Académique Documents
Professionnel Documents
Culture Documents
Small Business Server is a low cost Edition designed for small organization. This edition
supports up to 75 users. It comes in two editions standard and premium.
Web Edition
Web edition is specially designed for web hosting companies. This edition supports up to 2 GB
RAM. This edition does support ADS.
Standard Edition
This is a perfect edition for small to medium business organization. Supports file and print
service and secure internet connectivity. Supports 4 way symmetric multi processing and 4 GM
RAM. Besides this it also supports distributed file system (DFS), Encrypting file services (EFS)
and shadow copies.
Enterprises Edition
Window Server 2003 enterprises edition is made for medium to big business organization. This
is full function server for organization. This edition supports 8-way symmetric multiprocessing
(8 Processor). 32 Bit support 32GB RAM and 64 bit version support 64GB RAM.
Datacenter Edition
Window Server 2003 datacenter is made for very big Business organization, where high security
and reliability is needed. This edition is the power house of window platform. This edition
supports the 32-way symmetric multi processing (64 processor) and 512GB RAM.
Window Server 64 bit editions provide higher CPU clock speed and faster floating point
processor operation. 64 bit editions increase access speed to enormous memory address.
The64-bit editions do not support 16-bit Windows applications, real-mode applications, POSIX
applications, or print services for Apple Macintosh clients.
In our last article you learnt about the basic concept of ADS. In this article we will configure the
ADS service on server 2003.
NTFS partition
Manual ip configuration
Connectivity of LAN
CD of Server 2003 (ADS Configuration wizard require window files)
Root partition (partition where you have installed server 2003) must be on NTFS
ADS configuration wizard store its installation files in NTDS folder and this folder must be
located on NTFS file system. Default file system of Server 2003 is NTFS unless you have
changed it during the installation. If you have changed the file system then you have to convert it
in NFTS before you start configuration of ADS.
To change file system from FAT to NTFS open command prompt and run following commands
c:\>convert c: /fs:ntfs
Replace c: with your installation drive latter
Reboot the system to take effect. After reboot verify that partition is successfully converted in
NTFS
From properties screen you could verify that file system is converted in NTFS
Manual IP configuration
Server IP address cannot be set to dynamic. You need to set static IP address before starting the
configuration of ADS. To set the static IP address opens the properties of local area connection.
Now select the TCP/IP and click on properties and set the IP address.
Connectivity of LAN
Sever will check the connectivity of LAN card during the installation of ADS. An unplugged lan
card or disable lan card will fail the configuration of ADS. So check it before ADS
configurations. You can check its status from the properties of my network places
Alternatively you can examine it just by looking at the task bar. Image below show the working
LAN card
How to configure ADS Active Directory Service Step by Step Guide
In our earlier article we have finished all necessary pre-quest. In this article we would configure
ADS. ADS configuration wizard can be invoked by thee ways.
No matter which options you choose all three will launch same ADS configuration wizard. I will
show all methods
To launch manage your server wizard click on start button and select manage your server option
To launch configure your server wizard click on start button and select configure your server
wizard from administrator tools.
It will show summary for ADS configuration wizard after checking all necessary services.
This is the first domain in first forest so select domain in new forest and click on next
Give the full FQDN name of server, we are using example.com for practice you can choose your
own
Wizard will automatically generate NetBIOS name of server don't change it.
DNS is required by ADS for proper functioning Select second options install and configure DNS
on this computer
If you have any pre windows 2000 client in network then select
Permission compatible with pre windows 2000 server operating systems
If you don't have any pre windows 2000 server operating systems then select
Permissions compatible only with Windows 2000 or Windows 2003 operating systems for
greater security features
Now set directory services restore mode passwords. This is used when you restore directory or
remove ADS.
Click on next after review the summary of your selection if need change of any option go back
and change.
Now wizard will configure all the options you have selected
If you are running this wizard first time then it need to copy some files form Server 2003 CD,
Insert Server 2003 CD when it is asked
We will configure DNS server separately after ADS so skip it here to save time
After reboot server is a domain controller. In our next article we will learn how to verify that
ADS is configured properly.
In our last article we have configured ADS. In this tutorial I will guide you how to check ads
installation. ADS installation can be verify from three methods.
My computer properties
Login screen
Administrator tools
My computer properties
To check wheatear ADS is installed or not on server, right click on my computer and select
properties, now select computer name tab.
In image below you can see the Domain name mean ADS is configured on this server
Login screen
If you see logon to: option on login screen mean ADS is configured on this server
Administrator tools
Most reliable testing of ADS is checking in administrator tools. If you see all three options listed
below in administrator tools means ADS is properly configured and functioning.
Removing of ADS
We have tested ADS installation now we would remove ADS so you can learn how to remove
ADS.
Choose any option it would launch same wizard for removing ADS.
To choose configure your server wizard click on start select administrator tools and click on
configure your server. This will launch configure your server window. Same windows can be
access by clicking on start button and select Manage your server.
Same wizard can be directly access by running DCPROMO commands in run menu
Now ADS will remove all DNS information store for this domain Click on next
Wizard will finally confirm you to delete all partitions. Tick mark on Delete all application
directory partitions on this domain controller.
Now wizard will start removing ADS it will take few minutes
Click on finish button to complete the wizard
A system reboot will require to take place click on restart now
Always use configuration wizard to remove ADS. Use registry method only when configuration
wizard fail to remove ADS.
After restart you will see logon to: option on login screen its normal just select local computer
and login. You can reconfigure ADS after login in local computer.
How to add or remove clients from domain network of server 2003
In a domain network a client is computer where actual works are done by users. All clients are
controlled by the server. In our previous article we have configured Server. Now we need client
computers so user can perform assigned task.
We assume that you have configured server before starting this process.
Once you have completed necessary steps go on client computer and login form administrator
account.
Right click on My computer and Select Properties In properties click on change button from
Computer name tab
In open window select Domain form Member of radio select pane. And give our server name
that is Example.com. It will ask you to authenticate the joining. We will use default administrator
account of server as we haven't created special account for this purpose.
Give the username to administrator and server administrator’s password.
After few minute a welcome message will appear on screen click on it.
After login you can check it in My computer properties. Select computer name tab in My
computer properties.
If you see workgroup here mean computer is the part of workgroup network.
If you see the domain here means computer is the part of domain network.
Right click on My computer and Select Properties In properties click on change button from
Computer name tab
In open window select WORKGROUP form Member of radio select pane. And give any name.
It will ask you to authenticate the disjoining. We will use default local administrator account.
Give the username to administrator and local administrator's password.
After few minute a welcome message will appear on screen click on it. System reboot is required
to take the effect. Restart the system
After reboot Verify disjoining process by any method given in above. Either by login screen or
my computer properties.
Administrator account can be used in LAB environments. But in a real company environments
using administrator account for joining or disjoining process create a huge security risk. Always
avoid using administrator account for this process. In our next article we will discuss that how
we can deploy other account for this process.
In our last article we have added client in domain using default administrator account.
Administrator account can be used in LAB environment. But in a real company environment
using administrator account for joining or disjoining process create a huge security risk. Always
avoid using administrator account for this process. In this article for server side process we
would create a special user account.
Right click on Users folder and select User form New options
In open window fill the user information and click on next
On password screen give password and remove tick mark from User must change password at
next login
On summary screen click on Finish button
Now create a computer account for client computer. Right click on Computers folder And select
Computer from New options
Give client computer name [ Make sure you give exact same name which you have on client
computer, Check it before giving here on client computer ]
Next step is to grant the access of add client in domain. To do this open domain controller
security policy
In left pane expand the local polices. In local polices select User Rights Assignment and in right
pane double click on Add workstation to domain
Now add administrators [group], administrator [Account], and Vinita[ User which you want to
grant the access]
Now refresh the group policy by running GPUPDATE commands in run
This article extends the previous article. We have completed server side configuration.
On account and domain information screen give user name to Vinita and it's password [ user
account which we created in our previous article] set domain to Example.com [ Your domain
name ] and click on next.
Now it will search for computer account in ADS. [ We have created a computer account for this
computer in ADS in our last article. ] Click on yes
You can use this account to login in server form client computer. But we are not going to use this
account for login process. So select Do not add a user at this time and click on next
After few minute a welcome message will appear on screen click on it.
After reboot system will be the member of domain network. There are several way to confirm
the membership of domain which we already discussed in our previous article.
Microsoft Management Console
The MMC is a powerful framework for organizing and consolidating administrative snap-ins.
Microsoft Windows Server 2003 administrative tools, called snap−ins, enable you to manage
user accounts, modify computer software and service settings, install new hardware, and perform
many other tasks. The Microsoft Management Console (MMC) provides the framework within
which these snap-ins operate.
In the Open text box, type mmc and then click OK.
The Add/Remove Snap-In dialog box appears with the Standalone tab active
There are two types of snap-ins, stand-alone and extension.
Stand-Alone Snap-Ins
Stand-alone snap-ins are provided by the developer of an application. All administrative tools for
Windows Server 2003, for example, are either single snap-in consoles or consoles with a
combination of snap-ins useful to a particular task.
Extension Snap-Ins
Extension snap-ins, or extensions, are designed to work with one or more stand-alone snap-ins.
When you add an extension, Windows Server 2003 places the extension into the appropriate
location within the stand-alone snap-in.
Click Add to display the Add Stand-alone Snap-In dialog box. Locate the snap-in you want to
add, and then click Add.
Many snap-ins prompt you to specify whether you wish to focus the snap-in on the local
computer or another computer on the network.
When you have added all the snap-ins you require, close the dialog boxes.
You could save MMC in two mode author mode and user mode, author mode is default mode To
change the mode click on file and select options
Type of User Mode Description
Author Mode
When you save a console in Author mode, which is the default, you enable full access to all of
the MMC functionality, including:
Adding or removing snap-ins
Creating windows
Creating taskpad views and tasks
Viewing portions of the console tree
Changing the options on the console
Saving the console
User Modes
you should choose the user mode If you plan to distribute an MMC with specific functions. By
default, consoles will be saved in the Administrative Tools folder in the users’ profile.
Full Access
Allows users to navigate between snap-ins, open windows, and access all portions of the console
tree.
To save the customized MMC, select the File menu and then select Save as
Profile is the user setting. A profile is associated with a user account and contains information
such as customized desktop settings, network and printer connections, and mail settings.
Whenever user first time login in any window computer, widow provide them default user
setting and create a folder of user name in Document and setting folder on windows partitions.
Any change made by user will save in this folder. Next time when user login on same computer,
window load this profile.
A local user profile is stored on a local computer's hard disk, and created automatically when
user login first time , if that user account does not already have a roaming profile in place.
Roaming profiles are stored on a network server in a location that is specified for a particular
user account. When you logon to the network for the first time with a particular user account that
has roaming enabled, a roaming profile is automatically created.
Local profile :- Created and managed on local system. User is allowed to customize the profile.
All change will save locally.
Roaming Profile:- Created and managed on Server system in a shared folder. User is allowed to
customize the profile. All change will save on servers hard disk.
Mandatory profile : - Created and managed on Server system in a shared folder. User is not
allowed to customize the profile. If user made some change in any login session they will not
save on exit and he will get same default profile on his next login.
A Server 2003 system with ADS and DNS Configured [ Check our previous articles for how to
configure ADS and DNS ]
Two clients systems for testing of roaming profile [Check previous articles for how to make
client ]
A user created in Active Directory User and Computers
We have configured all these steps in our previous article. If you have skipped previous article
then review it before going with this tutorial.
How to configure Roaming profile Server side configuration
Login from administrator account on server and create a folder named profile on any partition .
And Share it with Full Permission for Everyone
To avoid further error do also setting in offline tab. All data of profile folder is going to be save
on server so simple stop the offline availability of folder.
Click on Offline setting and select Files or program from the share will not be available offline
Now open this folder and create a folder named wallpaper in it.
In properties click on profile tab and set profile path to \\ Server name \ Shared folder \ User
name.
In our example server name is server.example.com , shared folder is profile, and user is Vinita.
Replace these with your server name , shared folder name , and user name.
If DNS server is not configured on server then use the IP address of server instead the name of
server like this. \\30.0.0.1\profile\Vintia
When you click on apply and ok in profile tab of user properties. Server creates a folder for user
in shared folder.
Go again in shared folder which you recently created and check it weather is created or not.
Create folder and file on desktop for testing purpose. Change desktop background. To change
desktop background Right click on desktop and select properties. In properties select desktop and
click on Browse tab and select any background form the folder on Server where you have copied
.bmp image. [ Remember image should be saved on server in share folder and its format must be
in .bmp folder]
Okey we have created one file and folder on desktop and also changed the desktop background.
Now logoff from user and go on other system and login form same account
You will found same profile as you configured on client1. Whatever change you will make in
this profile would save on server and will be available on any computer where this user login.
To make this profile mandatory for Vinita user, login to Server and open profile folder. In profile
folder open Vinita folder and rename ntuser.dat file to ntuser.man
If you don't see file extension then click on Tools ==> Folder options ==> view and remove the
tick mark form the options Hide extensions for known file types.
Once roaming profile is converted in mandatory profile . User is no longer allowed to save the
change he made in profile. To test it login in any client system with user Vinita.
Now make any change in profile and logoff form computer. Go on other computer and you will
not find your previous setting.