Академический Документы
Профессиональный Документы
Культура Документы
Here is a quick list of what you must have: An NTFS partition with enough free space An Administrator's username and password The correct operating system version A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway) A network connection (to a hub or to another computer via a crossover cable) An operational DNS server (which can be installed on the DC itself) A Domain name that you want to use The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder) For More Infor : http://www.petri.co.il/active_directory_installation_requirements.htm How To Install a Domain Controller in Remote Site ? http://technet2.microsoft.com/windowsserver/en/library/9c7c4da8-ddaa-4b13-967a74578773d1a91033.mspx?mfr=true What roles DNS plays in Active Directory ?
When Windows 2003 domain controllers boot, not only do they register their hostname and IP address with the DNS server, but they also register service records (SRV) that indicate which services that domain controller is supporting (domain controller, Global Catalog, and Kerberos). Windows 2003 member servers and clients use these SRV to locate domain controllers and Global Catalog servers. Further, the client will determine which Active Directory site it is in and will attempt to contact a domain controller or Global Catalog server in that site first.
There are a few things to check for after a failure of the Active Directory Installation Wizard. First, check the contents of the %SystemRoot%\Debug\Dcpromo.log file. XIf the log file reports that The system cannot find the file specified, then check for the presence of the %SystemRoot%\System32\Ntds.dit file. This is a default directory services file on a member server. The way to fix this is to expand Ntds.di_ from any server CD. Note that this file should be in the System32 folder on a member server. Once you run a successful dcpromo, the active Ntds.dit file will be in the folder you specified during the promotion. XIf you receive an Access is denied error, check for incorrect permissions on the default Ntds.dit file, as well as on your new and existing NTDS folders. XIf SRV records fail to show up in the appropriate DNS zone, check first to see if the new DCs Primary DNS Server TCP/IP property is set to the correct DNS server. If the DC is a DNS server, then this value should point to itself.
Where is the AD database held? What other folders are related to AD?
By default, this file is installed into the %SYSTEMROOT%\NTDS folder. Folders Releated to Active Directory NetLogon. Sysvol. NTDS.
What are the Contents of SYSVOL folder. Following are the contents of sysvol folder. \SYSVOL \SYSVOL\domain \SYSVOL\staging\domain \SYSVOL\staging areas \SYSVOL\domain\Policies \SYSVOL\domain\scripts \SYSVOL\SYSVOL What is Directory Access Protocol
For clients to search for objects, update information, and communicate with DCs when logging on to the network, a directory access protocol must be used. A protocol is a set of rules that dictate how data is sent over a network. A directory access protocol is used for the specific purpose of exchanging information with the directory service.
A directory access protocol is used for the specific purpose of exchanging information with the directory service. Active Directory uses LDAP for communications between clients and directory servers. LDAP is a version of the X.500 Directory Access Protocol (DAP), and is considered lightweight because it uses less code than DAP does
How to Uninstall Active Directory ? Administrative Credentials To perform this procedure, you must be a member of the Domain Admins group. To uninstall Active Directory 1. Click Start, click Run, type dcpromo and then click OK. 2. The Active Directory Installation Wizard appears. Click Next at the Welcome screen. 3. You have an option to select This server is the last domain controller in the domain. If you select this option, the wizard attempts to remove the domain from the forest. Do not select this option. Click Next. 4. At the Administrative Password screen, enter and confirm the password that you want to assign to the local Administrator account after Active Directory is removed. Click Next. 5. At the Summary screen, verify that the information is correct and then click Next to proceed with the removal. 6. The wizard proceeds to remove Active Directory. After it finishes, the wizard displays a completion screen. Click Finish to close the wizard. 7. Click Restart to restart the domain controller
The GC server is a DC that stores a copy of all objects in its host domain, and a partial copy of objects in other domains throughout the forest.The partial copy contains objects that are most commonly searched for. Because the GC contains a subset of information in Active Directory, less information needs to be replicated, and increases performance when users search for specific attributes of an object. In addition to being used for searches, the GC is also used to resolve UPNs that are used in authentication
The UPN is meant to make logon and e-mail usage easier, since the two (your user account and your e-mail address) are the same. An example of a UPN is Brian@syngress.com.The GC provides assistance when a user from a domain logs on and the DC doesnt know about the account.When the DC doesnt know the account, it generally means that the account exists in another domain.The GC will help in finding the users account in Active Directory.The GC server will help resolve the user account so the authenticating DC can finalize logon for the user.
Directory Information Search
To help a user who is searching the database for an object, the GC answers requests for the entire forest. Since the complete copy of every object available is listed in the GC, searches can be completed quickly and with little use of network bandwidth.
Universal Group Membership Information
When setting up your network, you will have certain features available based on the Forest Functional Level and Domain Functional Level. Universal Groups is one of these features that will or will not be available depending on your functional level. If your Domain Functional Level is set to at least Windows 2000 Native or later, you will have Universal Groups available on your network. Universal Groups can have members belonging to various domains in the forest.Without a GC server, Universal Groups could not exist.That is
because Universal Group membership is stored in the GC only.This means that every DC will not have a copy of Universal Group membership; only the DCs serving as GC servers have this information.When a user logs on, his Universal Group membership is checked. The GC provides this information to the authenticating DC. Universal Group membership information is stored in all GC servers,
3. 4.
5. Global catalog servers will have the box checked beside Global Catalog.
Using Replmon.exe
If you need to determine which domain controllers are Global Catalog servers, the Windows 2003 Support Tools includes a fantastic utility called ReplMon.exe (Replication Monitor). Connect to any domain controller using ReplMon , and right-click the server name. Choose Show Global Catalog Servers in Enterprise to display a list of all Global Catalog servers in the entire forest.