SYSTEM ADMINISTRATION

ACTIVE DIRECTORY ON WINDOWS

SERVER 2008

Dr. Zeeshan Bhatti

BSIT-IV
Module 3: Lecture 5

ACTIVE DIRECTORY
What is Active Directory?

Lightweight Directory Access Protocol (LDAP) Directory Service

Works with and requires DNS
Incorporated into Windows 2000 and XP
Centrally Managed
Extensible
Interoperable

ACTIVE DIRECTORY
Building blocks of Active Directory
Objects
Users
Machines

Sites
Domains
Trees
Forests
Trusts
Transitive
Non-Transitive
Cross Link

ACTIVE DIRECTORY
Building blocks contd
Domain Controllers
Groups
Global Groups
Universal Groups
Domain Local Groups

ACTIVE DIRECTORY

Marketing

Organizational Unit

Accounting

Blackhat.com

ACTIVE DIRECTORY

Two way trust

Two way trust

west

Transitive Trust

Blackhat.com

east

ACTIVE DIRECTORY

Cross link
One way trust

Defcon.org

Blackhat.com

ACTIVE DIRECTORY
Sites

Collection of IP addresses
Information is stored by all domain controllers in the forest
Intra-site replication is instant
Inter-site replication can be scheduled
Used at logon to find closest Domain Controller
Bridgehead Server
Maintains link between sites.

ACTIVE DIRECTORY
Sites contd
Subnets
Does not necessarily translate from actual subnets

Knowledge Consistency Checker

Automatically defines the replication topology and bridgehead servers.

These can be set manually

In this Lecture, We shall create the Active directory and domain

controller for server 2008.

PREPARE FOR ACTIVE DIRECTORY

Before you install AD DS on a VM Ware running Windows Server
2008 (W2K8), you must perform the following prerequisite tasks.

Select Domain Name and Password

Select your domain name and know the domain administrator
password that you want to use.
Note: Your domain name should be reliably unique. Do not use the
same domain as your website, for example, and avoid extensions like
.local unless you have registered that domain name in DNS. We
suggest a domain name that is not used for anything else, like
zeeshan.academy.com"..

SPECIFY THE PREFERRED DNS

SERVER
Windows Server 2008 can properly install and configure DNS during
the AD DS installation if it knows that the DNS is local. You can
accomplish this by having the private network adapters preferred
DNS server address point to the already assigned IP address of the
same private network adapter, as follows:

1.

From the Windows Start menu, open Administrative Tools > Server
Manager.

2. In the Server Summary section of the Server Manager window, click

View Network Connections.

3. In the Network Connections window, right-click the private adapter

and select Properties.

4. Select Internet Protocol Version 4, and then click Properties.

5. Finally the last step is to assign a ip

to the server that you going to deploy
the AD. Its necessary to install it as
DNS server too. So its better to have
fixed ip it doesn't mean you cannot
install AD without fixed ip address but
it will solve lot of issues if you used
fixed ip.
In here the server ip is 10.0.0.14.
Since we going to make it as DNS
server too you should use the same ip
as the preferred DNS server.
We used IP address of class A
(10.0.0.14) as a static IP for our
server.

ADD THE ACTIVE DIRECTORY

DOMAIN SERVICES ROLE
Adding the Active Directory Domain
Services role installs the framework for
Windows Server 2008 to become a DC
and run AD DS. It does not promote the
server to a DC or install AD DS.
Next step is to install the Active directory
roles. Unlikely the older version of windows
servers Microsoft highly recommend to use
server manager option to install roles
before you run dcpromo.
Click on start menu and select the Server
Manager

Select the roles from the right hand panel and click on add roles
option.

From the roles list select the "Active Directory Domain Services" role
and Click "Next"

Review the confirmation and click on "Next"

Review the installation confirmation and click on "Next"

It will take few minutes to complete and when its done you will get this
confirmation. And then click on "Close"

ENABLE THE REMOTE REGISTRY

1.

Open the Server Manager window if it is not already open.

2.

In the Properties area of the Local Servers page, click Remote

Management.

3.

Select the Enable remote management of this server from other

computers check box.

AFTER THAT YOU WILL NEED TO DO A

REBOOT.

INSTALL ACTIVE DIRECTORY

DOMAIN SERVICES (DCPROMO)
Now that you have prepared the server, you can install AD DS.
Tip: As an alternative to performing steps 1 through 3, you can type
dcpromo.exe at the command prompt. Then, skip to step 4.

After reboot please open up the "server Manager" again. And then click on
"Roles" there you will see the "Active Directory Domain Services" is successfully
installed in there. click on it then you will get a window like below.

IN THEIR PLEASE PAY ATTENTION TO THE

MESSAGE

So please click on that link and it will start the

DCPROMO wizard

SO NEXT STEP TO GO THROUGH THE DC

PROMO WIZARD.
To start the installation
click on "Next"

Click on "Next"

Since we going to install New domain Controller in new forest please

select the option "Create a new domain in new forest" option and click
on "Next"

Now we have to provide the name for our domain controller. It must
be FQDN. In our case I used zeeshan.com as the domain. Please click
"Next" after it.

In this window it will ask to select forest function level. If you going to
add server 2003 domain controller to your forest later don't select the
function level as server 2008. If you going to use full features of
2008 Ad you must select forest function level as server 2008. In my
case I used server 2008. Click on "Next" after the select.

In next window since it's the first DC we should make it as DNS server
too. Leave the default selection and click on "Next"

If the wizard cannot create a delegation for the DNS server, it

displays a message to indicate that you can create the delegation
manually. To continue, click "Yes"

In next window it will show up the database location. It its going to be

bigger AD its good if you can keep NTDS database in different
partition. Click on "Next" after changes.

In next window its asking to define a restore mode password. Its more
important if you had to do a restore from backup in a server crash.
Click on "Next" after filling it.

Next window is giving you a brief of the installation. Click on "Next"

Then it will start the installation of the AD. It will take some time to
complete. After complete of the installation perform a server reboot.

If you did not select the Reboot on completion check box, click Finish
in the wizard. Then, restart the server.

After the reboot now you can login to

the domain. Please use the login as
following example
User name : your domain\administrator
Password : XXXXXXXX

After a few minutes, reconnect to your server by using the Console in your
Control Panel or RDP.
To log in, perform the following steps:
a. Click Switch User, and then click Other User.
b. For the user, enter the full domain name that you chose, followed by a back
slash and Administrator (for example, Example.com\Administrator).
c. Enter the password that was emailed to you when you first built the server. If
you changed your password
for the local admin account to this server before you began the installation
of Active Directory Domain Services, use that password.

d. Click the log in button.

NOW ITS DONE AND YOU CAN VIEW THE

ACTIVE DIRECTORY OPTIONS ON
ADMINISTRATIVE TOOLS MENU

CONNECT YOUR COMPUTER TO A

DOMAIN
A domain is a collection of computers on a network with common rules
and procedures that are administered as a unit. Each domain has a
unique name. Typically, domains are used for workplace networks. To
connect your computer to a domain, you'll need to know the name of
the domain and have a valid user account on the domain.

1.

Open System by clicking the Start button

Computer, and then clicking Properties.

, right-clicking

2.

Under Computer name, domain, and workgroup settings, click

Change settings . Administrator permission required If you're
prompted for an administrator password or confirmation, type the
password or provide confirmation.

3.

Click the Computer Name tab, and then click Change.

Alternatively, click Network ID to use the Join a Domain or
Workgroup wizard to automate the process of connecting to a
domain and creating a domain user account on your computer.

4. Under Member of, click Domain.

5. Type the name of the domain that

you want to join, and then click OK.
You will be asked to type your user
name and password for the domain.
Once you are successfully joined to
the domain, you will be prompted to
restart your computer. You must
restart your computer before the
changes take effect.

The Computer Name/Domain Changes dialog box

THANKYOU

Q&A
For My Slides and Handouts

http://zeeshanacademy.blogspot.com/
https://www.facebook.com/drzeeshanacademy

https://sites.google.com/site/drzeeshanacademy/