1 Installing and Configuring Active Directory  Preparing for Active Directory Installation  Installing and Removing Active Directory  Verifying Active.

Slides:



Advertisements
Similar presentations
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Advertisements

Windows Server 2003 AD 安裝設定與管理維護 林寶森
Module 10: Troubleshooting AD DS, DNS, and Replication Issues.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
Ownership and auditing. Overview Configure DNS to prepare for Domain Controller installation Checking configuration Running DCPROMO.EXE.
7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Domain Name Server © N. Ganesan, Ph.D.. Reference.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Ch 8-3 Working with domains and Active Directory.
Module 1: Installing Active Directory Domain Services
Module 1: Installing Active Directory Domain Services
Ch 11 Managing System Reliability and Availability 1.
Overview of Active Directory Domain Services Lesson 1.
Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Test Review. What is the main advantage to using shadow copies?
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Name Resolution Domain Name System.
MIGRATING FROM MICROSOFT EXCHANGE SERVER AND OTHER MAIL SYSTEMS Appendix B.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Name Resolution.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.
W2K Server Installation It is very important that before you begin to install Windows 2000 Server, you must prepare for the installation by gathering specific.
Active Directory Windows2003 Server. Agenda What is Active Directory What is Active Directory Building an Active Directory Building an Active Directory.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Implementing Active Directory Lesson 2. Skills Matrix Technology SkillObjective DomainObjective # Installing a New Active Directory Forest Configure a.
Module 7 Active Directory and Account Management.
Active Directory Maryam Izadi. Topics Covered NT Vs 2000/2003 Active Directory LDAP MMC.
Chris Almida Sr. Program Manager Microsoft Corporation SESSION CODE: WSV206.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Module 1: Implementing Active Directory ® Domain Services.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Introduction to Active Directory
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
1 Implementing Active Directory Planning Active Directory Implementation Installing Active Directory Operations Master Roles Implementing an Organizational.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Module 2: Implementing an Active Directory Forest and Domain Structure.
11 IMPLEMENTING ACTIVE DIRECTORY Chapter 2. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY2 REQUIREMENTS FOR ACTIVE DIRECTORY  Microsoft Windows Server 2003.
Overview of Active Directory Domain Services
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Network Administration
Implementing Active Directory
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Presentation transcript:

1 Installing and Configuring Active Directory  Preparing for Active Directory Installation  Installing and Removing Active Directory  Verifying Active Directory Installation  Troubleshooting Active Directory Installation and Removal

2 Preparing for Active Directory Installation  Active Directory Installation Prerequisites: – The Domain Structure – The Domain Name – The storage location of the database and log files – The location of the shared system volume folder – The DNS configuration method – The DNS configuration

3 Determining the Domain Structure  You must assess your: – Company’s physical environment – Determine the forest root domain – Determine the number of domains – Organize domains in a hierarchy

4 Assessing the Physical Environment  The physical environment of your organization’s network includes: – The current location of points on the network – The current number of users at each location – The current network type used at each location – The current location, link speed, and percentage of available bandwidth of remote network links – The current TCP/IP subnets at each location – The current location of domain controllers – The current list of servers at each location and the services that run on each – The current location of firewalls in the network

5 Physical Environment Example

6 Physical Environment  In addition to your assessment of the organization’s physical environment, you should also consider other infrastructures currently employed – DNS – Exchange Server  Integrating DNS Structures – Issues when using BIND

7 Determining the Forest Root Domain  Is the first domain you create in an Active Directory Forest  Must be centrally managed by an IT organization that is responsible for making domain hierarchy, naming and policy decisions  Start with a dedicated forest root domain – Set up exclusively to administer the forest infrastructure

8 Determining the Forest Root Domain  Dedicated root domain is recommended: – Enables you to control the number of administrators – Easily replicate the forest root across the enterprise – Never becomes obsolete – Easily transfer the ownership

9 Determining the Number of Domains  You should begin planning your domain structure with a single child domain under the root, and add more domains only when the single child domain model no longer meets your needs  You should not create separate domains to reflect your company’s organization of divisions and departments – Use Organizational Units is recommended here  Remember that a single Windows Server 2003 domain can contain/maintain up to a million objects (Tested) – Had restrictions in NT 4.0

10 Reasons to Create More Than One Domain  Decentralized network administration  Replication control  Different password requirements between organizations  Massive number of objects  Different Internet domain names  International requirements  Internal political requirements

11 Defining a Domain Hierarchy  If you require more than one domain, you must organize the domains into a hierarchy that fits the needs of your organization  As domains are placed in a hierarchy, the two- way transitive trust relationship (default) allows the domains to share resources  Recap the differences between the logical domain Tree and Forest components.

12 Planning a Domain Namespace  Domains are named using DNS name resolution techniques. Plan the DNS namespace before using DNS on the network.  Decisions must be made about how DNS is to be used and what goals will be accomplished using DNS. – Has a DNS domain name been previously chosen and registered for the Internet? – Will the company’s internal Active Directory namespace be the same or different from its external Internet namespace? – What naming requirements and guidelines must be followed when choosing DNS domain names?

13 Choosing a DNS Domain Name  First choose and register a unique parent DNS name that can be used for hosting the organization on the Internet.  Before deciding on a parent DNS name for the organization, perform a search to see if the name is already registered to another entity.  The Internet DNS namespace is currently managed by Network Solutions Inc., though other domain name registrars are also available.  Combine the parent DNS name with a location or organizational name used within your organization to form other sub-domain names.

14 Determining the Domain Name  Use only the Internet standard characters. The character set names may be up to 40 characters taken from the printable characters of US-ASCII. However, no distinction is made between use of upper and lower case letters.  Differentiate between internal and external name spaces, if any.  Base the internal DNS name on the Internet DNS name

15 Determining the Domain Name  Never use the same domain name twice  Use only registered domain names  Use names that will remain static  Use short, distinct, meaningful names

16 Database and Shared System Volume  Installing Active Directory creates the database and database log files, as well as the shared system volume.  Replication of the shared system volume occurs on the same schedule as replication of the Active Directory.  File replication to or from the newly created system volume may not be noticed until two replication periods have elapsed, typically 10 minutes in duration.  The first file replication period updates the configuration of other system volumes so that they are aware of the newly created system volume.

17 Database and Database Log Files  The database is the directory for the new domain.  Default location is %systemroot%\NTDS.  If able place the database and its log file on separate hard disks.  Database name is NTDS.DIT – Contains the schema, global catalog and objects stored on a domain controller

18 Shared System Volume  A folder structure that exists on all Windows 2003 domain controllers.  Stores scripts and some of the group policy objects for both the current domain and the enterprise.  Default location is %systemroot%\SYSVOL.  Must be located on a partition or volume formatted with NTFS 5.0.  Replication occurs on the same schedule as Active Directory

19 Determining the DNS Configuration Method  You can configure you Windows Server 2003 DNS server manually or you can allow it to be configured automatically during the installation of Active Directory  You must have a DNS Server installed if you are using Active Directory as DNS is the locator service for Active Directory.  Does not need to be a Windows Server 2003 DNS server – Can be a BIND Server

20 Determining the DNS Configuration  If you manually install DNS, you must make sure that the configuration meets the DNS requirements for joining an Active Directory Domain  Computers joining an Active Directory domain must satisfy the following DNS requirements: – Must be configured with a static IP address and the IP address of the DNS server – Service Records must exist on the DNS server  How to configure a static IP address and DNS server IP address on the computer

21 Configuring the Required DNS Resource Records  The following Service Location Records must exist on the DNS server: – _ldap._tcp.dc_msdcs.DNSDomainName This record identifies the names of the domain controllers that serve the Active Directory domains – A corresponding (A) resource record that identifies the IP address for the domain controllers listed in the SRV record  To verify the appropriate records exist: – Nslookup – Need a reverse lookup zone to use Nslookup utility

22 Installing and Removing Active Directory  There are four ways to install Active Directory: – DCPromo.exe – Using an answer file to perform an unattended installation – Using the network or backup media (to install Active Directory on additional domain controllers in the network using media) – Using the Configure Your Server Wizard

23 Installing Active Directory using DCPromo.exe  Wizard Can Perform the Following Tasks: – Add a domain controller to an existing domain – Create the first domain controller of a new domain – Create a new child domain – Create a new domain tree – Install a DNS server – Create the database and database log files – Create the shared system volume – Remove Active Directory services from a domain controller

24 Installing Active Directory using an Answer File  You can create an answer file to run the Active Directory Installation Wizard without having to respond to the screen prompts  Dcpromo /answer:(answerfile)

25 Installing Active Directory Using the Network or Backup Media  In Windows 2000, promoting a member server to become an additional domain controller required replicating the entire directory database  Servers running Windows Server 2003 can be promoted using a restored backup taken from a Windows Server 2003 domain controller  This backup can be stored on any backup media  Reduces the amount of replication required to copy the directory database – Saves on bandwidth  Enables you to configure a new DC quicker  Dcpromo /adv

26 Using the Configure Your Server Wizard

27 Removing Active Directory from a Domain Controller  Run Dcpromo  To remove AD, you must have the appropriate credentials: – Must have Enterprise admins, to remove the LAST DC in a tree-root or domain – To remove AD from a DC that is the last in the forest, you must log on to the domain as Administrator or as a member of the Domain Admins global group – To remove AD from a domain controller that is not the last DC in the domain, you must be logged on as a member of either the Domain Admins global group or the Enterprise Admins group

28 Verifying Active Directory Installation  You must verify that Active Directory has been correctly installed  You can do this by verifying the following: – Domain Configuration – DNS configuration – DNS Integration With Active Directory – Installation of the shared system volume – Operation of the Directory Services Restore Mode boot option

29 Troubleshooting Active Directory Installation and Removal  Troubleshooting Active Directory Installation – You cannot reach the server from which you are installing, perhaps because the DNS name is not registered yet – The name of the domain you are authenticating against is incorrect or not available yet – The user name and password you supplied are incorrect – The DNS server settings are not configured correctly – You are unable to remove data in Active Directory after an unsuccessful removal of Active Directory

30 Troubleshooting Active Directory Installation and Removal  Tools available to help diagnose and resolve problems – Directory Service Log – NetDiag.exe – Network connectivity tester – DcDiag.exe – Domain controller diagnostic tool – Dcpromoui.log, Dcpromos.log and Dcpromo.log files – Ntdsutil – Active Directory diagnostic tool

31 Troubleshooting Active Directory Installation and Removal  Troubleshooting with the Directory Service log in Event Viewer

32 Troubleshooting Active Directory Installation and Removal  Troubleshooting with netdiag.exe  Included with the support tools on the installation CD  Netdiag.exe diagnoses network problems by checking all aspects of a host computer’s network configuration and connection  Netdiag has the following syntax

33 Troubleshooting Active Directory Installation and Removal

34 Troubleshooting Active Directory Installation and Removal  Run Netdiag whenever a computer is having network problems  The utility tries to diagnose the problem and can even flag problem areas for closer inspection  Can fix simple DNS problems with the optional /fix switch  How to install the Windows Server 2003 support tools  To use Netdiag – Netdiag /debug

35 Troubleshooting Active Directory Installation and Removal  Troubleshooting with Dcdiag.exe – Is a command line diagnostic tool included in the support tools – Analyzes the stat of domain controllers in a forest or enterprise and reports any problems – Runs a series of tests to verify different functional areas of Active Directory – You can specify which domain controllers are tested – Read only tool that does not affect the state of the enterprise and performs an automatic analysis of the domain controller with little user intervention – Dcdiag tool verifies DNS names for the server are registered The server can be reached by IP address, LDAP and RPC

36 Troubleshooting Active Directory Installation and Removal  Dcdiag.exe syntax

37 Troubleshooting Active Directory Installation and Removal

38 Troubleshooting Active Directory Installation and Removal  Example of Dcdiag.exe – Dcdiag /s:domain_controller_name /test:connectivity

39 Troubleshooting Active Directory Installation and Removal  Troubleshooting with the Dcpromo Log files  Following logs are created when you install Active Directory – Dcpromoui.log – Dcpromos.log – Dcpromo.log

40 Troubleshooting Active Directory Installation and Removal  Dcpromoui.log – Contains detailed progress report of the Active Directory installation from a graphical interface perspective – Following information about the installation or removal is logged The name of the source domain controller for replication The directory partitions that were replicated to the target server The number of items that were replicated in each directory partition The services configured on the target domain controller The access control entries set on the registry and files The sysvol directories Applicable error messages Applicable selections that were entered by the Administrator during the installation

41 Troubleshooting Active Directory Installation and Removal  Dcpromos.log – Similar to the Dcpromoui.log file – Is created by the user interface during the graphical user interface mode setup when a 3.x or 4.0 domain controller is promoted to a Windows 2003 domain controller

42 Troubleshooting Active Directory Installation and Removal  Dcpromo.log – Records settings used for promotion or demotion, such as the site name, the path for Active Directory Database and log files, time synchronization and information about the computer account – Captures the creation of the Active Directory database, Sysvol trees and the installation, modification and removal of services – Log is located in %systemroot%\debug

43 Troubleshooting Active Directory Installation and Removal  Troubleshooting with Ntdsutil.exe – Command line tool that provides management facilities for Active Directory – By default is installed in the %systemroot%\system32 directory

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.