{"id":2131,"date":"2012-11-29T14:00:30","date_gmt":"2012-11-29T21:00:30","guid":{"rendered":"http:\/\/sanuja.com\/blog\/?p=2131"},"modified":"2012-11-29T14:11:15","modified_gmt":"2012-11-29T21:11:15","slug":"comprehensive-guide-to-windows-server-ads-setup","status":"publish","type":"post","link":"https:\/\/sanuja.com\/blog\/comprehensive-guide-to-windows-server-ads-setup","title":{"rendered":"Comprehensive guide to Windows Server ADS setup"},"content":{"rendered":"

\"\"The Active Directory Services (ADS\/AD) is a Windows domain controlled directory service, which allows the administrators of the network to centralized operation. It can be implemented in both large scale and small scale networks. The fundamental architecture of the ADS is the Lightweight Directory Access Protocol (LADP). While most of the following will be same, if not similar, in almost all Windows server OS versions, this article is written based on the Windows Server 2012 Datacenter edition<\/em>.<\/p>\n

Structure of the ADS<\/strong><\/p>\n

Site:<\/em> a geographic location of a network or network clusters in a defined area<\/p>\n

Forest:<\/em> logical division the highest precedence level in the ADS framework<\/p>\n

Tree:<\/em> is used as a umbrella for several domains (or one) <\/p>\n

If you want to deploy a high secure database, it is recommended that you apply your security policies at the height level; the forests. The policies applied to the forest level can affect anything under it, including directories, trees and user policies for lower levels.<\/p>\n

Organizational units:<\/em> allow the administrators to place the objects in the ADS in specific groups, which can be used to deploy different configurations based on group policies. For example, if you want to provide the Accounting Department access only to the accounting sector of your server, instead of creating policies for hundreds of client computers\/users independently, you can place the clients in an organization unit and apply policy to every object under it. This save time and money when dealing with large groups of clients specially when policies needed to be modified.<\/p>\n

Installing Services<\/strong><\/p>\n

I prefer installing server packages (roles) using the \u201cRole-based or feature-based installation\u201d which allow you to install the ADS packages with some customizable installation options. You should install the AD DS (Active Directory Domain Services) before installing the other packages (noted below). However, you can choose to install all the packages of the ADS at the same time.<\/p>\n

To get most out of your network settings, install the following ADS packages(roles):
\n–\tActive Directory Administrative Center
\n–\tActive Directory Domains and Trusts
\n–\tActive Directory Module for Windows PowerShell
\n–\tActive Directory Rights Management Services
\n–\tActive Directory Sites and Services
\n–\tActive Directory Users and Computers
\n–\tActive Directory Service Interfaces Editor<\/p>\n

Active Directory Domain Setup (server side)<\/strong><\/p>\n

After the installing of the ASD packages, you can configure the services either using a local domain (forest) or by using a network connected remote domain. After the installation is completed, the system will display Server Manager Window upon reboot.<\/p>\n

1.\tYou will notice that Microsoft conveniently placed Attention reminders at the top the Server Manager Dashboard. Pull it down and choose \u201cPromote this server to da domain controller\u201d.
\n2.\tOn the Deployment Configuration choose \u201cAdd a new forest\u201d, this will enable a Root domain name field. If you want to configure with a local domain, type YourDomainName.local. For example, domain.local or Calgary.local. Click Next.
\n3.\tOn the Domain Controller Options choose your desired Forest and Domain functional levels. Make sure the DNS server option is Checked. Choose a password for DSRM and click next.
\n4.\tIf you receive a warning pop up message at this point , you may proceed forward and correct the issues in NetBIOS Window.
\n5.\tChoose the database paths along with log files and SYSOVOL path and click next.
\n6.\tReview and click Install.<\/p>\n

Active Directory Users and Computers (server side)<\/strong><\/p>\n

After the Domain Setup (detailed above) is done, you will have access to the following under the Tools on your Server Manager Dashboard;<\/p>\n

–\tActive Directory Administrative Center
\n–\tActive Directory Domains and Trusts
\n–\tActive Directory Module for Windows PowerShell
\n–\tActive Directory Sites and Services
\n–\tActive Directory Users and Computers
\n–\tADSI Edit
\n–\tDomain Name Services
\n–\tGroup Policy Management<\/p>\n

1.\tChoose Active Directory Administrative Center. On the left hand pane you will see the domain name you created. If it is a local domain it will appear as YourDomainName (local). Choose that and go to Users.
\n2.\tIf your Administrative username is not there, you can add by using the right hand side small pane. (New \uf0e0 User)
\n3.\tClose all the windows on the server.<\/p>\n

Active Directory Domain Setup (client side)<\/strong><\/p>\n

Once the installation and setup has been completed on the server side, turn on the client computer running a Professional version of Windows XP, Professional or Ultimate versions of Windows 7, Professional or Enterprise versions of Windows 8. You cannot join a domain using any other versions unless otherwise a custom OS with the Windows domain functions are provided through the OEM or Microsoft.<\/p>\n

1.\tLog in to the client computer with the local username and password(if exists).
\n2.\tGo to Control Panel (or Computer Properties)
\n3.\tNetwork and Sharing
\n4.\tChange the Domain Setting from local group to Domain and it will be come back with an error. This is because you have not changed the default DNS on the client.
\n5.\tGo back to the Network Settings and change the default DNS to the IP address of your server.
\n6.\tNow repeat the step 4 and restart your computer. It is highly recommended to use exact same username and password as the Server Administrator.<\/p>\n

Tips for ADS Management<\/strong><\/p>\n

Well, you are done! The client computer will reboot to the login screen with CTRL + ALT + DEL Start Page by default. You will be able to log in using one of the user accounts pre-configured on the Server. You can also access the local computer using any local user accounts by selecting \u201cSwitch Users\u201d and choosing the username as YourComputerName\\username. For more information and help, please read the articles at MSDN and Windows Server support on Microsoft website.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Active Directory Services (ADS\/AD) is a Windows domain controlled directory service, which allows the administrators of the network to centralized operation. It can be implemented in both large scale and small scale networks. The fundamental architecture of the ADS is the Lightweight Directory Access Protocol (LADP). While most of the following will be same, … Continue reading Comprehensive guide to Windows Server ADS setup<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[7],"class_list":["post-2131","post","type-post","status-publish","format-standard","hentry","category-computer-science","tag-server"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/posts\/2131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/comments?post=2131"}],"version-history":[{"count":0,"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/posts\/2131\/revisions"}],"wp:attachment":[{"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/media?parent=2131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/categories?post=2131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sanuja.com\/blog\/wp-json\/wp\/v2\/tags?post=2131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}