Active Directory Windows2003 Server

Agenda What is Active Directory What is Active Directory Building an Active Directory Building an Active Directory Using Active Directory Features Using Active Directory Features Active Directory Objects Active Directory Objects Auditing Active Directory Auditing Active Directory

Group Names Charles Guzman Charles Guzman Daniel Gebretensai Daniel Gebretensai Ervand Akopyan Ervand Akopyan Hovik Gharadaghi Hovik Gharadaghi

Active Directory

What is Active Directory Efficient Directory Management service Based on Standard Internet Protocols Helps to Clearly Define a Network’s structure

Requirements The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server. The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server. At least one volume on the computer must be formatted with NTFS. At least one volume on the computer must be formatted with NTFS. DNS must be active on the network prior to AD installation or be installed during AD installation. DNS must be active on the network prior to AD installation or be installed during AD installation. DNS must support SRV records and be dynamic. DNS must support SRV records and be dynamic. The computer must have IP protocol installed and have a static IP address. The computer must have IP protocol installed and have a static IP address. The Kerberos v5 authentication protocol must be installed. The Kerberos v5 authentication protocol must be installed. Time and zone information must be correct. Time and zone information must be correct.

Installation Of Active Directory

DCPROMO

Why Install DNS? Clients use DNS to locate Active Directory controllers. Clients use DNS to locate Active Directory controllers. Servers and client computers register their names and IP addresses with the DNS server. Servers and client computers register their names and IP addresses with the DNS server.

Active Directory Domains – Group of computers Domains – Group of computers Domain Trees –Share contiguous Namespace Domain Trees –Share contiguous Namespace Domain Forests – Share common directory information Domain Forests – Share common directory information Organizational Units – Subgroup of Domains that mirror an organization Organizational Units – Subgroup of Domains that mirror an organization

Logical View Child, Tree, Forest

Creating a Child Domain

Requirements Existing Domain Existing Domain Member Server Member Server

Logical View Child, Tree, Forest

What does Active Directory do for us Keep a central list of users and passwords Keep a central list of users and passwords Provide a set of servers to act as “authentication servers” known as a Domain Controller Provide a set of servers to act as “authentication servers” known as a Domain Controller Maintain a searchable index of the things in the domain Maintain a searchable index of the things in the domain Allow you to create users with different levers of powers Allow you to create users with different levers of powers

USING ACTIVE DIRECTORY FEATURES Directory service back up reminders Directory service back up reminders Added replication security and fewer errors Added replication security and fewer errors Install from Media Improvement for Installing DNS servers Install from Media Improvement for Installing DNS servers Support for running domain controllers in virtual machines Support for running domain controllers in virtual machines Extended storage of deleted objects Extended storage of deleted objects

New AD Features in Windows 2003 Multiple selection of user objects Multiple selection of user objects Drag and Drop functionality Drag and Drop functionality Efficient search capabilites Efficient search capabilites Saved Queries Saved Queries

New Domain and Forest Wide AD Features Domain control rename tool Domain control rename tool Different location option for user and computer accounts Different location option for user and computer accounts Forest trusts Forest trusts Replication enhancements Replication enhancements User access control to resources between domains and forests User access control to resources between domains and forests

Group Policy Feature Defines the various components of the users desktop environment that an administrator must manage Defines the various components of the users desktop environment that an administrator must manage Applies not only to user and client computers but also to member servers, domain controllers, and other 2003 server in scope of management Applies not only to user and client computers but also to member servers, domain controllers, and other 2003 server in scope of management

Group Policy cont’d Manage registry-based policy with Administrative Templates Manage registry-based policy with Administrative Templates Assign scripts. This includes scripts such as computer startup, shutdown, logon, and logoff Assign scripts. This includes scripts such as computer startup, shutdown, logon, and logoff redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations

GP Screenshots Configuring a custom console

GP Screenshots Adding a group policy object link

Active Directory Objects ADDING AND REMOVING OBJECTS

Active Directory Objects An object is a distinct named set of attributes that represents a network resource. Typical objects are users, groups, computers and printers. Each object has a number of attributes. For example, the user object has attributes such as password, name, password length and address. Objects are typically grouped into classes, such as groups (a number of user accounts), computers and printers. When objects are grouped together, they are placed into a container that holds the objects (its like a desk draw that holds a number of objects). Objects

If you try to add AD users using lusrmgr.msc you will receive the following error

How to join a Domain Network