2 -

..

...

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 3 -

AD Replication ... 4

AD Partition 6

Practical Guide ... 7

Routing ....8

RIP V2 .... 20

DCPROMO.... 25

Domain Function Level ........31

Additional Domain Controller .....33

Working With AD Sites and Services .... 35

SIT LINK COST..39

Windows Deploying Service 41

SITE LINK BRIDGE ...53

Operations Master Roles .. 55

Read Only Domain Controller .73

Child Domain 93

AD Trust And Relationship ... 102

Tree Root Domain 116

Forest Trust ..130

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 4 -

ACTIVE DIRECTORY REPLICATION

,
Forest

Forest Domain Tree

Windows Server Active Directory Role New Domain

Forest Domain Tree -:

Forest Tree Domain Tree Domain

Tree Domain

Domain
-:

Root Domain First -1 The Primary Domain

domain Tree -:

Forest -
( Domain naming Master Role ) -
Global Catalog by default -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 5 -
Default first site name -

Additional Domain -2

Domain
Domain .

)RODC( Read Only Domain -3

Domain
Domain .

Child Domain - 4

Domain Domain Domain

Child .

Forest Domain Tree Domain

-:

Replication Active Directory

Additional Domain Child Domain
Replication .. Active Directory

Active Directory

Active Directory Windows

Server

..... Network Administrator
.

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 6 -
Ad partition

: Active Directory
Domain partition -1
Configuration partition -2
Schema partition -3
Application partition -4

Domain partition

Computer Objects ,. User Objects Groups. Container

Active Directory User and Attributes
Computer Consol

Configuration Partition

Sites Active Directory

Active Directory Site and Services Consol Forest Domain Controllers

Schema Partition

ADUser and Computer Consol Attributes Objects

Domain Schema Master Domain Controller
Schema Partition Controllers

Application partition

Active Directory
. Active Directory Integrated Exchange Server

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 7 -

Practical Guide

)Domain name : target.org (win srvr 2012

Dns ip is 10.10.10.2 /8

)Branch in Cairo has 172.16.1.2/16 (win srvr 2008

)Branch in Doha has 192.168.1.2/24 (win srvr 2008

Real Ip For Routing is 66.249.64.231/8

-:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 8 -
ROUTING
R

Router outing

-:

router router ip
.

Microsoft routing Hyper V

( ) Hyper V

: router Microsoft vmware

Hyper V permeatal Cisco router

Routers :-

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 9 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 01 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 00 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 02 -

-:

-1 IP router router
( )E1 IP ( )E2 Static IP

-2 routing LAN Routing router

( )

router
.

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 03 -

router router
IP -:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 04 -

router 2 subnet 3 :-

Sub No Location IP Router No

1 Riyadh 10.10.10.2 R1
2 Doha 1.2.168.1.2 R2
3 Internet 66.24..64.231 Act Link

( )R1 ( )R2 ()Act Link

-:
Active Directory Practical Guide
By Alaa Amin me9000@hotmail.com
 05 -

Static routers
Route router 1 router 2
Subnet .

-:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 06 -

-:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 07 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 08 -

-: subnet 4 router 3

Sub No Location IP Router No

1 Riyadh 10.10.10.2 R1
2 Doha 1.2.168.1.2 R2
3 Cairo 1.2.16.1.2 R3
4 Internet 66.24..64.231 Act Link

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 09 -

routers router
:

Sub No Location IP Router No Link with

1 Riyadh 10.10.10.2 R1 R2,R3
2 Doha 1.2.168.1.2 R2 R1,R3
3 Cairo 1.2.16.1.2 R3 R1,R2

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 21 -
RIPV2

( (Routing Information Protocol RIP v2

Static Route -:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 20 -

router
( )Join Domain * -:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 22 -

* AD Sites and Services

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 23 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 24 -

Active Directory -:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 25 -
DCPROMO

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 26 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 27 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 28 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 29 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 31 -

2112 2118

2112

))Raise Domain Function Level

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 30 -

Raise Domain Function Level

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 32 -

-: 2118 2112 Function level

Raise Forest

Import-Module Name ActiveDirectory

Get-ADForest | Format-Table Name , ForestMode

Set-ADForestMode Identity target.org ForestMode Windows2008Forest

Raise Domain

Get-ADDomain identity target.org

Set-ADDomainMode identity target.org DomainMode Windows2008Domain

. Domain/ forest

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 33 -
ADD DOMAIN

Active Directory

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 34 -

Default-Site-First-Name

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 35 -

Additional Domain Primary

Domain Primary Domain
Replication Server.

Replication Sites:
INTRA Site Replication )(Site
INTER Site Replication -:

SIT AND SERVICE

User Active Directory

11 3 ( )
INTER Site Replication MSTP or RPC

11
INTRA Site Replication . KCC

Replication
Active Directory Sites and Services .

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 36 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 37 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 38 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 39 -
SITE LINK COST

Cost Site Link

321 ) 1024 line speed (Log
112
Site Link Cost Site
Link Cost )3.. = 1024 112(Log

321 3..

! ..

-:
Replication Updates .

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 41 -

(WDS) Windows Deployment Service

Windows Deployment Service

WDS

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 40 -

WDS

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 42 -

WDS
IP
WDS .

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 43 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 44 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 45 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 46 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 47 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 48 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 49 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 51 -
Replication Test

Replication

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 50 -

Replication Site link .

Replication

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 52 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 53 -
Site Link Bridge

Site Link Replication .

Site Link Bridge .

Replication C

-:

Link Replication
Link
Replication ( )Site A Updates
Replication (. )Site B

Site Link Bridge Site B/C . Site A

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 54 -

Replication
Parent Domain

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 55 -

Operations Master Roles

) (Roles Forest Forest-Wide
Operations Master Roles Domain Domain-Wide Operations Master Roles
Flexible Single Master Operation ()FSMO

Role DC Domain

Domain Controllers Servers Server .

Rols -:
1- Domain naming Master Role
2- Schema Master Role
)3- RID Master Role (Relative ID Master Role
)4- PDC Master Role (Primary Domain Controller
5- Infrastructure Master Role

Forest Schema Master Domain Naming Master -:

Domain Naming Master Role

Role Domain Name Forest

Tree Forest Level Domain Forest Parent
Domain Domain
Replication Role

Schema Master Role

Role Clases Attributes Forest

Domain naming Master Role Domain
Objects . Attributes

Role -:
Active Directory Practical Guide
By Alaa Amin me9000@hotmail.com
 56 -

Start run regsvr32 schmmgmt.dll

Start run mmc

From Consol File add/remove snap in

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 57 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 58 -

RID Master Role

Object AD user group computer DC

RID Master Object Security ID
Active directory Alaa RID Master ID S-
1-5-21-895771394-4047885310-268483753-1006. NTFS
AD
AD
RID Master Security ID .

Role

Active Directory Users and Computers R.click on domain Operation master

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 59 -

PDC Emulator Role

Role Synchronize
Domain Machine Connect
PDC Emulator
Domain Browser
Domain Group Policy

Role RID Role

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 61 -

Infrastructure Master Role

Role Objects

Infrastructure Master Modification .

Role RID Role PDC Role

Tow Rolls Domain

Forest
Child Tree Additional

Rolls

Parent Domain Controller Online
Parent Domain Controller Offline

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 60 -

FSMO Roles Server Parent Domain Controller Online

Domain Replication

Server Parent Domain ( )Target.org

Server Parent Domain Controller ( )Target.org

( )DC Domain Forest

-:
Netdom query /dyour domain name) pdc
Netdom query fsmo

Parent Domain Controller ( )Target.org

( )DC FSMO Server Server .
Active Directory Practical Guide
By Alaa Amin me9000@hotmail.com
 62 -

Schema Role

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 63 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 64 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 65 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 66 -

-: ) CMD( Schema

1. Open Command Prompt.

2. Type: ntdsutil
3. At the ntdsutil command prompt, type: roles
4. At the fsmo maintenance command prompt, type: connection
5. At the server connections command prompt, type: connect to server (type your server name that you
want to transfer to him )
6. At the server connections command prompt, type: quit
7. At the fsmo maintenance command prompt, type: transfer schema master

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 67 -

Domain Naming Master Role

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 68 -

-: ) CMD( Domain Naming

1. Open Command Prompt.

2. Type: ntdsutil
3. At the ntdsutil command prompt, type: roles
4. At the fsmo maintenance command prompt, type: connection
5. At the server connections command prompt, type: connect to server (type your server name that you
want to transfer to him )
6. At the server connections command prompt, type: quit
7. At the fsmo maintenance command prompt, type: transfer naming master

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 69 -

PDC , RID , Infrastructure Master Role

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 71 -

) CMD( PDC , RID , Infrastructure

-:

1. Open Command Prompt.

2. Type: ntdsutil
3. At the ntdsutil command prompt, type: roles
4. At the fsmo maintenance command prompt, type: connection
5. At the server connections command prompt, type: connect to server (type your server name that you
want to transfer to him )
6. At the server connections command prompt, type: quit
7. At the fsmo maintenance command prompt, type: transfer (RID) or (PDC) or (Ifrastructure)

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 70 -

Operation Master Roles

GUI Server Parent
Domain Controller Online
Parent Domain Controller
Offline
Offline Parent Domain Controller FSMO Roles

Seize :

seize
Seize role Domain Controller Domain Controller
( ) role
seize Domain Controller .

Parent Domain Controller Target.org Seize

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 72 -

Seize Parent Domain Controller

Seize
1. Open Command Prompt.
2. Type: ntdsutil
3. At the ntdsutil command prompt, type: roles
4. At the fsmo maintenance command prompt, type: connection
5. At the server connections command prompt, type: connect to server (type your server name that you
want to transfer to him )
6. At the server connections command prompt, type: quit
7. At the fsmo maintenance command prompt, type seize (role name )

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 73 -

: seize role Server

Format Server . Domain Naming

server1 Domain Naming Master seize role

server2
server1 Formatting Transfer role
server2 server1 .

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 74 -
RODC

Replication Additional Domain Domain RODC

RODC Additional Domain
Authorization
RODC Domian
Authentication RODC Domain RODC

RODC

RODC Server IP Server Name

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 75 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 76 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 77 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 78 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 79 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 81 -

RODC
Active Directory Practical Guide
By Alaa Amin me9000@hotmail.com
 80 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 82 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 83 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 84 -

Delegation

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 85 -

rodc-admin RODC

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 86 -

Rodc Writable Domain

RODC Writable Domain

Domain RODC

Cache RODC
RODC Users -:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 87 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 88 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 89 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 91 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 90 -

User 2 -:
Rodc-admin RODC -
Rodc2 RODC Writable Domain -

RODC

-:
Active Directory Practical Guide
By Alaa Amin me9000@hotmail.com
 92 -

RODC

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 93 -

Child Domain

Child Domain Domain

Sub-Domain Users ,
Domain Domain Enterprise Administrator

Child Domain

Database
Additional or RODC Replication Object
Forest
Enterprise Administrator

Child Domain Child Domain Grand Child
Child domain Domain

Child Domain

Parent Domian is : Yahoo.com

Child domain is : mail.yahoo.com

Parent Domian is : google.com

Child domain is : paly.google.com

Parent Domian is : 93icrosoft.com

Child domain is : windows. microsoft.com

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 94 -

child Europe
Child Domain Name Eu.target.org
router Server
Child Site Subnet

Child Domain

IP Child
IP Deferent Site

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 95 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 96 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 97 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 98 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 99 -

Domain Domain domain

parent domain Domain

Eu Target
-:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 011 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 010 -

..........

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 012 -

ACTIVE DIRECTORY TRUST RELATIONSHIP

Child OR Parent

TRUST RELATIONSHIP
DOMAIN CHILD IMPLICIT
Forest
EXPLICIT
) ( AD DOMAIN AND TRUSTS -:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 013 -

) ( AD DOMAIN AND TRUSTS .

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 014 -

: -
( TRANSITIVE TRUSTS - 1 )

....... : A B C

A .... B B C

( )B/C ( )A/C ( )

( NON TRANSITIVE TRUSTS -2 )

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 015 -

: -
TRUST TWO WAY -1

A B 111- 111

TRUST ONE WAY -2

A B B

B A

-:
A PARENT AND CHILD TRUST -1

111- 111

TREE ROOT TRUST -2

New Tree Forest

TRANSITIVE TWO WAY .

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 016 -

SHORTCUT TRUST -3

TRANSITIVE TRUSTS A C
B SHORTCUT
. TRANSITIVE TWO WAY
ONE WAY .

REALM TRUST -4

TRUST KERBEROS V5
. Unix

EXTERNAL TRUST -5

TRUST Forest TRUST ONE WAY

TWO WAY TRANSITIVE ... Forest
Forest .

FOREST TRUST -6

HP Compaq Tow Domain and Two Forests

TRUST ROOT DOMAIN IN TWO FORESTS

FOREST

ONE WAY TWO WAY TRANSITIVE TRUST

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 017 -

PARENT AND CHILD TRUST Built in

Built in Trust

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 018 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 019 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 001 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 000 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 002 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 003 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 004 -

Parent / Child
Child Domain Parent Domain ...

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 005 -

Forest Parent Domain Additional

Child Domain RODC Domain Tree Domain

Tree

Forest Tree .

Tree Frost .

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 006 -

Tree Root Domain

target.org
4

Tree Domain
Tree Domain Forest

TREE

Database Tree Domain Forest

RODC / Child / Additional
( Administrator Domain )Forest Enterprise Administrator Forest

Tree Aim.com .
-:

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 007 -

Routing Tree Forest

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 008 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 009 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 021 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 020 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 022 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 023 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 024 -

Tree Forest tree 2 target.org aim.com

TREE ROOT TRUST root
khaled@aim.com
yahya@target.org .

DNS aim.com
yahya
Target.org DNS Target Tree aim.com
khaled broadcast request

DNS Target Tree

DNS aim.com
DNS :

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 025 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 026 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 027 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 028 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 029 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 031 -

FOREST TRUST

Forest New Forest

Target.org Forest

New Forest
Network Connection New Forest

)Domain name : ACS.com (win srvr 2012

local ip is 96.10.20.10 /24

Real Ip For Routing is 66.249.64.228/8

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com
 030 -

Active Directory Practical Guide

By Alaa Amin me9000@hotmail.com