module 3_lecture 5 - active directory on windows server 2008
DESCRIPTION
System Administration.Lecture 5Installing Active directory on Windows Server 2008TRANSCRIPT
SYSTEM ADMINISTRATION
ACTIVE DIRECTORY ON WINDOWS SERVER 2008
Dr. Zeeshan Bhatti
BSIT-IVModule 3: Lecture 5
ACTIVE DIRECTORY
What is Active Directory? LDAP Directory Service Works with and requires DNS Incorporated into Windows 2000 and XP Centrally Managed Extensible Interoperable
ACTIVE DIRECTORY
Building blocks of Active Directory Objects
Users Machines
Sites Domains Trees Forests Trusts
Transitive Non-Transitive Cross Link
ACTIVE DIRECTORY
Building blocks cont’d Domain Controllers Groups
Global Groups Universal Groups Domain Local Groups
ACTIVE DIRECTORY
Accounting
Marketing
Organizational Unit
Blackhat.com
ACTIVE DIRECTORY
Two way trustTwo way trust
Transitive Trust
Blackhat.com
eastwest
ACTIVE DIRECTORY
Defcon.org Blackhat.com
One way trust
Cross link
ACTIVE DIRECTORY
Sites Collection of IP addresses Information is stored by all domain controllers in the forest Intra-site replication is instant Inter-site replication can be scheduled Used at logon to find closest Domain Controller Bridgehead Server
Maintains link between sites.
ACTIVE DIRECTORY
Sites cont’d Subnets
Does not necessarily translate from actual subnets
Knowledge Consistency Checker Automatically defines the replication topology and bridgehead servers. These can be set manually
In this Lecture, We shall create the Active directory and domain controller for server 2008.
PREPARE FOR ACTIVE DIRECTORY
Before you install AD DS on a VM Ware running Windows Server 2008 (W2K8), you must perform the following prerequisite tasks.
Select Domain Name and Password
Select your domain name and know the domain administrator password that you want to use.
Note: Your domain name should be reliably unique. Do not use the same domain as your website, for example, and avoid extensions like “.local” unless you have registered that domain name in DNS. We suggest a domain name that is not used for anything else, like “zeeshan.academy.com"..
SPECIFY THE PREFERRED DNS SERVER Windows Server 2008 can properly install and configure DNS during the AD DS installation if it knows that the DNS is local. You can accomplish this by having the private network adapter’s preferred DNS server address point to the already assigned IP address of the same private network adapter, as follows:
1.From the Windows Start menu, open Administrative Tools > Server Manager.
2. In the Server Summary section of the Server Manager window, click View Network Connections.
3. In the Network Connections window, right-click the private adapter and select Properties.
4. Select Internet Protocol Version 4, and then click Properties.
5. Finally the last step is to assign a ip to the server that you going to deploy the AD. Its necessary to install it as DNS server too. So its better to have fixed ip it doesn't mean you cannot install AD without fixed ip address but it will solve lot of issues if you used fixed ip.
• In here the server ip is 10.0.0.14. Since we going to make it as DNS server too you should use the same ip as the preferred DNS server.
• We used IP address of class A (10.0.0.14) as a static IP for our server.
ADD THE ACTIVE DIRECTORY DOMAIN SERVICES ROLE
•Adding the Active Directory Domain Services role installs the framework for Windows Server 2008 to become a DC and run AD DS. It does not promote the server to a DC or install AD DS.
•Next step is to install the Active directory roles. Unlikely the older version of windows servers Microsoft highly recommend to use server manager option to install roles before you run dcpromo.
•Click on start menu and select the Server Manager
Select the roles from the right hand panel and click on add roles option.
From the roles list select the "Active Directory Domain Services" role and Click "Next"
Review the confirmation and click on "Next"
Review the installation confirmation and click on "Next"
It will take few minutes to complete and when its done you will get this confirmation. And then click on "Close"
ENABLE THE REMOTE REGISTRY1. Open the Server Manager window if it is not already
open.
2. In the Properties area of the Local Servers page, click Remote Management.
3. Select the Enable remote management of this server from other computers check box.
AFTER THAT YOU WILL NEED TO DO A REBOOT.
INSTALL ACTIVE DIRECTORY DOMAIN SERVICES (DCPROMO) Now that you have prepared the server, you can install AD DS.
Tip: As an alternative to performing steps 1 through 3, you can type dcpromo.exe at the command prompt. Then, skip to step 4.
After reboot please open up the "server Manager" again. And then click on "Roles" there you will see the "Active Directory Domain Services" is successfully installed in there. click on it then you will get a window like below.
IN THEIR PLEASE PAY ATTENTION TO THE MESSAGE
So please click on that link and it will start the DCPROMO wizard
SO NEXT STEP TO GO THROUGH THE DC PROMO WIZARD. To start the installation click on "Next"
Click on "Next"
Since we going to install New domain Controller in new forest please select the option "Create a new domain in new forest" option and click on "Next"
Now we have to provide the name for our domain controller. It must be FQDN. In our case I used zeeshan.com as the domain. Please click "Next" after it.
In this window it will ask to select forest function level. If you going to add server 2003 domain controller to your forest later don't select the function level as server 2008. If you going to use full features of 2008 Ad you must select forest function level as server 2008. In my case I used server 2008. Click on "Next" after the select.
In next window since it's the first DC we should make it as DNS server too. Leave the default selection and click on "Next"
If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click "Yes"
In next window it will show up the database location. It its going to be bigger AD its good if you can keep NTDS database in different partition. Click on "Next" after changes.
In next window its asking to define a restore mode password. Its more important if you had to do a restore from backup in a server crash. Click on "Next" after filling it.
Next window is giving you a brief of the installation. Click on "Next"
Then it will start the installation of the AD. It will take some time to complete. After complete of the installation perform a server reboot.
If you did not select the Reboot on completion check box, click Finish in the wizard. Then, restart the server.
After the reboot now you can login to the domain. Please use the login as following example
User name : your domain\administratorPassword : XXXXXXXX
After a few minutes, reconnect to your server by using the Console in your Control Panel or RDP.
To log in, perform the following steps:
a. Click Switch User, and then click Other User.
b. For the user, enter the full domain name that you chose, followed by a back slash and Administrator (for example, Example.com\Administrator).
c. Enter the password that was emailed to you when you first built the server. If you changed your password
for the local admin account to this server before you began the installation of Active Directory Domain Services, use that password.
d. Click the log in button.
NOW ITS DONE AND YOU CAN VIEW THE ACTIVE DIRECTORY OPTIONS ON ADMINISTRATIVE TOOLS MENU
CONNECT YOUR COMPUTER TO A DOMAIN A domain is a collection of computers on a network with common rules and procedures that are administered as a unit. Each domain has a unique name. Typically, domains are used for workplace networks. To connect your computer to a domain, you'll need to know the name of the domain and have a valid user account on the domain.
1. Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
2. Under Computer name, domain, and workgroup settings, click Change settings . Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Click the Computer Name tab, and then click Change. Alternatively, click Network ID to use the Join a Domain or Workgroup wizard to automate the process of connecting to a domain and creating a domain user account on your computer.
4. Under Member of, click Domain.
5. Type the name of the domain that you want to join, and then click OK.
• You will be asked to type your user name and password for the domain.
• Once you are successfully joined to the domain, you will be prompted to restart your computer. You must restart your computer before the changes take effect.
The Computer Name/Domain Changes dialog box
