized, choose GPT and click OK (See Figure 4: Choose

Disks to Initialize).

Figure 4: Choose Disks to Initialize

Note: By Initialising these two disks, disk0 is automatically set to be Dynamic

If disk0 is not dynamic already do the following:

5b. Right click on Disk0 and click Convert to Dynamic Disk (See Figure 5: Make

Dynamic)

Figure 5: Make dynamic


44

6. Right click on the drive to be mirrored and choose Add mirror (use the C drive),

see Figure 6: Add Mirror Option

Figure 6: Add Mirror Option

7. Choose which disk you want the drive mirrored on to (here we use disk 1) and click

Add Mirror (See Figure 7: Choose Disk to Mirror to).

Figure 7: Choose Disk to Mirror to


45

8. Mirroring to disk 1 will set disk 1 to be dynamic. Click Yes to confirm this change (See Figure 8: Basic to Dynamic Prompt)

Figure 8: Basic to Dynamic Prompt

9. When this is completed you will see the drive mirrored on disk 1 (See Figure 9: Mirrored Drive)

Figure 9: Mirrored Drive


46

C.2 Creating Spanned Volumes A spanned volume works in the same way as a single drive however it is spans two or more

disks (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.1107).

Now that the C drive has been mirrored to disk 1 there remains 10gb free on disk 0 and disk

1 and disk 2 has 40gb free. We can create a spanned virtual volume which will make all free

space appear as one drive (60gb using the free 10gb + 10gb + 40gb)

1. Right click on Disk 2 and choose New Spanned Volume (See Figure 1: Spanned

Volume Option).

Figure 1: Spanned Volume Option

2. The new spanned volume wizard will begin, click Next (See Figure 2: Spanned Volume Wizard).

Figure 2: Spanned Volume Wizard


47

3. Select the disks to be included in the spanned volume. Add all disks by clicking Add, then click Next (See Figure 3: Add Disks)

Figure 3: Add Disks

4. Leave the options as default (assign drive letter E) and click Next (See Figure 4:

Assign Drive Letter).

Figure 4: Assign Drive Letter


48

5. Format the volume using the default settings (NTFS, Default size, Quick Format). Click Next (See Figure 5: Format Spanned Volume).

Figure 5: Format Spanned Volume

6. Click finished when wizard completes

7. When wizard has completed new spanned volume information will appear in the

disk management console (See Figure 6: Spanned Volume Information)

Figure 6: Spanned Volume Information


49

D.1 Setting up Organizational Units (OUs) Active directory allows us to define users and computers based on the organisational

structure of the network. Using organizational units we can delegate control and

management of data (Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G., 2009, p.3).

Unlike groups, OUs are containers for objects that allow them to be represented in the

domain hierarchy (Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G., 2009, p.248).

1. Go to Start Administrative Tools Active Directory Users and Computers

(See Figure 1: Active Directory Users and Computers).

Figure 1: Active Directory Users and Computers

2. Right click on the domain name (MSCCONV.IPA) in the left-hand pane. Choose

New then Organisational Unit (See Figure 2: Organisational Unit).

Figure 2: Organisational Unit


50

3. Enter the name of the new organisational unit (name it IPA) and click OK (See Figure 3: Name Organisational Unit).

Figure 3: Name Organisational Unit

Now we will create a new organisational unit within the one that has just been created.

4. Right click on the newly created IPA organisational unit and choose New then Organisational Unit (See Figure 4: Nested Organisational Unit).

Figure 4: Nested Organisational Unit


51

A diagram of the organisational structure we will be using can be seen in figure 5: Organisational Unit Structure

Figure 5: Organisational Unit Structure

5. Once all organisational unit have been entered there should be a nested list of all

unit visible in the left-hand pane (See Figure 6: Nests Organisational Unit Tree).

Figure 6: Nests Organisational Unit Tree


52

D.2 Setting up Users When setting up a user account in active directory, it becomes an active directory account.

This means the user account can log on to any work station within the domain (Tittel, E. &

Korelc, J., 2008, p.204).

1. Click the IPA organisational unit from the left-hand pane. Then right click the white

space in the right-hand pane (below marketing). Choose New then User (See

Figure 1: Add User).

Figure 1: Add User

2. Enter in the user details (see figure 2) and click Next (See Figure 2: User Details).

Figure 2: User Details


53

3. Enter a password (Pa$$w0rd) and uncheck User must change password on next logon and click Next (See Figure 3: User Password).

Figure 3: User Password

4. Click Finish to confirm user settings (See Figure 4: Confirm User Settings)

Figure 4: Confirm User Settings


54

5. We will set up users in each of the organisational units as follows in Figure 5: Organisational Unit Users

Figure 5: Organisational Unit Users

6. To set up users in each organisational units open each unit and right click in the white space and choose New then User (See Figure 6: New User in OU)

Figure 6: New User in OU


55

7. Users should appear listed in the organisational unit (See Figure 7: Organisational Unit User List)

Figure 7: Organisational Unit User List


56

D.3 Setting user logon times The Active Directory Users and Computers console allows us more control over user

accounts and settings. Along with the usual password restrictions (as found in standard

Windows user setup) we can also define logon times. Restricting logon times allows greater

control over when users can access the system (Tittel, E. & Korelc, J., 2008, p.208).

1. In ADUC highlight the users you wish to apply the logon restrictions to, right click

and choose Properties (See Figure 1: Multiple User Properties).

Figure 1: Multiple User Properties

2. On the Account tab, check the box beside Logon Hours: and click Logon Hours (See Figure 2: Logon Hours).

Figure 2: Logon Hours


57

3. In the Logon Hours window choose Logon Denied to clear the time restrictions

(See Figure 3: Clear Times).

Figure 3: Clear Times

4. Highlight the time and day you want to allow logon, select Logon permitted, then

click OK (See Figure 4: Specify Times).

Figure 4: Specify Times

Now all users that were selected are limited to only log on to the domain between Monday

and Friday


58

E.1 Setting up groups Groups are collections of users that need similar levels of access to resources. Groups simplify administration by reducing the number of relationships that need to be managed (Tittel, E. & Korelc, J., 2008, p. 212). Here we will set up groups to represent the hierarchical structure of our users. More information on best practice for setting up groups can be found at: http://technet.microsoft.com/en-us/library/cc779601%28v=ws.10%29.aspx

1. Users will be grouped according organisational unit and role within the organisation. See Figure 1: User Grouping Diagram

Figure 1: User Grouping Diagram

2. Open Active Directory Users and Groups and select the organisational unit in

which you want to create the group. Right click in the white space and choose

New then Group (See Figure 2: Adding a New Group).

Figure 2: Adding a New Group


59

3. On the new group window enter the name of the group and choose Global under the Group scope then click OK (See Figure 3: Name Group).

Figure 3: Name Group

There are three group scopes available, domain local, global, and universal. The domain local only applies to a single machine. Global applies to the entire domain, and universal applies to the entire forest, including all domains (Tittel, E. & Korelc, J., 2008, p.212).

4. Right click on the newly created group and choose Properties (See Figure 4: Group

Properties).

Figure 4: Group Properties


60

5. Choose the Members tab and click Add (See Figure 5: Add Members to Group).

Figure 5: Add Members to Group

6. From the Select users.. dialogue type user and click Check Names (See Figure 6: Check Names).

Figure 6: Check Names

Note: As there are several users with a username similar to user this will open a Multiple

Names Found dialogue, which will allow us to easily add several users to the group at once.


61

7. As we are setting up the group to cover all users (as all are Staff) select all the

users from the Multiple Names Found window and click OK (See Figure 7: Add

Multiple Users).

Figure 7: Add Multiple Users

8. Click OK to confirm the users to be added to the group (See Figure 8: Confirm Add Users).

Figure 8: Confirm Add Users

We will now add groups based on figure 1. As Managers, Trainers and Admin contain users from all sub organisational unit we will create new groups within the IPA organisational unit. For groups based on organisational unit we will place the group within the OU itself.


62

9. Create a new group for Managers within the IPA organisational unit. Repeat steps 2 8 (See Figure 9: Managers Group).

Figure 9: Managers group

10. Add user1, user11, user16 and user19 to this group using the method as step 7.

Press the ctrl key to select multiple users (See Figure 10: Select Multiple Users).

Figure 10: Select Multiple Users


63

11. Within the marketing OU create a new group called marketing and add all the users from the organisational unit to this group (See Figure 11: OU Group).

Figure 11: OU Group

Create a group for the Dublin and Belfast organisational unit Note: For organisational units that have sub groups it is possible to add a group within a group to save time.

12. Go to the IT organisational unit and create a group called IT, now when it comes to adding users simply type the name of the sub group to be added (add Dublin and Belfast), see Figure 12: Groups in Groups.

Figure 12: Groups in Groups


64

E.2 Restrict view to Organizational Unit with a Group Policy We can restrict users from one organisational unit from being able to see users from another organisational unit in a similar way to setting NTFS permissions in windows. Here we will restrict users in the Marketing OU from seeing users in the IT OU.

1. In the Active Directory Users and Computers console go to View and choose Advanced Features (See Figure 1: View Advanced Features).

Figure 1: View Advanced Features

2. Right click on the IT organisational unit and select Properties (See Figure 2:

Organisational Unit Properties).

Figure 2: Organisational Unit Properties


65

3. Choose the Security tab then choose Add (See Figure 3: Add Security Privileges).

Figure 3: Add Security Privileges

4. Add the Marketing group and click OK (See Figure 4: Add Group Privileges).

Figure 4: Add Group Privileges


66

5. Once we have added the Marketing group check the box under Deny for the

read option (See Figure 5: Deny Read).

Figure 5: Deny Read

6. On the client machine log in as a user13 from the marketing group.

7. Go to start and type in the searchbox c:\Windows\system32\rundll32.exe

dsquery.dll, OpenQueryWindow. This will allow us to search the active directory

8. Type User in the search box to list all users, this will demonstrate that users are

visible (See Figure 6: Search Directory).

Figure 6: Search Directory


67

9. Next type user19 (a user in the IT OU), this user cannot be found as the logged on

user does not have access to read that OU (See Figure 7: Search For User).

Figure 7: Search For User

The user does not appear in the search because the logged on user is a member of the

restricted (Marketing) group which applied to the Marketing OU and cannot read/see users

from the IT organisational unit of which user19 is a member.


68

E.3 Redirecting My Documents from client machine to server When a user saves a file to the My Documents/Documents folder the files are stored on the local machine. In order to ensure that these files will be available to users no matter which machine they are logged on to we can use a tool called folder redirection. This will redirect the My Documents/Documents to a shared folder on the domain, that can be accessed from anywhere within the domain (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.1336).

1. Start-up server2 and set up a folder on the C: drive called User_Docs (See Figure 1:

Set Up User_Docs Folder).

Figure 1: Set up User_Docs folder

To make the folder accessible from other machines on the domain we will need to share it.


69

2. Right click on the User_Docs folder and choose Properties. Next choose the

Sharing tab and click Advanced Sharing (See Figure 2: Advanced Sharing

Options).

Figure 2: Advanced Sharing Options

3. Check the option to Share this folder and the click OK (See Figure 3: Share Folder).

Figure 3: Share Folder

4. Close the properties window


70

5. On server1 go to Start Administrative Tools Group Policy Management (See Figure 4: Group Policy Management Option).

Figure 4: Group Policy Management Option

6. Right click on Group Policy Objects and select New (See Figure 5: New Group

Policy Object).

Figure 5: New Group Policy Object


71

7. Name the group policy object (RedirectDocsGPO, See Figure 6: Name Group Policy Object)

Figure 6: Name Group Policy Object

8. Click OK to confirm the creation of the object (See Figure 7: Group Policy Confirmation Notification).

Figure 7: Group Policy Confirmation Notification

9. Right click on the newly created object and choose Edit (See Figure 8: Edit Group Policy Object).

Figure 8: Edit Group Policy Object


72

10. Go to User ConfigurationPoliciesWindows SettingsFolder RedirectionDocuments (See Figure 9: Folder Redirection).

Figure 9: Folder Redirection

11. Right click Documents and choose Properties (See Figure 10: Documents Properties).

Figure 10: Documents Properties


73

12. Choose Basic Redirect everyones folder to the same location from the Setting option, then enter the location of the shared User_Docs folder in the Root Path: then choose OK (See Figure 11: Redirect Settings).

Figure 11: Redirect Settings

13. Choose the Settings tab and check all three checkboxes for this example we will leave the folder in place even if the policy is removed, click OK (See Figure 12: Document Redirect Policy Settings).

Figure 12: Document Redirect Policy Settings


74

14. Click Yes to confirm the settings (See Figure 13: Confirm Settings).

Figure 13: Confirm Settings

Note: The editor will appear empty even though policies have been applied. Close the editor.

15. Close the Group Policy Management Editor

16. At the Group Policy Management window right click on the domain

(MSCCONV.IPA) and choose Link an Existing GPO (See Figure 14: Link Existing GPO).

Figure 14: Link Existing GPO


75

As we want to apply to a client within the domain we can apply the group policy object to the entire domain

17. Choose the newly created group policy object (RedirectDocsGPO) from the list and click OK (See Figure 15: Select GPO).

Figure 15: Select GPO

18. The group policy object should now be listed in the right-hand pane when the domain is selected (See Figure 16: Listed GPO).

Figure 16: Listed GPO

19. Double click on the GPO in the right-hand pane


76

20. Check Do no show this message again (for convenience) and click OK (See Figure 17: GPO Notification).

Figure 17: GPO Notification

As we only want this GPO to apply to the client1 machine we must add it to the scope of the policy

21. On the Scope tab choose Add.. (See Figure 18: Add to Scope).

Figure 18: Add to Scope

22. In the Select Users, Computers.. window click Object Types.. (See Figure 19: Select Object Types).

Figure 19: Select Object Types


77

23. Check the box beside Computers to list computers in the add dialogue (See Figure

20: List Compuers).

Figure 20: List computers

24. Now we can type Client1 and add it to the scope, click OK (See Figure 21: Adding Client1).

Figure 21: Adding Client1


78

25. Client1 will now be listed in the scope (See Figure 22: Client Listed in Scope).

Figure 22: Client Listed in Scope

26. To demonstrate the folder redirection we need to save a file in the documents

folder of the client machine.

27. Start client1 and log on as User16, open the Documents folder and save a file.

28. On server2 go to the User_Docs folder on the C: drive. We can now see the user

folder for User16 (See Figure 23: User folder in User_Docs).

Figure 23: User folder in User_Docs

The users documents are now stored in a subfolder within the C:\User_Docs directory of

server2


79

E.4 Blocking access to Control Panel with GPOs For security purposes we can remove user access to the control panel using group policy

object. (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.1350).

In this task we will block users from the Belfast OU from having access to the Control Panel

we will then add an exception to this for User20

1. Open the Group Policy Management console and right click on Belfast and

choose Create a GPO on this domain, and Link it here (See Figure 1: Create and

Link GPO)

Figure 1: Create and Link GPO

2. Name the GPO BlockControlPanelGPO. Right click on the GPO and select Edit (See Figure 2: Edit GPO).

Figure 2: Edit GPO


80

3. Go to User ConfigurationPoliciesAdministrative TemplateControl Panel and right click on Prohibit access to the Control Panel and choose Edit (See Figure 3: Prohibit Control Panel Access).

Figure 3: Prohibit Control Panel Access

4. Click the radio button beside Enabled then click OK (See Figure 4: Enable Prohibited Access).

Figure 4: Enable Prohibited Access


81

5. To test the restriction log in to client1 as User19 and try access Control panel

6. An error message will appear (See Figure 5: Restriction Notification).

Figure 5: Restriction Notification

Now we will add an exception for User20.

7. On the group policy management window choose Delegation from the right-hand pane of the group policy window and choose Add (See Figure 6: Add Delegation).

Figure 6: Add Delegation


82

8. Add User20 and click OK (See Figure 7: Add User to Delegation).

Figure 7: Add User to Delegation

9. Choose Read from the dropdown list under permissions and click OK (See Figure 8: User Read Permission).

Figure 8: User read permission

10. With User20 highlighted in the list choose Advanced (See Figure 9: Advanced Delegation Options).

Figure 9: Advanced Delegation options


83

11. From the Security Settings window choose User20 and check the box under Deny for Read (See Figure 10: Deny Read of GPO).

Figure 10: Deny Read of GPO

12. Click Yes to confirm settings (See Figure 11: Confirm Settings).

Figure 11: Confirm settings

Note: As the user cannot read the GPO it will not apply to user20


84

13. To confirm these setting log into Client1 as user20 the control panel will now be

listed in the start menu and the user can access it (See Figure 12: User20 Control

Panel Access).

Figure 12: User20 Control Panel Access


85

E.5 Publishing software to Users with GPOs Using GPOs it is also possible to automate many tasks, which includes software distribution. In this task we will publish a software package to the domain which will be available to all users on the domain to install through the control panel (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.382).

1. To publish software the msi application needs to be stored in a shared folder.

2. For the purpose of this demonstration an MSI installer for google chrome was

downloaded and saved to a shared folder on Server1 called sysvol.

3. Create a new group policy name InstallChromeGPO and link it to the Dublin OU (See Figure 1: InstallChromeGPO).

Figure 1: InstallChromeGPO


86

4. Edit the GPO and go to User ConfigurationPoliciesSoftware Settings, right

click Software Installation and choose New, then Package (See Figure 2:

Software Installation Settings).

Figure 2: Software Installation settings

5. Select the MSI file from the shared folder and click Open (Figure 3: Select MSI File).

Figure 3: Select MSI File


87

6. Choose Published from the Select deployment method option and click OK

(See Figure 4: Deployment Method).

Figure 4: Deployment Method

7. The software should now be listed under the Software Installation option (See

Figure 5: MSI Listed).

Figure 5: MSI listed

To demonstrate this we will log onto the client machine as User16 (a user from the Dublin OU). Published software is available to user through the control panel, it is not automatically installed


88

8. On client1 log in as User16 and open the Control Panel, under programs select Get Programs (See Figure 6: Get Programs Option).

Figure 6: Get Programs Option

9. The deployed MSI file should appear in the Get Programs window (See Figure 7:

MSI in Get Programs Window)

Figure 7: MSI in Get Programs Window


89

F.1 Installing print server role Adding a print server role allows the server to manage the print queue for all users on the

domain. A server role also adds advanced sharing features for the printer (Minasi, M.,

Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.539).

1. On the Initial Configuration Tasks window choose Add roles from the

Customize This Server (See Figure 1: Initial Configuration Task Window - Roles)

Figure 1: Initial Configuration Task Window - Roles

2. Choose Print and Document Services from the Select Server Roles options and

click Next (See Figure 2: Print and Document Services).

Figure 2: Print and Document Services


90

3. When presented information about Print and Document Services click Next (See Figure 3: Print and Document Services Information).

Figure 3: Print and Document Services Information

4. Choose Print Server from the top of the list of services and click Next (See Figure 4: Printer Server Role Services).

Figure 4: Print Server - Role Services


91

5. Click Install to confirm the installation the role will now be installed (See Figure 5: Installation Confirmation).

Figure 5: Installation Confirmation

6. When the installation has completed successfully click Close


92

F.2 Installing Printers Installing Printers in active directory is similar to a printer installation in windows 7 (Bott, E.,

Sienchert, C. and Stinson, C., 2011, p.1061). However once a printer is installed to a domain

controller there are options to list the printer in the directory (Minasi, M., Gibson, D., Finn,

A., Henry, W. & Hynes, B., 2010, p.562).

1. Go to Start and click Devices and Printers (See Figure 1: Devices and Printers

Option)

Figure 1: Devices and Printers Option

2. In the Devices and Printers window right click under the Printers and Faxes and

choose Add a printer (See Figure 2: Add Printer Option).

Figure 2: Add Printer Option


93

3. Choose Add a local printer (See Figure 3: Add Local Printer).

Figure 3: Add Local Printer

4. Next choose and existing port from the drop down list (See Figure 4: Choose Printer

Port). Note: Choose a port which is not already in use.

Figure 4: Choose Printer Port

5. From the Manufacturer list choose HP and then choose HP 910 from the

Printers list (See Figure 5: Printer Selection).

Figure 5: Printer selection


94

6. Name the printer you want to install (here we name the printer HP910), click Next (See Figure 6: Printer Name).

Figure 6: Printer name

7. Choose Share this printer and leave the default field entries, click Next (See Figure 7: Printer Sharing).

Figure 7: Printer Sharing

8. Click Finish when the installation is completed (See Figure 8: Installation Completion).

Figure 8: Installation Completion


95

9. Repeat the process ensure that you choose a different port to the one used for the installation of the HP900 printer (step 4) and install a HP 915 (step 5), (See Figure 9: Alternate Port Selection).

Figure 9: Alternate Port Selection

Name this second printer HP900


96

F.3 Publishing printer to directory Although printers that are directly connected to server machines can be shared through the network it is better to have the printer managed by a server which allows for more control over print jobs and multiple user access (Lowe, D., 2011). In this section we will publish both the HP910 and HP900 printer.

1. In Devices and Printers under the Printers and Faxes section right click on the

printer you wish to publish. Choose Printer properties (Figure 1: Printer Properties).

Figure 1: Printer Properties

2. Choose the Sharing tab and then check List in the directory, click OK (See Figure 2: List in Directory).

Figure 2: List in directory


97

3. Search for printer in active directory. Using Server2, run Active Directory Users and Computers. Right click on the domain name (MSCCONV.IPA) and choose Find (See Figure 3: Find in Directory).

Figure 3: Find in Directory

4. In the Find Users, Contacts and Groups window choose Printers from the Find:

dropdown menu (See Figure 4: Find Window).

Figure 4: Find Window


98

5. Enter the name of the printer into the name field and click Find Now. If the printer is found it will be listed under the Search results: (See Figure 5: Search Results).

Figure 5: Search Results


99

F.4 Installing a generic unshared printer Next we will install a generic printer which will not be shared. A generic printer installation provides general printer configuration without specific hardware settings. Although it may work in some cases for attached hardware, it should generally be replaced with specific hardware drivers (Bott, E., Sienchert, C. and Stinson, C., 2011, p.57). For the purpose of this manual we will install a generic printer. Follow the steps in F.2 Installing Printers At step 4, choose a free port and then choose Generic and Generic/Text Only at step 5. Then click Next (See Figure 1: Generic Printer Installation).

Figure 1: Generic Printer Installation

6. At step 7 choose Do not share this printer (See Figure 2: Do Not Share Printer).

Figure 2: Do Not Share Printer


100

G.1 Setting up server core file services Enabling Network File System and creating share

By default any machine sharing a file or folder is a file server. However to demonstrate some of the extra file server features we will install a new role. Server machines allow us to add extra functionality and system maintenance roles (Installing a server role on a server running a Server Core installation of Windows Server 2008 R2: Overview, 2010). The Network File System (NFS) role, is a file sharing role to allow sharing between windows and unix systems. This role would be used when the domain hosts several different environments e.g. Mac, Linux and Windows.

1. Start windows server core (MS-Core) and type start /w ocsetup ServerForNFS-Base and press Enter (See Figure 1: Install NFS Role).

Figure 1: Install NFS Role

2. Next we will make a folder to share. Type mkdir c:\share and press Enter (See Figure 2: Make Folder).

Figure 2: Make folder

This will place a folder on the C drive called share

3. Navigate to the folder to confirm it has been created. Type cd c:\share and press enter (See Figure 3: Navigate to Folder).

Figure 3: Navigate to folder

Once we have confirmed the folder is created we will share it on the network


101

4. Type net share ms-coreShare=c:\share and press Enter. This will set up a share called ms-coreShre and points it to the share folder on the C drive (See Figure 4: Folder Share).

Figure 4: Folder share

By sharing the ms-coreShare folder the MS-Core machine is now a file server, however as we

have also installed NFS, this share is also accessible by machines running unix systems.


102

Testing share on the network using server1

To find a shared resource on the network we can simply search for the computer name on the network using the prefix \\, network shares are identified as follows \\computer\\shareName (Bott, E., Sienchert, C. and Stinson, C., 2011, p.742).

1. On server1 go to Start and type \\ms-core to display the network shares for the core server (See Figure 2: Search for Core Server).

Figure 1: Search for Core Server

2. If the core server has been configured correctly we should see the ms-coreShare

folder (See Figure 2: Shared Folder).

Figure 2: shared folder


103

G.2 Configuring Remote Desktop on Server Core Remote Desktop is one of the most powerful tools available to an administrator, it allows an administrator to virtually connect to a machine and use it as thought they were using the physical machine (Lowe, D., 2011, p.494). Note: In order to remote desktop to another machine within the domain we must ensure that the primary domain server is powered on to allow logon services.

1. Start Server1

2. Run sconfig on the core server. (MS-Core). Type 7 and press enter for Remote Desktop options. Then type E and press Enter to enable remote desktop (See Figure 1: Remote Desktop Options).

Figure 1: Remote Desktop Options

3. Next type 2 and press Enter to allow clients with any version of Remote Desktop to connect (See Figure 2: Any Remote Desktop Client).

Figure 2: Any Remote Desktop Client


104

4. Click OK to close the notification (See Figure 3: Notification).

Figure 3: Notification


105

G.3 Remote connecting to Server Core from Windows 7 Windows 7 comes with an inbuilt feature called Remote Desktop Connection which allows

us to access remote desktop services easily (Bott, E., Sienchert, C. and Stinson, C., 2011,

p.762).

In this section remote desktop will be used to connect into the core installation from the

windows 7 client machine (client1).

1. Go to Start and type Remote Desktop Connection. Click the top entry in the list

(See Figure 1: Remote Desktop Search)

Figure 1: Remote Desktop Search

2. Enter the IP address of the core server in the Computer field and click Connect (See Figure 2: Connection Setup)

Figure 2: Connection Setup


106

3. Logon with an administrator account. Click Use another account (See Figure 3: Use Another Account)

Figure 3: Use Another Account

4. Enter in the domain administrator username (administrator) and password

(Pa$$w0rd), (See Figure 4: Administrator Logon).

Figure 4: Administrator Logon

5. Remote desktop will now connect (See Figure 5: remote Desktop Connecting).

Figure 5: Remote Desktop Connecting


107

6. Click Yes to accept the security certificate (See Figure 6: Remote Desktop Certificate)

Figure 6: Remote Desktop Certificate

7. A window will now open that displays the screen of the MS-Core server (See Figure

7: Remote Desktop to Core).

Figure 7: Remote Desktop to Core


108

H.1 Setting up DHCP Services (Server2) Dynamic Host Configuration Protocol (DHCP) services allow a server to assign IP addresses to nodes on the network. This allows for greater control over the network and better management of network resources (Lowe, D., 2011, p.125).

1. Start-up Server2 and choose Add roles from the Initial Configuration Tasks window (See Figure 1: Initial Configuration Tasks Window).

Figure 1: Initial Configuration Tasks Window

2. Click Next on the Before You Begin notification. Choose DHCP Server from the

Select Server Roles page and click Next (See Figure 2: Install Server Role).

Figure 2: Install Server Role


109

3. Click Next at the Introduction to DHCP Server

4. Select the network connection you wish to use with the DHCP server and click

Next. (Here we use 192.168.0.2)

Figure 3: Network Connection Selection

5. Set the DNS server to point to the local host (127.0.0.1) and parent domain to the

domain network we have set up. Make sure all settings are the same as those in Figure 4 (Below) and click Next

Figure 4: DNS Settings

Make sure there are no references to server1 in the DNS as we want to use server2 solely for DHCP services


110

6. WINS is not required, so choose WINS is not required for application on this network and click Next

Figure 5: WINS Server Settings

7. On the Add or Edit DHCP Scopes window choose Add (See Figure 6: DHCP

Scopes)

Figure 6: DHCP scopes


111

8. Enter in the following details: Scope Name = server2 Starting IP = 192.168.0.100 Ending IP = 192.168.0. 150 Subnet mask = 255.255.255.0 (See Figure 7: DHCP Scope Settings)

Figure 7: DHCP Scope Settings

9. Click Next once you have added the scope (See Figure 8: DHCP Set Up).

Figure 8: DHCP Set Up


112

10. Enable DHCPv6 stateless mode and click Next (Figure 9: DHCPv6 Settings).

Figure 9: DHCPv6 Settings

11. Leave the IPv6 DNS server settings as the default settings and click Next (See

Figure 10: IPv6 DNS Server Settings).

Figure 10: IPv6 DNS Server Settings


113

12. As we are logged into server2 as the domain administrator we can Use current credentials to authorize the DHCP server, the click Next (See Figure 11: Authorize DHCP)

Figure 11: Authorize DHCP

13. Click Install to confirm the settings (See Figure 12: Confirm Installation).

Figure 12: Confirm Installation

14. Click Close when installation completes


114

H.2 Setting up windows 7 to obtain IP from server2 To use server2 as the DHCP server it must be running along with the client machine. The client machine will obtain its IP settings automatically and use the DNS to configure it settings. In the following example we will point the DNS to Server2 to obtain the IP settings from the DHCP server on Server2.

1. On the client machine (client1) open the network adapter settings and change the IPv4 settings to obtain an IP address automatically. Change the preferred DNS to the IP address of server2 (192.168.0.2), leave the alternative DNS server blank. (See Figure 1: Network Adapter Settings)

Figure 1: Network Adapter Settings

2. Open Command Prompt and type ipconfig to display the ip address that is being

assigned from server2. It should be in the range of the scope defined during the setup of DHCP server (See Figure 2: Assigned IP)

Figure 2: Assigned IP


115

H.3 Removing DHCP services We will now remove DHCP services from server2 so it will no longer hand out IP addresses to

computers on the network.

1. Go to Start Administrative Tools Server Manager (See Figure 1: Server

Manager Option)

Figure 1: Server Manager Option

2. Choose Roles from the left-hand pane, then choose Remove Roles (See Figure 2:

Remove Role Option)

Figure 2: Remove Role Option


116

3. Click next on the Before You Begin information page

4. Uncheck DHCP in the Remove Server Roles window, then click Next (See Figure 3: Remove Roles).

Figure 3: Remove Roles

5. Click Remove to confirm the removal selection

6. Click Close when removal process complete

7. When prompted restart the server (See Figure 4: Restart Prompt).



117

To confirm that the settings have been applied correctly, test the client machine to see what IP address it is assigned when the DHCP server is down. On client1 open command prompt and run IPCONFIG Because server2 is no longer a DHCP server, the client machine will not be assigned an IP

address.

By default windows will assign an Automatic Private IP Address (APIPA) when it cannot

obtain network configurations from the server (Northrup, T. & Mackin, J.C., 2010, p.60).

An APIPA address always starts with 169.X.X.X (See Figure 5: APIPA Address)

Figure 5: APIPA Address


118

I.1 Decommissioning a domain controller Normally when a domain controller is still functioning and connected to the domain we can use dcpromo to decommission it from the domain. This offers a graphical user interface similar to the one used on setting up the domain controller. Once a domain controller has been decommissioned using this method, it is automatically connected as a work station and is now a member server. If however a domain controller is unbootable or disconnected from the server, we need to delete it from the domain using an active domain controller on the domain (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.264).

1. Open Active Directory User and Computers and choose Domain Controllers from the left-hand pane.

2. Right click on Server2 and choose Delete (Figure 1: Deleting Domain Controller).

Figure 1: Deleting Domain Controller

3. Click Yes to confirm delete (See Figure 2: Confirm Delete).

Figure 2: Confirm Delete


119

4. In order for the domain controller to be deleted we must confirm that it is offline and choose delete. Check the box and click Delete (See Figure 3: Confirm Offline)

Figure 3: Confirm Offline

5. A message box will appear stating that the domain controller is a global catalog. Click Yes to continue the deletion.

6. The sever2 domain controller has now been deleted (See Figure 4: Server2 Deleted).

Figure 4: Server2 Deleted

As server2 is no longer bootable it is unlikely to be powered on again within the network. If however it was to start working then the server should be forcibly removed as to avoid domain conflicts. Open command prompt on Server2 and type dcpromo /forceremoval and follow the steps in the wizard to remove the domain controller features from the server. Where possible any machine whose primary DNS pointed to server2, should have this changed to server1.


120

References Bott, E., Sienchert, C. and Stinson, C. (2011). Windows 7 Inside Out Deluxe Edition. Washington: Microsoft Press Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G. (2009). Active Directory, Fourth Edition. USA: O'Reilly Installing a server role on a server running a Server Core installation of Windows Server 2008 R2: Overview. (July 26th 2010). Retrieved June 12th, 2013, from http://technet.microsoft.com/en-us/library/ee441260%28v=ws.10%29.aspx Lowe, D. (2011). Networking All-In-One for Dummies, Fourth Edition. NJ: Weily Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B. (2010). Mastering Windows Server 2008 R2. Indiana: Wiley Publishing Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C. (2010). Windows Server 2008 R2 Unleashed. Indiana: Pearson Northrup, T. & Mackin, J.C. (2010). Windows 7 Enterprise Desktop Support Technician: Self-paced Training Kit. Washington: Microsoft Press Tittel, E. & Korelc, J. (2008). Windows Server 2008 For Dummies. Indiana: Wiley Publishing

domain controllers and active directory

Documents

windows server

server core file services

member server mscore

print server role

setting user logon times

domain controller server2

dhcp services server2

publishing printer