SYSTEM

ADMINISTRATION

ACTIVE DIRECTORY ON

Dr. Zeeshan Bhatti

BSIT-IV
Module 3: Lecture 5

ACTIVE DIRECTORY
What is Active Directory?

LDAP Directory Service

Works with and requires DNS
Incorporated into Windows 2000 and XP
Centrally Managed
Extensible
Interoperable

ACTIVE DIRECTORY
Building blocks of Active Directory
Objects

Users
Machines

Sites
Domains
Trees
Forests
Trusts
Transitive
Non-Transitive
Cross Link

ACTIVE DIRECTORY
Building blocks contd
Domain Controllers
Groups
Global Groups
Universal Groups
Domain Local Groups

ACTIVE DIRECTORY

Marketing

Organizational Unit

Accounting

Blackhat.com

ACTIVE DIRECTORY

Two way trust

Two way trust

west

Transitive
Trust

Blackhat.com

east

ACTIVE DIRECTORY

Cross link
One way trust

Defcon.org

Blackhat.com

ACTIVE DIRECTORY
Sites

Collection of IP addresses
Information is stored by all domain controllers in the forest
Intra-site replication is instant
Inter-site replication can be scheduled
Used at logon to find closest Domain Controller
Bridgehead Server
Maintains link between sites.

ACTIVE DIRECTORY
Sites contd
Subnets
Does not necessarily translate from actual subnets

Knowledge Consistency Checker

Automatically defines the replication topology and bridgehead servers.
These can be set manually

In this Lecture, We shall create the Active directory and

domain controller for server 2008.

PREPARE FOR ACTIVE

DIRECTORY
Before you install AD DS on a VM Ware running Windows
Server 2008 (W2K8), you must perform the following
prerequisite tasks.
Select Domain Name and Password
Select your domain name and know the domain
administrator password that you want to use.
Note: Your domain name should be reliably unique. Do not
use the same domain as your website, for example, and
avoid extensions like .local unless you have registered
that domain name in DNS. We suggest a domain name that
is not used for anything else, like zeeshan.academy.com"..

SPECIFY THE
PREFERRED DNS
SERVER

Windows Server 2008 can properly install and

configure DNS during the AD DS installation if it knows
that the DNS is local. You can accomplish this by
having the private network adapters preferred DNS
server address point to the already assigned IP address
of the same private network adapter, as follows:

1.From the Windows Start menu, open Administrative

Tools > Server Manager.

2. In the Server Summary section of the Server

Manager window, click View Network Connections.

3. In the Network Connections window, right-click the

private adapter and select Properties.

4. SelectInternet Protocol Version 4, and then

clickProperties.

5. Finally the last step is to

assign a ip to the server that you
going to deploy the AD. Its
necessary to install it as DNS
server too. So its better to have
fixed ip it doesn't mean you
cannot install AD without fixed ip
address but it will solve lot of
issues if you used fixed ip.
In here the server ip is
10.0.0.14. Since we going to
make it as DNS server too you
should use the same ip as the
preferred DNS server.
We used IP address of class A
(10.0.0.14) as a static IP for our
server.

ADD THE ACTIVE

DIRECTORY DOMAIN
SERVICES
Adding
the Active DirectoryROLE
Domain Services role installs the
framework for Windows Server
2008 to become a DC and run AD
DS. It does not promote the
server to a DC or install AD DS.

Next step is to install the Active

directory roles. Unlikely the older
version of windows servers
Microsoft highly recommend to
use server manager option to
install roles before you run
dcpromo.
Click on start menu and select
the Server Manager

Select the roles from the right hand panel and click on
add roles option.

From the roles list select the "Active Directory Domain

Services" role and Click "Next"

Review the confirmation and click on "Next"

Review the installation confirmation and click on "Next"

It will take few minutes to complete and when its done

you will get this confirmation. And then click on "Close"

ENABLE THE REMOTE

REGISTRY
1. Open the Server Manager window if it is not already
open.
2. In the Properties area of the Local Servers page,
click Remote Management.
3. Select the Enable remote management of this
server from other computers check box.

AFTER THAT YOU WILL

NEED TO DO A REBOOT.

INSTALL ACTIVE
DIRECTORY DOMAIN
SERVICES (DCPROMO)

Now that you have prepared the server, you can install
AD DS.
Tip: As an alternative to performing steps 1 through 3,
you can type dcpromo.exe at the command prompt.
Then, skip to step 4.

After reboot please open up the "server Manager" again. And

then click on "Roles" there you will see the "Active Directory
Domain Services" is successfully installed in there. click on it
then you will get a window like below.

IN THEIR PLEASE PAY

ATTENTION TO THE
MESSAGE

So please click on that link and it will

start the DCPROMO wizard

SO NEXT STEP TO GO
THROUGH THE DC
PROMO WIZARD.
To start the
installation click on
"Next"

Click on "Next"

Since we going to install New domain Controller in new

forest please select the option "Create a new domain in
new forest" option and click on "Next"

Now we have to provide the name for our domain

controller. It must be FQDN. In our case I used
zeeshan.com as the domain. Please click "Next" after
it.

In this window it will ask to select forest function level.

If you going to add server 2003 domain controller to
your forest later don't select the function level as
server 2008. If you going to use full features of 2008
Ad you must select forest function level as server
2008. In my case I used server 2008. Click on "Next"
after the select.

In next window since it's the first DC we should make it

as DNS server too. Leave the default selection and
click on "Next"

If the wizard cannot create a delegation for the DNS

server, it displays a message to indicate that you can
create the delegation manually. To continue, click "Yes"

In next window it will show up the database location. It

its going to be bigger AD its good if you can keep NTDS
database in different partition. Click on "Next" after
changes.

In next window its asking to define a restore mode

password. Its more important if you had to do a restore
from backup in a server crash. Click on "Next" after
filling it.

Next window is giving you a brief of the installation.

Click on "Next"

Then it will start the installation of the AD. It will take

some time to complete. After complete of the
installation perform a server reboot.

If you did not select theReboot on completioncheck

box, clickFinish in the wizard. Then, restart the
server.

After the reboot now you can

login to the domain. Please
use the login as following
example
User name : your
domain\administrator
Password : XXXXXXXX

After a few minutes, reconnect to your server by using the Console in your
Control Panel or RDP.
To log in, perform the following steps:
a. Click Switch User, and then click Other User.
b. For the user, enter the full domain name that you chose, followed by a
back slash and Administrator (for example, Example.com\Administrator).
c. Enter the password that was emailed to you when you first built the
server. If you changed your password
for the local admin account to this server before you began the
installation of Active Directory Domain Services, use that password.
d. Click the log in button.

NOW ITS DONE AND YOU

CAN VIEW THE ACTIVE
DIRECTORY OPTIONS ON
ADMINISTRATIVE TOOLS
MENU

CONNECT YOUR
COMPUTER TO A
DOMAIN

A domain is a collection of computers on a network

with common rules and procedures that are
administered as a unit. Each domain has a unique
name. Typically, domains are used for workplace
networks. To connect your computer to a domain, you'll
need to know the name of the domain and have a valid
user account on the domain.

1. Open System by clicking the Start button

Computer, and then clicking Properties.

, right-clicking

2. Under Computer name, domain, and workgroup settings,

click Change settings . Administrator permission required If
you're prompted for an administrator password or
confirmation, type the password or provide confirmation.
3. Click the Computer Name tab, and then click Change.
Alternatively, click Network ID to use the Join a Domain or
Workgroup wizard to automate the process of connecting to a
domain and creating a domain user account on your computer.

4. Under Member of, click

Domain.
5. Type the name of the domain
that you want to join, and then
click OK.
You will be asked to type your
user name and password for the
domain.
Once you are successfully
joined to the domain, you will be
prompted to restart your
computer. You must restart
your computer before the
changes take effect.

The Computer Name/Domain Changes dialog box