Lect 03 - Configuring Active Directory Domain Services

Confguring Active Directory Domain Services
TOPIC 3:
CONFIGURING ACTIVE DIR
ECTORY DOMAIN SERVICE
S (AD DS)
ITP4112 Network and Virtualized Systems
Administration Project
Topic 03,p.1
LESSON INTENDED LEARNING OUTCOMES
On completion of the lesson, students are expected to:
Know how to install the AD DS.
Services
Confguring Active Directory Domain
Know how to configure Domain User Accounts.
2
OVERVIEW
Active Directory Domain Service (AD DS) is the directory servic
e for your Windows network; it provides a hierarchical structu
re for domain management and implementation.
Services
Sharing resources throughout the domain structure is easy. A
dding new domains to the tree is straightforward, making the
directory service provided to be highly scalable.
Hence, the tree is a collection of domains. All the domains sh
are the same Global Catalog, which is the central repository f
or all the objects in the domain tree. This means all the doma
ins in the tree can get at the same set of resources, no matter
which of the domains in the tree is actually hosting that resou
rce.
3
OVERVIEW
To create a domain tree, you have to create a domain t
hat is to serve as the root of the tree. Other domains ad
ded to the tree are actually child domains (or subdomai
Services
ns) of the root domain.
Child domains in the tree are in the same namespace a
s the root domain, with a naming convention similar to
that in DNS.
A forest is a collection of trees, although these trees are
managed separately and operate in their own namespa
ces, they can belong to the same forest; this allows the
different domains in these separate trees to share the s
ame Global Catalog for locating and sharing of resource
s. 4
INSTALL AD DS AND CREATE ROOT DOMAIN
Assume you need to establish a new forest, then you need a
domain controller for the root domain of the first tree in yo
ur new forest.
First you need to add the AD DS role and then specify the cu
Services
rrent server as a domain controller for the root domain.

To install AD DS, run the Add Roles Wizard in the Server Ma
nager (with Roles node selected). Before installing a server r
ole, configure a static IP address your server.
5
Select the AD DS role and click Next.
Services
6
Services
When the installation is complete, expand the Roles nodes in the Server
Manager and select Active Directory Domain Services. Then click Run
the AD DS Installation Wizard (dcpromo.exe)
7
If you dont have a DNS server available on the network whe
n you install the AD DS role, it will be added to the server wh
en you promote the server to a domain controller.
Services
Select Create a New Domain in a New Forest.
8
Type the Fully Qualified Domain Name (FQDN) for the f
orest root domain. This would be the FQDN as defined
by your DNS namespace hierarchy.
Services
Set the functional level for your forest.
9
Next, you are provided a list of additional options for the s
erver, including DNS server. The additional options sugges
ted for installation are based on your network and server
Services
configuration.
10
Next, you are asked to specify the location for the databas
e folder, the log file, and the SYSVOL folder.
You should configure your server with multiple volumes, if
Services
you want to back up database, log, and SYSVOL files using

the Windows Backup feature.
11
Set the Directory Service Restore Mode Administrator p
assword.
Services
The AD DS will be confgured according to your settings and
selections. When completed, you need to restart the server to
complete the installation and confguration of AD DS. 12
ADD A CHILD (REGIONAL) DOMAIN
Now, you can expand the logical domain hierarchy for your netwo
rk. This includes the addition of child domains (when needed), the
deployment of additional domain controllers, and the population
Services
of the Active Directory with users and devices.
Regional domains are best used in situations where regional offic
es should be outfitted with their own domain controllers that cont
rol a regional domain.
Each regional domain controller would be a replication partner wi
th the first domain controller that you brought online when you cr
eated the root domain.
The process of creating the regional domain enables you to also c
onfigure a domain controller for the new domain and bring a DNS
server online (by adding the DNS role to the new domain controll13
er) for the new regional domain.
ADD A CHILD (REGIONAL) DOMAIN
The steps to create the regional domain and bring
the domain controller online are very similar to th
ose for creating the root domain.
Services
Also, note that a single domain can accommodate
a very large corporation, it is really not necessary t
o create a tree of domains that mimics the compa
nys corporate structure. The domain hierarchy pro
vides groups that can be used to handle access iss
ues for related groups of users (such as users in dif
ferent departments).
14
CONFIGURE THE AD DS
After installing AD DS, the Server Manager is popul
ated with the AD DS snap-in.
Services
15
DOMAIN USER ACCOUNTS
Two different types of user accounts exist: local accounts a
nd domain accounts.
Local account is used to gain access to the local machine a
Services
nd its resources, with the user validated to the local securit

y database on the machine.
Local accounts are more of an issue on computers in work
groups or on member servers within your domain.
Domain account enables a user to log on to a domain and
access resources available on that domain. Domain users c
an be added by using the Active Directory Users and Comp
uters snap-in in the Server Manager.
16
ADD USERS TO THE DOMAIN
By default, a list of groups and users are created in your do
main.
Services
17
Services
18
ADD USERS TO THE DOMAIN
USER ACCOUNT PROPERTIES
User account properties range from when the user can
log on to the domain to the users business information
, such as phone number and address.
To access these properties, right-click a user account in
Services
the Active Directory Users and Computers snap-in.
19
USER ACCOUNT PROFILE
Enables you to specify the location of a users profile and an
y logon scripts that should run when the user logs on to the
network.
You can also set the path for a users home folder (typically
Services
on a file server).
Note that the Active

Directory Users and
Computers snap-in
allows you to select
multiple objects in
the Details pane.
This enables you to
manipulate a
number of user
accounts at once.
20

Lect 03 - Configuring Active Directory Domain Services

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lect 03 - Configuring Active Directory Domain Services

Uploaded by

Copyright:

Available Formats

Confguring Active Directory Domain Services

rrent server as a domain controller for the root domain.

you want to back up database, log, and SYSVOL files using

nd its resources, with the user validated to the local securit

Note that the Active

You might also like