ACTIVE DIRECTORY

Information Sheet 3.1-4

LEARNING OBJECTIVES:

After reading this INFORMATION SHEET, STUDENT(S) MUST be able to:

Define briefly what Active Directory is,

Describe what three primary types of objects that active directory
provides.
Describe what happens when you login in to active directory network
Define what domain controller is.
Describe forest.
Describe a domain.
Define briefly what a server role is.
Install active directory.

In Windows NT, administrators were introduced to the concept of domains.

Active Directory Domain Services (AD DS) builds on that concept by creating a
dynamic, easily accessible structure through which directory and management
information can be stored and accessed centrally throughout an organization.
By using AD DS, you create a structure for managing your equipment and the
people who use that equipment, which is a helpful feature for all but the
smallest of operations.
By using Active Directory as a whole, you have access to several management
tools, including Group Policy (GP), the ability to put groups inside groups
multiple times, and an online directory of users, computers, printers, and
contacts that you can access easily through the Windows user interface.
Although you certainly can operate a Windows-based network without Active
Directory deployed in some form, you lose out on a lot of functionality.
What is Active Directory and Why Should I care?

Active Directory is the brain of a Window Server Network.

It is a database that keeps track of a huge amount of stuff and gives us a

centralized way to manage all our network machine, users, and resources.

Type of that active directory provides

Users and groups

Services (i.e. Email, etc.)
Resources (Printer, Shared Folders, etc.)

These items are objects in the active directory database.

As a matter of fact, every time you login in to a corporate network, youre using
an Active Directory.

What is Domain Controller?

A domain controller is a machine that runs Active Directory Services.

Think of it as a boss of your network.
You may have multiple domain controller that all have copies of the same
active directory database.
Changes may made into one database to domain controllers talk back in fort.
They share changes that what they receive in a process called replication.

What is Domain?

It is a logical group of computer that share a central directory database. The

machine are all named with part of domain name like itsmeismael.com (also
called a suffix) and registered in the active directory database so they can be
managed.

Forest is comprised of all the domains in your enterprise. Your forest may only
one domain.
Users are also part of namespace.

Example: Your email address is a part of domain namespace.

info@itsmeismael.com
Note: Email-like logins are also called User Principle Names when used to
log into a Server 2008 R2 network.

What is Server Role?

Server role is a major job that a server can perform.

Its recommended that a server not have too many roles
A domain controller usually has only two roles:

a. Active directory domain services

b. Domain name services

Domain Name Service

Is a service provided by a server that allows you to find other computer in

your network
Allows you to type a friendly name of a machine instead of its IP address,
allowing your client to get the IP address from the DNS server and go find
the resources.
Without DNS, Active Directory will not work. In Windows Sever 2008, its
recommended that you integrate DNS with active directory to make your IT life
easier.

Installation
1. Open Server Manager and click on roles, this will bring up the Roles
Summary on the right hand side where you can click on the Add Roles
link.

Figure 1.1 Selecting role in Server Manager

2. This will bring up the Add Roles Wizard where you can click on next to
see a list of available Roles. Select Active Directory Domain Services from
the list, you will be told that you need to add some features, click on the
Add Required Features button and click next to move on.
 Figure 1.2 Selecting server role

3. A brief introduction to Active Directory will be displayed as well as a few

links to additional resources, you can just click next to skip past here
and click install to start installing the binaries for Active Directory.
Figure 1.3 Add features requirements

Figure 1.4 Confirm installation

4. When the installation is finished you will be shown a success message,
just click close.

Figure 1.5 Installation Result

Configuration
1. Open up Server Manager, expand Roles and click on Active Directory
Domain Services. On the right hand side click on the Run the Active
Directory Domain Services Installation Wizard (dcpromo.exe) link that
show in Figure 1.6a or you can use an alternative method shows in
Figure 1.6b.
Figure 1.6a Setting up active directory domain services

Figure 1.6b Using dcpromo.exe

2. It will show another wizard, this time to configure the settings for you
domain, click next to continue.

Figure 1.7 Active Directory Domain Services Installation Wizard

3. The message that is shown now relates to older clients that do not
support the new cryptographic algorithms supported by Server 2008 R2,
these are used by default in Server 2008 R2, click next to move on.
Figure 1.8 Operating System Compatibility
4. Choose to create a new domain in a new forest.

Figure 1.9 Deployment Configuration

5. Now you can name your domain, I will be using a .com

Figure 1.10 Naming the forest root domain
6. Change forest functional level to Server 2008 R2.

Figure 1.11 Set forest functional level

7. Include DNS in our installation as this will allow us to have an AD

Integrated DNS Zone, when you click next you will be prompted with a
message just click yes to continue.
Figure 1.12 Additional domain controller options
8. A delegation for this DNS server cannot be created because the
authoritative parent zone cannot be found or it does not run Windows
DNS server. If you are integrating with an existing DNS infrastructure,
you should manually create a delegation to this DNS server in the parent
zone to ensure reliable name resolution from outside the domain
treyresearch5.net. Otherwise, no action is required.

If you are installing a forest root domain controller that is using Active
Directory-integrated DNS, you typically do not need to be concerned
about this warning message.

Figure 1.13 A warning message for active directory domain service

installation

9. You will need to choose a place to store log files, it is a best practice to
store the database and SYSVOL folder on one drive and the log files on a
separate drive, but since this is in a lab environment, just leave them all
on the same drive.
 Figure 1.14 Location for database, Log Files, and SYSVOL

10. Assign password for Administrator account that will be used when this
domain controller is started in Directory Service Restore Mode.

Choose a STRONG Active Directory Restore Mode Password and click next
twice to kick off the configuration.
 Figure 1.15 Directory Services Restore Mode Administrators Password

11. Review the summary of the configure services

 Figure 1.15 Directory Services Restore Mode Administrators Password

12. You will be able to see what components are being installed by looking in
the following box. If the reboot on completion was not checked you will
proceed to manual reboot shows in Figure 1.16b
Figure 1.16a Completing active directory domain services
Figure 1.16b Completing the Active Directory Domain Services Installation
Wizard

References:
https://www.howtogeek.com/99323/installing-active-directory-on-server-
2008-r2/

https://blogs.technet.microsoft.com/activedirectoryua/2011/07/07/a-
delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-
parent-zone-cannot-be-found-or-it-does-not-run-windows-dns-server/