The Active Directory Services (ADS/AD) is a Windows domain controlled directory service, which allows the administrators of the network to centralized operation. It can be implemented in both large scale and small scale networks. The fundamental architecture of the ADS is the Lightweight Directory Access Protocol (LADP). While most of the following will be same, if not similar, in almost all Windows server OS versions, this article is written based on the Windows Server 2012 Datacenter edition.
Structure of the ADS
Site: a geographic location of a network or network clusters in a defined area
Forest: logical division the highest precedence level in the ADS framework
Tree: is used as a umbrella for several domains (or one)
If you want to deploy a high secure database, it is recommended that you apply your security policies at the height level; the forests. The policies applied to the forest level can affect anything under it, including directories, trees and user policies for lower levels.
Organizational units: allow the administrators to place the objects in the ADS in specific groups, which can be used to deploy different configurations based on group policies. For example, if you want to provide the Accounting Department access only to the accounting sector of your server, instead of creating policies for hundreds of client computers/users independently, you can place the clients in an organization unit and apply policy to every object under it. This save time and money when dealing with large groups of clients specially when policies needed to be modified.
Installing Services
I prefer installing server packages (roles) using the “Role-based or feature-based installation” which allow you to install the ADS packages with some customizable installation options. You should install the AD DS (Active Directory Domain Services) before installing the other packages (noted below). However, you can choose to install all the packages of the ADS at the same time.
To get most out of your network settings, install the following ADS packages(roles):
– Active Directory Administrative Center
– Active Directory Domains and Trusts
– Active Directory Module for Windows PowerShell
– Active Directory Rights Management Services
– Active Directory Sites and Services
– Active Directory Users and Computers
– Active Directory Service Interfaces Editor
Active Directory Domain Setup (server side)
After the installing of the ASD packages, you can configure the services either using a local domain (forest) or by using a network connected remote domain. After the installation is completed, the system will display Server Manager Window upon reboot.
1. You will notice that Microsoft conveniently placed Attention reminders at the top the Server Manager Dashboard. Pull it down and choose “Promote this server to da domain controller”.
2. On the Deployment Configuration choose “Add a new forest”, this will enable a Root domain name field. If you want to configure with a local domain, type YourDomainName.local. For example, domain.local or Calgary.local. Click Next.
3. On the Domain Controller Options choose your desired Forest and Domain functional levels. Make sure the DNS server option is Checked. Choose a password for DSRM and click next.
4. If you receive a warning pop up message at this point , you may proceed forward and correct the issues in NetBIOS Window.
5. Choose the database paths along with log files and SYSOVOL path and click next.
6. Review and click Install.
Active Directory Users and Computers (server side)
After the Domain Setup (detailed above) is done, you will have access to the following under the Tools on your Server Manager Dashboard;
– Active Directory Administrative Center
– Active Directory Domains and Trusts
– Active Directory Module for Windows PowerShell
– Active Directory Sites and Services
– Active Directory Users and Computers
– ADSI Edit
– Domain Name Services
– Group Policy Management
1. Choose Active Directory Administrative Center. On the left hand pane you will see the domain name you created. If it is a local domain it will appear as YourDomainName (local). Choose that and go to Users.
2. If your Administrative username is not there, you can add by using the right hand side small pane. (New User)
3. Close all the windows on the server.
Active Directory Domain Setup (client side)
Once the installation and setup has been completed on the server side, turn on the client computer running a Professional version of Windows XP, Professional or Ultimate versions of Windows 7, Professional or Enterprise versions of Windows 8. You cannot join a domain using any other versions unless otherwise a custom OS with the Windows domain functions are provided through the OEM or Microsoft.
1. Log in to the client computer with the local username and password(if exists).
2. Go to Control Panel (or Computer Properties)
3. Network and Sharing
4. Change the Domain Setting from local group to Domain and it will be come back with an error. This is because you have not changed the default DNS on the client.
5. Go back to the Network Settings and change the default DNS to the IP address of your server.
6. Now repeat the step 4 and restart your computer. It is highly recommended to use exact same username and password as the Server Administrator.
Tips for ADS Management
Well, you are done! The client computer will reboot to the login screen with CTRL + ALT + DEL Start Page by default. You will be able to log in using one of the user accounts pre-configured on the Server. You can also access the local computer using any local user accounts by selecting “Switch Users” and choosing the username as YourComputerName\username. For more information and help, please read the articles at MSDN and Windows Server support on Microsoft website.