Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 2: Implementing an Active Directory Forest and Domain Structure.

Published bySydney Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 2: Implementing an Active Directory Forest and Domain Structure."— Presentation transcript:

1 Module 2: Implementing an Active Directory Forest and Domain Structure

2 Overview Creating a Forest and Domain Structure Examining Active Directory Integrated DNS Raising Forest and Domain Functional Levels Creating Trust Relationships

3 Lesson: Creating a Forest and Domain Structure Requirements for Installing Active Directory The Active Directory Installation Process How to Create a Forest and Domain Structure How to Add a Replica Domain Controller How to Rename a Domain Controller How to Remove a Domain Controller from Active Directory How to Verify the Active Directory Installation How to Troubleshoot the Installation of Active Directory

4 Requirements for Installing Active Directory A computer running Windows Server 2003 Minimum disk space of 250 MB and a partition formatted with NTFS Administrative privileges for creating a domain TCP/IP that is installed and configured to use DNS An authoritative DNS server that supports SRV resource records

5 The installation process Starts the security protocol and sets the security policy Creates the: Active Directory partitions, database, and log files Forest root domain SYSVOL folder Configures the site membership of the domain controller Enables security on the directory service and the file replication folders Applies the password for restore mode Starts the security protocol and sets the security policy Creates the: Active Directory partitions, database, and log files Forest root domain SYSVOL folder Configures the site membership of the domain controller Enables security on the directory service and the file replication folders Applies the password for restore mode The Active Directory Installation Process

6 How to Create a Forest and Domain Structure You can refer to the following procedure when you create a forest and domain structure in the lab

7 How to Add a Replica Domain Controller You can refer to the following procedure when you add a replica domain controller to a domain in the practice

8 How to Rename a Domain Controller Your instructor will demonstrate how to rename a domain controller

9 How to Remove a Domain Controller from Active Directory You can refer to the following procedure when you remove a domain controller in the lab

10 How to Verify the Active Directory Installation Your instructor will demonstrate how to: Verify the creation of SYSVOL and its shares The directory database and log files The default Active Directory structure Verify the installation results by examining the event logs Verify the creation of SYSVOL and its shares The directory database and log files The default Active Directory structure Verify the installation results by examining the event logs

11 How to Troubleshoot the Installation of Active Directory Symptom Possible causes Access denied when creating or adding a domain controller You are not logged on using an account in the Local Administrators group Your credentials are not from a user account that is a member of the Domain Admins or Enterprise Admins group DNS or NetBIOS domain names are not unique Another domain has the same DNS or NetBIOS name Domain cannot be contacted Network error DNS error Insufficient disk space Available disk space is less than the minimum required to install Active Directory

12 Practice: Creating a Child Domain In this practice, you will  Install Active Directory and create a child domain in nwtraders.msft  Verify the installation of Active Directory

13 Lesson: Examining Active Directory Integrated DNS DNS and Active Directory Namespaces What Are Active Directory Integrated Zones? What Are SRV Resource Records? SRV Records Registered by Domain Controllers How to Examine the Records Registered by a Domain Controller Multimedia: How Client Computers Use DNS to Locate Domain Controllers and Services

14 DNS and Active Directory Namespaces training microsoft = DNS node (domain or computer)= Active Directory domain sales computer1 DNS Root Domain “.”“.” com.com. DNS Namespace Active Directory Namespace microsoft.msft sales. microsoft.msft training. microsoft.msft

15 What Are Active Directory Integrated Zones? Active Directory Integrated Zones Are primary and stub DNS zones that are stored as objects in the Active Directory database Can be stored in an application or a domain partition Offer the following benefits  Multimaster replication  Secure dynamic updates  Standard zone transfers to other DNS servers Are primary and stub DNS zones that are stored as objects in the Active Directory database Can be stored in an application or a domain partition Offer the following benefits  Multimaster replication  Secure dynamic updates  Standard zone transfers to other DNS servers

16 What Are SRV Resource Records? SRV resource records are DNS records that map a service to the computer that provides the service Format of SRV records Example _ldap._tcp.contoso.msft 600 IN SRV 0 100 389 london.contoso.msft _Service_.Protocol.Name Ttl Class SRV Priority Weight Port Target

17 SRV Records Registered by Domain Controllers Domain controllers running Windows Server 2003 register SRV records in the _msdcs subdomain in the following format: Examples _ldap._tcp. DnsDomainName _ldap._tcp. SiteName._sites.dc _msdcs. DnsDomainName _gc._tcp. DnsForestName _gc._tcp. SiteName._sites. DnsForestName _kerberos._tcp. DnsDomainName _kerberos._tcp. SiteName _ sites. DnsDomainName _ Service. _ Protocol.DcType._ msdcs. DnsDomainName

18 How to Examine the Records Registered by a Domain Controller Your instructor will demonstrate how to examine the records registered by a domain controller by using the DNS console or the NSLookup utility

19 Multimedia: How Client Computers Use DNS to Locate Domain Controllers and Services DNS Server Client Domain Controller

20 Practice: Verifying SRV Records In this practice, you will examine the SRV records that are registered by your domain controller

21 Lesson: Raising Forest and Domain Functional Levels What Is Forest and Domain Functionality? Requirements for Enabling New Windows Server 2003 Features How to Raise the Functional Level

22 What Is Forest and Domain Functionality? Network environment Domain functional levels Forest functional levels Windows 2000 mixed-mode domain Windows 2000 native-mode domain Windows Server 2003 Domain Windows Server 2003 Interim Enable forest-wide or domain-wide Active Directory features

23 Requirements for Enabling New Windows Server 2003 Features RequirementDomainForest Domain controllers must run: Windows Server 2003 Domain functional level must be: Raised to Windows Server 2003 Able to be raised to Windows Server 2003 Administrator: Domain administrator to raise domain functional level Enterprise administrator to raise forest functional level

24 How to Raise the Functional Level Your instructor will demonstrate how to raise the forest and domain functional levels

25 Practice: Raising the Domain Functional Level In this practice, you will raise the functional level of your domain

26 Lesson: Creating Trust Relationships Types of Trusts What Are Trusted Domain Objects? How Trusts Work in a Forest How Trusts Work Across Forests How to Create Trusts How to Verify and Revoke a Trust

27 Types of Trusts Forest (root) Tree/Root Trust Tree/Root Trust Forest Trust Forest Trust Shortcut Trust External Trust External Trust Kerberos Realm Realm Trust Realm Trust Domain D Forest 1 Domain B Domain A Domain E Domain F Forest (root) Domain P Domain Q Parent/Child Trust Forest 2 Domain C

28 Trusted domain objects Represent each trust relationship in a particular domain Store information such as transitivity and trust type Represent each trust relationship in a particular domain Store information such as transitivity and trust type What Are Trusted Domain Objects?

29 How Trusts Work in a Forest Tree One Tree Two Domain 1 Tree Root Domain Forest Root Domain Domain 2 Domain C Domain A Domain B

30 How Trusts Work Across Forests nwtraders.msftcontoso.msft Forest trust Global catalog Seattle vancouver.nwtraders.msft seattle.contoso.msft Vancouver 2 2 4 4 6 6 1 1 3 3 5 5 7 7 8 8 9 9 Forest 1 Forest 2

31 How to Create Trusts Your instructor will demonstrate how to create trusts by using Active Directory Domains and Trusts

32 How to Verify and Revoke a Trust Your instructor will demonstrate how to verify and revoke a trust by using Active Directory Domains and Trusts

33 Practice: Creating a Shortcut Trust In this practice, you will  Create a shortcut trust between your domain and another domain in your forest  Validate the shortcut trust

34 Lab A: Implementing Active Directory Removing a Child Domain from Active Directory Creating an Active Directory Forest Root Domain Creating an Active Directory Child Domain Raising Domain and Forest Functional Level Creating a Forest Trust

Download ppt "Module 2: Implementing an Active Directory Forest and Domain Structure."

Similar presentations

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Windows Server 2003 AD 安裝設定與管理維護 林寶森

Windows Server 2003 AD 安裝設定與管理維護 林寶森
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows Server 2003 建立網域間之信任關係

Windows Server 2003 建立網域間之信任關係
Module 10: Troubleshooting AD DS, DNS, and Replication Issues.

Module 10: Troubleshooting AD DS, DNS, and Replication Issues.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Introduction to Active Directory

Introduction to Active Directory
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Domain Name Server © N. Ganesan, Ph.D.. Reference.

Domain Name Server © N. Ganesan, Ph.D.. Reference.
Course 6425A Module 2: Configuring Domain Name Service for Active Directory® Domain Services Presentation: 50 minutes Lab: 45 minutes This module helps.

Course 6425A Module 2: Configuring Domain Name Service for Active Directory® Domain Services Presentation: 50 minutes Lab: 45 minutes This module helps.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory

Understanding Active Directory
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

Similar presentations

Ads by Google