상세 컨텐츠

본문 제목

Active Directory 2008 Tutorial Pdf

카테고리 없음

by starigaspac1989 2020. 2. 27. 01:01

본문

IntroductionIt has been a long time since I have done one of those “old school” articles that starts from the beginning and does not assume that you are already a Windows Server pro. Over the last few years I have written hundreds of articles on much of the arcane of Windows computing. In most of these articles, I take a lot for granted in terms of what I expected you to know.

I did that because there was some little trick, some hard to configure feature, or some obscure issue in configuration that I wanted to demonstrate. While all that stuff is pretty interesting to the three people who are interested in those issues, it sort of leaves everyone else out. A long, long time ago, in a world far away, this site was called “World of Windows Networking” or WOWN. During those days, the site was filled with a lot of articles that showed you how to get common Windows networking tasks done.

Directory

This was a lot less of the Active Directory, Group Policy, installation and other non-networking complexities covered at that time. While the site has matured and focused more on experienced IT professionals, there is still some value in providing content for people entering into the business and who want to learn the basics.That got me to thinking about doing an article and perhaps a series from the ground up. What better time to try something like this than with the recent release of Windows Server 2008 R2? OK, so I thought I would do a basic “let’s install Windows Server 2008 R2” article—but then I thought “how about using this as a launch point for a broader series?” The more I thought about it, the better it sounded. Since there is a ton of great new networking and security features in Windows Server 2008 R2, why not start with building the lab network first, and then take you into all the cool features? That way we can be working with the same basic lab network and go through the long trip together.Let us do it. The first step is to pick the virtualization software of your choice.

For this kind of lab network I prefer VMware Workstation. I do not have strong technical reasons for preferring VMware Workstation, I just prefer to use it because I have been using this application for almost a decade and know how it works.

I do not have to learn a new language like I do with Hyper-V and it works nicely for me. However, if you want to use Hyper-V or ESX, those are good options too.As this series builds, I expect that we will need to be running up to 8 virtual machines at a time. Because of this, I recommend that you have a computer that can support at least 8 GB of RAM and has a quad core processor.

Active Directory Tutorial Pdf

For all the articles I will be writing in this series, I will be using a workstation that has 12 GB of DDR3 triple channel memory and a quad core Core i7 processor. If you are using any quad core Xeon or quad core Core 2 processor, you’ll be in good shape. Of course, AMD equivalents are good too.

We will start with installing the first machine on our lab network. This is going to be a Windows Server 2008 R2 machine using one virtual processor and 512 MB of virtual memory. During the installation, I am going to use bridged networking on my virtual NIC.

Some people like to use NAT, and that should be fine. The point is that you will want to be able to connect a live network so that you can access updates during the initial installation. After the initial installation is complete, we’ll move this virtual machine to another virtual network, since we want it to be placed behind a virtual TMG firewall. The TMG firewall VM will have the live network connection and all the other VMs will be located behind it.In VMware Workstation 6.5 I will create a new virtual machine and bind the Windows Server 2008 R2.iso file to the CD drive so that it boots that.iso. When the machine first starts up, you will see the first page of the installation wizard that asks for what Language to install, Time and currency format and Keyboard or input method.Click Next after making your selections.Figure 1So much for introductions! The installer gives you the option to Install now.

Windows Server 2008 Active Directory Configuration Pdf

Let’s do it.Figure 2The.iso file actually has all the versions of Windows Server 2008 R2 on it and we can choose the option we want to install here. Note that you can even install the Server Core versions from here. I would rather pull a bobcat’s tail while in a phone booth with that cat, so we would not be doing a core installation. Let us choose the Windows Server 2008 R2 Enterprise (Full Installation) option and click Next.Figure 3Put a checkmark in the I accept the license terms checkbox on the license terms page and click Next.Figure 4Which type of installation do you want? Honestly, I want one that works and does what I tell it to do, but that is not a choice here.

This is a clean install, so the upgrade option does not make sense. Click the Custom (advanced) option. Notice that there is no “Next” option on this page, just to throw you off a little bit.Figure 5Here you decide where you want to install the system files (which used to be called boot files in the past, but the new crew of Microsoft engineers did not take the Windows NT 4 MCSE training, so they do not know that with Windows NT based system and above, you boot the system files and you “system” the boot files). I created a 24 GB dynamic virtual disk file for the OS which will be more than enough room.

Remember, with dynamic disk files they only use the space they need – they do not fully allocate all the space until it is needed.Click Next.Figure 6Yay! Installation is starting – and it is going to take a very long time.

Give it an hour or two and come back and see what happened on your own installation.Figure 7During first log on the installer will ask you to create a password. Click OK when you see the display as it appears below.Figure 8Enter a password and confirm the password and do not click OK (because there is no OK to click). Instead, click that “arrow thing” that does not have a name, which sits to the right of the confirm password text box.Figure 9Very good! The password has been changed. Click OK.Figure 10You might remember the Initial Configuration Tasks windows if you used Windows Server 2008.

If you have not used Windows Server 2008 and are moving up from Windows Server 2003, the Initial Configuration Tasks window provides you access to many of the things you need to do once the operating system software is installed. After looking at some of the options in this window, you might notice that many of the options that you configured during installation for earlier versions of Windows are now configured here. The goal was to make for fewer inputs during installation and leaving them for the end. Very nice!Figure 11From the Initial Configuration Tasks window, I will set the following:. WINS – 10.0.0.2Sure, we probably will not need WINS much, but you never know, and it is not like it is going to suck up a lot of memory or processor cycles in the lab environment.

The default gateway will be a TMG 2010 firewall – which we will install in a later article.Promoting the Windows Server 2008 R2 Virtual Machine to a Domain ControllerThe next step is to make this machine a domain controller. If you are coming from the Windows Server 2003 world, you will find this step to be a lot different. Yes, you will still need to run dcpromo from the Run command, but there is a little twist here – you need to install the Active Directory Domain Controller role. Server roles are sort of a new concept in Windows Server 2008 – where major server services are considered “roles”.

The Active Directory Domain Controller role is a bit different, because it is actually a two-step process to get the Active Directory DC installed: first you install the role and second you run dcpromo.Enter the Server Manager and click the Roles node in the left pane of the console. Then click the Add Roles link in the right pane.Figure 12This brings up the Before You Begin page. If this is the first time you have installed a role using the Server Manager, then go ahead and read the information on this page. If you are an old pro with the Server Manager, go ahead and click Next.Figure 13Here you select what Server Roles you want to install. We will install other Server Roles later, but we want the DC role installed first. Select Active Directory Domain Services by putting a checkmark in the checkbox.

Notice that the wizard will show you a number of features that will be installed along with the Active Directory Server Role. Click the Add Required Features button to get those features installed with the Active Directory Server Role.Figure 14After selecting the Active Directory DC Server Role, you will see information about that Server Role. Some interesting things to note here:.

Note that installing the Active Directory Domain Services Role also installs DFS Namespaces, DFS Replication and File Replication Services – all of these are used by Active Directory Domain Services so they’re automatically installed.Figure 15Click Install to install the files required to run dcpromo.Figure 16Yay! Installation was successful. Click Close.Figure 17Now go to the Start menu and type dcpromo in the search box. You will find it in the list as shown in the figure below. Click dcpromo.Figure 18This starts the Welcome to the Active Directory Domain Service Installation Wizard.

We do not need advanced options in this scenario, so just click Next.Figure 19On the Operating System Compatibility page, you are warned that your NT and non-Microsoft SMB clients are going to have problems with some cryptographic algorithms used by Windows Server 2008 R2. We don’t have this problem on our lab network so just click Next.Figure 20On the Choose a Deployment Configuration page, select the Create a new domain in a new forest option. We do this because, of all reasons, this is a new domain in a new forest 🙂Figure 21On the Name the Forest Root Domain page, enter the name of the domain in the FQDN of the forest root domain text box. In this example we are going to name the domain fflab.net. That is short for “Forefront Lab”. You can name it whatever you like, but if you use a name that is already in use on the Internet (that is to say, a name that has already been registered, then be aware of potential split naming issues). Click Next.Figure 22On the Set Forest Functional Level page, select the Windows Server 2008 R2 option (not the Windows Server 2003 option you see in the figure below).

We want to select the Windows Server 2008 R2 option so that we can take advantage of all the cool new features included in Windows Server 2008 R2. Click Next.Figure 23On the Additional Domain Controller Options page, we have only a single choice: DNS server. The Global catalog option is checked and not an option because this is the only DC so far in this domain, so it has to be a Global Catalog server.

Active Directory 2008 Tutorial Pdf Online

The Read-only domain controller (RODC) option is deselected because you have to have another non-RODC on the network to enable this option. Select the DNS server option and click Next.Figure 24A dialog box will appear that says that a delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. The reason for this is that this is the first DC on the network. Don’t worry about this and click Yes to continue.Figure 25Leave the Database, Log Files and SYSVOL folder in their default locations and click Next.Figure 26On the Directory Service Restore Mode Administrator Password, enter a strong password in the Password and Confirm password text boxes.Figure 27Confirm the information on the Summary page and click Next.Figure 28Active Directory will install. The first DC installs pretty quickly. Put a checkmark in the Reboot on completion checkbox so that the machine automatically reboots when DC installation is complete.Figure 29The machine will automatically restart since we selected that option.

The installation will be complete when you log on. If I recall correctly, with Windows Server 2008, there was some configuration that took place after you logged on, but that is not happening with Windows Server 2008 R2.The DNS service was installed during Active Directory installation, so we do not need to worry about that. There are several other services we want to install on this domain controller. These include:.