Download presentation
Presentation is loading. Please wait.
Published byLorena Thomas Modified over 9 years ago
1
1 Installing and Configuring Active Directory Preparing for Active Directory Installation Installing and Removing Active Directory Verifying Active Directory Installation Troubleshooting Active Directory Installation and Removal
2
2 Preparing for Active Directory Installation Active Directory Installation Prerequisites: – The Domain Structure – The Domain Name – The storage location of the database and log files – The location of the shared system volume folder – The DNS configuration method – The DNS configuration
3
3 Determining the Domain Structure You must assess your: – Company’s physical environment – Determine the forest root domain – Determine the number of domains – Organize domains in a hierarchy
4
4 Assessing the Physical Environment The physical environment of your organization’s network includes: – The current location of points on the network – The current number of users at each location – The current network type used at each location – The current location, link speed, and percentage of available bandwidth of remote network links – The current TCP/IP subnets at each location – The current location of domain controllers – The current list of servers at each location and the services that run on each – The current location of firewalls in the network
5
5 Physical Environment Example
6
6 Physical Environment In addition to your assessment of the organization’s physical environment, you should also consider other infrastructures currently employed – DNS – Exchange Server Integrating DNS Structures – Issues when using BIND
7
7 Determining the Forest Root Domain Is the first domain you create in an Active Directory Forest Must be centrally managed by an IT organization that is responsible for making domain hierarchy, naming and policy decisions Start with a dedicated forest root domain – Set up exclusively to administer the forest infrastructure
8
8 Determining the Forest Root Domain Dedicated root domain is recommended: – Enables you to control the number of administrators – Easily replicate the forest root across the enterprise – Never becomes obsolete – Easily transfer the ownership
9
9 Determining the Number of Domains You should begin planning your domain structure with a single child domain under the root, and add more domains only when the single child domain model no longer meets your needs You should not create separate domains to reflect your company’s organization of divisions and departments – Use Organizational Units is recommended here Remember that a single Windows Server 2003 domain can contain/maintain up to a million objects (Tested) – Had restrictions in NT 4.0
10
10 Reasons to Create More Than One Domain Decentralized network administration Replication control Different password requirements between organizations Massive number of objects Different Internet domain names International requirements Internal political requirements
11
11 Defining a Domain Hierarchy If you require more than one domain, you must organize the domains into a hierarchy that fits the needs of your organization As domains are placed in a hierarchy, the two- way transitive trust relationship (default) allows the domains to share resources Recap the differences between the logical domain Tree and Forest components.
12
12 Planning a Domain Namespace Domains are named using DNS name resolution techniques. Plan the DNS namespace before using DNS on the network. Decisions must be made about how DNS is to be used and what goals will be accomplished using DNS. – Has a DNS domain name been previously chosen and registered for the Internet? – Will the company’s internal Active Directory namespace be the same or different from its external Internet namespace? – What naming requirements and guidelines must be followed when choosing DNS domain names?
13
13 Choosing a DNS Domain Name First choose and register a unique parent DNS name that can be used for hosting the organization on the Internet. Before deciding on a parent DNS name for the organization, perform a search to see if the name is already registered to another entity. The Internet DNS namespace is currently managed by Network Solutions Inc., though other domain name registrars are also available. Combine the parent DNS name with a location or organizational name used within your organization to form other sub-domain names.
14
14 Determining the Domain Name Use only the Internet standard characters. The character set names may be up to 40 characters taken from the printable characters of US-ASCII. However, no distinction is made between use of upper and lower case letters. Differentiate between internal and external name spaces, if any. Base the internal DNS name on the Internet DNS name
15
15 Determining the Domain Name Never use the same domain name twice Use only registered domain names Use names that will remain static Use short, distinct, meaningful names
16
16 Database and Shared System Volume Installing Active Directory creates the database and database log files, as well as the shared system volume. Replication of the shared system volume occurs on the same schedule as replication of the Active Directory. File replication to or from the newly created system volume may not be noticed until two replication periods have elapsed, typically 10 minutes in duration. The first file replication period updates the configuration of other system volumes so that they are aware of the newly created system volume.
17
17 Database and Database Log Files The database is the directory for the new domain. Default location is %systemroot%\NTDS. If able place the database and its log file on separate hard disks. Database name is NTDS.DIT – Contains the schema, global catalog and objects stored on a domain controller
18
18 Shared System Volume A folder structure that exists on all Windows 2003 domain controllers. Stores scripts and some of the group policy objects for both the current domain and the enterprise. Default location is %systemroot%\SYSVOL. Must be located on a partition or volume formatted with NTFS 5.0. Replication occurs on the same schedule as Active Directory
19
19 Determining the DNS Configuration Method You can configure you Windows Server 2003 DNS server manually or you can allow it to be configured automatically during the installation of Active Directory You must have a DNS Server installed if you are using Active Directory as DNS is the locator service for Active Directory. Does not need to be a Windows Server 2003 DNS server – Can be a BIND Server
20
20 Determining the DNS Configuration If you manually install DNS, you must make sure that the configuration meets the DNS requirements for joining an Active Directory Domain Computers joining an Active Directory domain must satisfy the following DNS requirements: – Must be configured with a static IP address and the IP address of the DNS server – Service Records must exist on the DNS server How to configure a static IP address and DNS server IP address on the computer
21
21 Configuring the Required DNS Resource Records The following Service Location Records must exist on the DNS server: – _ldap._tcp.dc_msdcs.DNSDomainName This record identifies the names of the domain controllers that serve the Active Directory domains – A corresponding (A) resource record that identifies the IP address for the domain controllers listed in the SRV record To verify the appropriate records exist: – Nslookup – Need a reverse lookup zone to use Nslookup utility
22
22 Installing and Removing Active Directory There are four ways to install Active Directory: – DCPromo.exe – Using an answer file to perform an unattended installation – Using the network or backup media (to install Active Directory on additional domain controllers in the network using media) – Using the Configure Your Server Wizard
23
23 Installing Active Directory using DCPromo.exe Wizard Can Perform the Following Tasks: – Add a domain controller to an existing domain – Create the first domain controller of a new domain – Create a new child domain – Create a new domain tree – Install a DNS server – Create the database and database log files – Create the shared system volume – Remove Active Directory services from a domain controller
24
24 Installing Active Directory using an Answer File You can create an answer file to run the Active Directory Installation Wizard without having to respond to the screen prompts Dcpromo /answer:(answerfile)
25
25 Installing Active Directory Using the Network or Backup Media In Windows 2000, promoting a member server to become an additional domain controller required replicating the entire directory database Servers running Windows Server 2003 can be promoted using a restored backup taken from a Windows Server 2003 domain controller This backup can be stored on any backup media Reduces the amount of replication required to copy the directory database – Saves on bandwidth Enables you to configure a new DC quicker Dcpromo /adv
26
26 Using the Configure Your Server Wizard
27
27 Removing Active Directory from a Domain Controller Run Dcpromo To remove AD, you must have the appropriate credentials: – Must have Enterprise admins, to remove the LAST DC in a tree-root or domain – To remove AD from a DC that is the last in the forest, you must log on to the domain as Administrator or as a member of the Domain Admins global group – To remove AD from a domain controller that is not the last DC in the domain, you must be logged on as a member of either the Domain Admins global group or the Enterprise Admins group
28
28 Verifying Active Directory Installation You must verify that Active Directory has been correctly installed You can do this by verifying the following: – Domain Configuration – DNS configuration – DNS Integration With Active Directory – Installation of the shared system volume – Operation of the Directory Services Restore Mode boot option
29
29 Troubleshooting Active Directory Installation and Removal Troubleshooting Active Directory Installation – You cannot reach the server from which you are installing, perhaps because the DNS name is not registered yet – The name of the domain you are authenticating against is incorrect or not available yet – The user name and password you supplied are incorrect – The DNS server settings are not configured correctly – You are unable to remove data in Active Directory after an unsuccessful removal of Active Directory
30
30 Troubleshooting Active Directory Installation and Removal Tools available to help diagnose and resolve problems – Directory Service Log – NetDiag.exe – Network connectivity tester – DcDiag.exe – Domain controller diagnostic tool – Dcpromoui.log, Dcpromos.log and Dcpromo.log files – Ntdsutil – Active Directory diagnostic tool
31
31 Troubleshooting Active Directory Installation and Removal Troubleshooting with the Directory Service log in Event Viewer
32
32 Troubleshooting Active Directory Installation and Removal Troubleshooting with netdiag.exe Included with the support tools on the installation CD Netdiag.exe diagnoses network problems by checking all aspects of a host computer’s network configuration and connection Netdiag has the following syntax
33
33 Troubleshooting Active Directory Installation and Removal
34
34 Troubleshooting Active Directory Installation and Removal Run Netdiag whenever a computer is having network problems The utility tries to diagnose the problem and can even flag problem areas for closer inspection Can fix simple DNS problems with the optional /fix switch How to install the Windows Server 2003 support tools To use Netdiag – Netdiag /debug
35
35 Troubleshooting Active Directory Installation and Removal Troubleshooting with Dcdiag.exe – Is a command line diagnostic tool included in the support tools – Analyzes the stat of domain controllers in a forest or enterprise and reports any problems – Runs a series of tests to verify different functional areas of Active Directory – You can specify which domain controllers are tested – Read only tool that does not affect the state of the enterprise and performs an automatic analysis of the domain controller with little user intervention – Dcdiag tool verifies DNS names for the server are registered The server can be reached by IP address, LDAP and RPC
36
36 Troubleshooting Active Directory Installation and Removal Dcdiag.exe syntax
37
37 Troubleshooting Active Directory Installation and Removal
38
38 Troubleshooting Active Directory Installation and Removal Example of Dcdiag.exe – Dcdiag /s:domain_controller_name /test:connectivity
39
39 Troubleshooting Active Directory Installation and Removal Troubleshooting with the Dcpromo Log files Following logs are created when you install Active Directory – Dcpromoui.log – Dcpromos.log – Dcpromo.log
40
40 Troubleshooting Active Directory Installation and Removal Dcpromoui.log – Contains detailed progress report of the Active Directory installation from a graphical interface perspective – Following information about the installation or removal is logged The name of the source domain controller for replication The directory partitions that were replicated to the target server The number of items that were replicated in each directory partition The services configured on the target domain controller The access control entries set on the registry and files The sysvol directories Applicable error messages Applicable selections that were entered by the Administrator during the installation
41
41 Troubleshooting Active Directory Installation and Removal Dcpromos.log – Similar to the Dcpromoui.log file – Is created by the user interface during the graphical user interface mode setup when a 3.x or 4.0 domain controller is promoted to a Windows 2003 domain controller
42
42 Troubleshooting Active Directory Installation and Removal Dcpromo.log – Records settings used for promotion or demotion, such as the site name, the path for Active Directory Database and log files, time synchronization and information about the computer account – Captures the creation of the Active Directory database, Sysvol trees and the installation, modification and removal of services – Log is located in %systemroot%\debug
43
43 Troubleshooting Active Directory Installation and Removal Troubleshooting with Ntdsutil.exe – Command line tool that provides management facilities for Active Directory – By default is installed in the %systemroot%\system32 directory
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.