Active Directory Domain Services

Active Directory
 Active Directory Domain Services (AD DS) is the server service for security
and permissions in a windows environment.
 Used to set up computers and security policy for those computers on the network
 Users sign in to a network, then all the policy set up on you will apply, like some
things are available, some are not available to you by that single sign up
 AD is the brain of a windows server network
 If we don’t have AD, what we have is called workgroup, and that is not centrally
managed.
• Useful for only for networks with few computers, like less than 10 to 20.
 AD is a database that keeps track of a huge amount of stuff and gives us a
centralized way to manage all our network machines, users, and resources.
 There are three primary types of items in AD:
 Users and groups
 Services (like email, etc)
 Resources (like printers, shared folders, etc)
 All these items are objects in the Active Directory database.
2
 Domain Controller
 A domain controller is a windows server
machine that runs AD domain services.
 They hold the active directory database files.
 We can have multiple domain controllers that
all have copies of the same active directory
database.
 When changes occur, they inform each other
about it, in a process called replication.

3
 Domain
 A windows server domain is a logical group of computers
running versions of the Microsoft windows operating
system that share a central directory database.
 The machines are all named with part of a domain name
like “AU.EDU.ET” (also called suffix) and are registered in
the active directory database so they can be managed
 E.g. AU-DC-1.au.edu.et, CL1.au.edu.et, CL2.AU.edu.et, etc
 All these names are said to be part of a namespace
 Users are also part of the namespace:
 e.g. john@au.edu.et (if we have an email server)

4
 Domain
 Assume we have a domain named
globomantics.com:

5
 Server Roles
 A server role is a major job that a server can perform.
 E.g. active directory domain services (ADDS)
 It is recommended that a server not have too many roles.
 A domain controller usually has only two roles:
 Active directory domain services, and
 DNS
• DNS is a service provided by a server that allows you to find other
computers in your network.
• DNS allows us to type a friendly name of a machine instead of its IP
address, allowing our client to get the IP address from the DNS server and
go find the resource.
 Without DNS, active directory will not work

6
Installing Active Directory Domain Services

 To install an active directory on the server, get

to the server manager and click on the
dashboard, then click on Add Roles and
Features
 The page that comes can be eliminated not to
come in future by clicking at the checkbox
down (skip this page by default), and press
next

7
Installing Active Directory Domain Services

 Select “Role-based….” the default one, click next.

 Select the server, in this case “AU-DC-1”, and click
next
 From the coming window, select Active Directory
Domain Services
 Then comes additional roles and features wizard,
click on Add Features, and click Next
 What is required is automatically checked for you,
so click next
8
Installing Active Directory Domain Services

 Again click next, check on restart if required

checkbox, and click on install
 Then click on the link “Promote this server to
a domain controller”
 Here, we have to choose among 3 options
 Add a DC to an existing domain
 Add a new domain to an existing forest
 Add a new forest

9
Installing Active Directory Domain Services
 Because this DC is the very first one we are installing, we
select the last option (add a new forest)
 Name it as “au.local”, and click next
 Then set functional levels based on how far we install and
support previous operating systems.
 i.e. what is the oldest DC in the entire forest or in this domain
that we have to support
 For this case, we don’t have any previous server, so choose the
default (Windows Server 2012 R2).
 It is a good idea to have an Active Directory integrated DNS
for many reasons, so keep the default checked DNS server

10
Installing Active Directory Domain Services
 Then type the directory services restore mode password
 Which will be used in backup and recovery
 Click next, you get a warning about delegation for this DNS
server cannot be created… this is because in this example we
used the .local domain, it is saying that it can’t find a DNS server
with .local domain, just click next.
 It then finds the NetBIOS domain name (for this case AU), and
click next
 Then it tells you the path where the database and log files will
be stored
 For production environments, better to separate the database and log
files locations to different hard disks for a better performance.

11
Installing Active Directory Domain Services

 Click next, and comes the review options.

 Here, if you click on the View Script button, you see the
actual PowerShell commands to make this all happen.
 You can copy and save it for creating similar AD DC (another
forest), by changing the domain and domain NetBIOS, using
it as a script.
 Then click next, and it makes a pre-requisite check.
 If you get an error, you have to follow its recommendation
and solve it and re-run this check again
• E.g. if your user account doesn’t have a password, it shows you
error, so solve that and come back again

12
Installing Active Directory Domain Services

 Then click install. It installs and restarts finally.

 When it restarts, login as the domain
administrator, [domain name]\[user name]
 E.g. AU\administrator
 Now we have installed active directory domain
controller, you see that on the dashboard, we
have the installed roles shown.

13
Installing Active Directory Domain Services
 We can add another domain controller for backup purposes, if one DC
fails, the other functions.
 In production environments, it is recommended to have more than one
domain controller.
 Install another windows server to act as a second domain controller,
name it as AU-DC-2
 Here, the important things we change are:
 The IP address: give it another IP from same network
• AU-DC-1: 192.168.0.10
• AU-DC-2 : 192.168.0.11
 Set the DNS server of the later domain controller (AU-DC-2) as the IP address
of the first domain controller because we made AU-DC-1 a DNS server (in
addition to making it a DC)
• Do this together with when configuring the IP address

14
Installing Active Directory Domain Services
 Then go to the dashboard of AU-DC-2 and add active directory role
 Following the same steps as in AU-DC-1 to install Active Directory Domain Services
 When you promote the server to a domain controller, this time select “Add a
domain controller to an existing domain” – the default
 To specify the domain information, click on the “Select” button.
 Put credentials given in the domain and click Ok
 Select the domain from the retrieved ones
 Click next, and select DNS server, and also Global catalog
 You can also make it a read only domain controller (for security reasons), but here just
make it read write (the default)
 Give the DSRM password
 Click next, for Replicate from, you can choose the nearest DC if you have
multiple DCs, but now leave the default
 Click install, and then done.

15