Vous êtes sur la page 1sur 40

System Administration (Windows Server 2008)

ACTIVE DIRECTORY DOMAIN SERVICES (ADDS)

Active directory was introduces on 1990’s and implemented in Windows 2000 Server with its
release in 2000. Windows Server 2003 and Windows Server 2008 used Active Directory with its
expansions during time. Window 2000 Server, Windows Server 2003 and Windows Server 2008 use
Active Directory domain Services as a base for distributed networks (distributed computing network
system).

Directory:
The listing of objects in the comprehensive way general data base of information or repository is
known as directory.

Active Directory:
Active directory provides a way to store and avail information related to the network objects to other
users, administrator and applications. The objects organized inform of organizational units (OUs),
domain, sites, trees and forests. Active directory with the standard protocols is accessible by third
party directory services because it can easily exchange and use the information effectively.

Active Directory in Windows Server 2008 R2 with the expand functionalities provide centralized
administration to its users and application objects. The management of related identities are provided
for the network of organization by Active Directory.

Active Directory Domain Services (ADDS):

The Active directory domain Services stores information and use stored data in the

computer network. It has hierarchal structure for network objects. Objects include in the
network are users, resources, computer accounts, security policies and applications. The user account
in the Active directory can stores names, email address and password which are the example of
particular information stores in the directory. Active Directory Domain Services (ADDS) make the
server domain controller and it is integrated with Domain Name System (DNS).The data is protected
from unauthorized use and access of objects by any unauthorized access. The integration of AD DS
with operating system and other applications has different capabilities like shared resource
management. AD DS provides easier access of data for the users and administrator.

Rules and Features in Active Directory Domain Services:

The following features are included in Active Directory domain Services

 Access control to resources and authenticated logon for the users for the security integration
in AD DS
 Central management and organization by administrator with single network logon
 The specific formats and limits for the objects and their related attributes
 The use of global catalogue by the users and administrator for information about the objects
 Index mechanism provide query system for the easy access of network objects and their
attributes
 Centralized management of network with the security
 Comprehensive use of network object and properties with protected management

Benefits of Active Directory Domain Services:

Active Directory Domain Services is very secure with the comprehensive solution for the span
network in multiple locations.

 Ease of administration with centralized secure management


 Comprehensive management with the increasing number of objects (users, computers and
roles)
 Provide single view of the users with proper management
 Single network with different mechanisms of security
 Automation for the administration tasks like managing and adding users and groups or other
works related to different objects

Important Terms, Tools and Concepts in AD DS:


FQDN (Fully Qualified Domain Name):

The FQDN is specified for the host, internet or specific computer. It is the
complete name with two parts host name and domain name and also top level domain. Like
project.sbk.com is FQDN where project is host name, “sbk” is second level domain and com
is top level domain. FQDN has specific location in the hierarchy of Domain Name System
(DNS).
Active Directory Users and Computers:

The active Directory Users and Computers is tool and a console snaps in introduced by
Microsoft for the management purposes. You can create user and computer

accounts; set their security policies and you can also apply group policies.

User:

User is the person who can use any specific computer in the given

environment with the specified policies. You can log on the computer by the Active
Directory user account. The Active Directory account identifies the user and establish
authentication so that the user can use the resources within the domain.

OU (Organizational Unit):

Organizational Unit let you organize the users in one container that can hold all

user and computer accounts that have common needs so that can be easily
managed and supported by the administrator. The example is an OU Students that
is for all the common users. The domain can contain the collection of different OUs with the
same policies like security (password policy) that is basically same for every user in the OU.
The organizational unit administrator is responsible for user and computer account
maintenance in the OU.

Group Policy Object (GPO):

Group policy object is the tool which provides centralized configuration and

management for the operating system and let you set rules on user and
computer accounts in the Active Directory as the system administrator. It is
used in the small businesses and organizations very commonly. Group policy object will store
the configured setting of Active Directory. The management and configuration of software,
desktop and network environments can be done by GPO. The Group Policy is the feature in
Windows Server 2008’s Server Manager you need to install so that you could use and manage
multiple accounts. Group Policy management console let you easily use different policies for
the group policy objects.

Benefits of using GPO

There are some uses of Group Policy Objects

 You can block as the administrator the devices for specific users
 The improved security implementations for devices and users using firewall and IPsec
 Categorized management of resources makes it possible to easily deploy and manage the
resources
 You can manage multiple groups, logs and event in the GPO

Roaming Profile
The roaming profile let you store and access the shared documents and desktop setting on the same
network with the customize settings seamlessly. The roaming profile stores your customized data on
the server; you can get access of your profile data in the same way as you saved last time even using
the other computers on the network so roaming profile makes it possible by just joining the domain
regardless of location. Administrator can control and designate the roaming profile to the domain
administrator group and other groups and accounts.

The Issues with Roaming Profile:


The roaming profile bandwidth problems can appear inform of time consuming logging in and
logging off from the account. The transformation and use of higher bytes of data is not possible with
it and it can create problems for the different accounts of the users log in at the same time.

Network Drive (Z drive)

Network drive is the shared space on the hard disk for different users in the

network. It is a central location for the users provided on the server also known as remote drive.
The data from here is accessible by the authorized users of the domain. Mapping the network drive
can be the time saver to access data files and folders from remote computer (Server). The path of
drive is specified for each user in the network so the users can easily access their required data.

Advantages Network Drive:


Network drive has the following benefits:

 A user do not need to follow and remember a large path to access the data, you just need to
open ‘‘My Computer’’ and the access allocated drive by the administrator
 You do not need to shift and transfer data after each modification, your data is save at your
network drive
 In case of any problem in the client computer data is accessible in the centralized domain
controller or server

Home Directory/ Home Folder:

Home directory is used for the user so that they can save securely their data and

could easily access the data. The users can have their unique and individual home directory to
save and use data. The UNC (Universal Naming Convention) path is used and you can access your
home drive from any directory. The users can save the images, music, videos and text document in
the home drive. In command line activities it is called home directory and in graphical user interface
it is known as home folder. The user profile is used as the default home folder for the user accounts.
It has following benefits:

 Provide backup of important data on the server central to separate users by the administrator
 Central collection of files makes the management easier for the administrator
 Secure data by providing separating system data and user’s data, and providing recovery to
data
 The large files can be store easily
 The user can access the data from any connected computer in the network

Assigning Home Folder:


You can assign home folder to the domain users easily by the following the instructions.

 Home folder path should be specified


 The shared permissions should permit the user to access the home folder
 Assign the home folder to the domain user
Installation and Configuration of ADDS

Installation and Configuration of Active Directory Domain Services

 Go to Start menu and select Server Manager

 In Server Manager Window Select Roles and Click on Add Role


 In the Add Roles Wizard, Read Before You Begin instructions and Click Next
 Select Active Directory Domain Services as Server Role and Click on Next
 Check the overview and Click on Next to continue installation
 The Confirm Installation Window in the Wizard will conform about the installation of AD
DS
 You can view the progress during installation of AD DS
 The Installation Result can be viewed at the end of installation, now click on blue highlighted
massage and Run dcpromo.exe before closing the Installation Result Window
 After running dcpromo.exe you will get the Welcome window that will let you make the
system domain controller
 The Operating System Compatibility inform you about improved security settings in
Windows Server 2008 and it compatibility effects, click on Next to continue
 The AD DS Installation Wizard let you choose the appropriate choice suitable to your
network environment, Select Create new domain in the new forest and Click on Next
 Write the appropriate fully Qualified Domain Name and click on Next
 The installation process will check and confirm that the FQDN is not already in use
 Setting Forest Functional Level. Select Windows Server 2008 from drop down menu and
click on Next to continue
 The settings will be checked for DNS installation

 In the Additional Domain controller Options check DNS server which is requirement for AD
DS (Domain Controller), click on Next to proceed
 The massage will appear when you are installing DNS server click on Yes
 The paths of database, log files, and System volume folders is all given, you can change the
folder paths according to your requirement and click next
 Write the password and confirm it (Remember password as it is required for the first login
and Removing of AD DS), click on Next to continue
 You can check all the summary of the selected options and click on Next to start installation
 The installation process can be viewed on AD DS Installation Wizard
 System requires restart after completion of installation of AD DS so the server could take the
updates

Creating User in the Active Directory

 To create a user, go to Start Menu, Administrative Tools and select Active directory Users
and computers
 In the AD Users and computers Window select domain name, you can see expanded objects
below FQDN (project.sbk.com)

 Below FQDN (project.sbk.com) right click on Users, Select New then select User
 On the New object User fill the required boxes and click Next
 Write the user log on password, rewrite to confirm it and remember it, below password text
areas check boxes are given check the proper option according to your requirement
 The summary will be shown at the last to confirm all entered data click on Finish to create a
user account in your domain

 The user created can be seen with its Name, Type and description
Creating Organizational Unit (OU) in Active Directory
 In the Active Directory Users and computers Window right click on FQDN (project.sbk.com)
and in the appeared menu select New then Select Organizational Unit

 Creating OU write the require Name, check protection container option and click OK
 The required OU(Student) is created below FQDN (project.sbk.com)
Creating Home Folder for the User
 To create home folder for the user, Select a drive e.g. volume (F :)

 Right click in the drive and select New then folder from the menu to create new folder

 After creating New folder Rename it as the Home Folder in the F: drive
 Right click on the Home Folder and select properties from the menu
 In the Home Folder properties Window click on Sharing tab and select Advance Sharing to
set the sharing permissions for the folder

 In the Home Folder properties window click on add tab, In the Select Users, Computers,
Groups Window write the user account name (LubnaAijaz) or click on Check Names tab to
select user name for setting Home Folder permissions on the user account and click OK

 Select the check boxes Full Control Change and Read for the specified account (LubnaAijaz)
click Apply to get the changes
 The Home Folder is now shared for the user account


 Continuing the steps creating home folder for the user account select Start menu,
administrative Tools and then active Directory Users and Computers

 In active Directory Users and Computers window select the user account (LubnaAijaz in the
Students OU) right click and select Properties
 In the user account properties (LubnaAijaz) select Profile Tab. In the Home folder select
Connect radio button, select drive letter (L) and go to: define path of
HomeFolder\\ServerName\HomeFolder\UserName (\\SystemDC\HomeFolder\Lubna) click
OK to get settings
Client Side View
You can login and check the configuration for the user account to do so Login to system and follow the steps:

 Select Start menu and go to Computer


 In the computer window you can now check the drive (L :) created for user account
(LubnaAijaz)
Note: This configuration gives the simple path to the user to save and use the data, otherwise the
user need to go in the Networks, select the server name and then specified drive letter.

You can define different quota for different accounts in the domain in the Advance Sharing of Home
folder Share permissions. Users cannot see the data of on another so they can use their drive and
store data in isolated way within the network environment.