Download presentation
Presentation is loading. Please wait.
1
Installing a Domain Controller
20410B Week 2 - Objectives 2: Introduction to Active Directory Domain Services Installing a Domain Controller
2
20410B Overview of AD DS 2: Introduction to Active Directory Domain Services AD DS is composed of both physical and logical components Physical components Logical components Data store Domain controllers Global catalog server RODC Partitions Schema Domains Domain trees Forests Sites OUs
3
What Are AD DS Domains? AD DS requires one or more domain controllers
20410B What Are AD DS Domains? 2: Introduction to Active Directory Domain Services AD DS requires one or more domain controllers All domain controllers hold a copy of the domain database which is continually synchronized The domain is the context within which user, group, and computer accounts are created The domain is a replication boundary An administrative center for configuring and managing objects Any domain controller can authenticate any logon in the domain
4
What Are OUs? Organizational Units
20410B What Are OUs? 2: Introduction to Active Directory Domain Services Organizational Units Containers that can be used to group objects within a domain Create OUs to: Delegate administrative permissions Apply Group Policy
5
What Is an AD DS Forest? Forest Root Domain Tree Root Domain
20410B What Is an AD DS Forest? 2: Introduction to Active Directory Domain Services Forest Root Domain Tree Root Domain adatum.com fabrikam.com atl.adatum.com
6
20410B What Is the AD DS Schema? 2: Introduction to Active Directory Domain Services The Active Directory schema acts as a blueprint for AD DS by defining the attributes and object classes such as: In a similar way, the schema defines the objects that reside in the AD DS database, and defines the mandatory and optional attributes, and the syntax and the relationships between them. Notice that the attributes are defined first, and then the objects are defined based on the underlying attributes. Thus, an attribute that is optional for one object might be mandatory for another. Attributes Classes objectSID User sAMAccountName Group location Computer manager Site department Burger Cheeseburger Attributes Meat Mandatory Bun Cheese Onions Optional Pickle Lettuce Bacon Ketchup
7
What Is a Domain Controller?
20410B What Is a Domain Controller? 2: Introduction to Active Directory Domain Services Domain Controllers Servers that host the Active Directory database (NTDS.DIT) and SYSVOL Kerberos authentication service and KDC services perform authentication Best practices: Availability: At least two domain controllers in a domain Security: RODC and BitLocker
8
What Is the Global Catalog?
2: Introduction to Active Directory Domain Services Domain B Domain A Configuration Schema Global catalog: Hosts a partial attribute set for other domains in the forest Supports queries for objects throughout the forest Global catalog server
9
The AD DS Logon Process The AD DS logon process:
20410B The AD DS Logon Process 2: Introduction to Active Directory Domain Services The AD DS logon process: User Account is authenticated to DC1 DC1 returns TGT back to client Client uses TGT to apply for access to WKS1 DC1 grants access to WKS1 Client uses TGT to apply for access to SVR1 DC1 returns access to SVR1 DC1 SVR1 WKS1
10
What Are Operations Masters?
20410B What Are Operations Masters? 2: Introduction to Active Directory Domain Services In any multimaster replication topology, some operations must be single master Many terms are used for single master operations in AD DS, including the following: Operations master (or operations master roles) Single master roles FSMOs Roles Forest: Domain naming master Schema master Domain: RID master Infrastructure master PDC Emulator master
11
Installing a Domain Controller from Server Manager
20410B Installing a Domain Controller from Server Manager 2: Introduction to Active Directory Domain Services
12
20410B Installing a Domain Controller on a Server Core Installation of Windows Server 2012 2: Introduction to Active Directory Domain Services Use the dcpromo /unattend:”D:\answerfile.txt” command to perform the unattended installation. The following is an example of text from the answer file: [DCINSTALL] UserName=<The administrative account in the domain of the new domain controller> UserDomain=<The name of the domain of the new domain controller> Password=<The password for the UserName account> SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in. ReplicaOrNewDomain=replica ReplicaDomainDNSName=<The fully qualified domain name (FQDN) of the domain in which you want to add an additional domain controller> DatabasePath="<The path of a folder on a local volume>" LogPath="<The path of a folder on a local volume>" SYSVOLPath="<The path of a folder on a local volume>" InstallDNS=yes ConfirmGC=yes SafeModeAdminPassword=<The password for an offline administrator account> RebootOnCompletion=yes
13
Upgrading a Domain Controller
20410B Upgrading a Domain Controller 2: Introduction to Active Directory Domain Services Options to upgrade AD DS to Windows Server 2012: In place upgrade (from Windows Server 2008 or Windows Server 2008 R2) Benefit: Except for the prerequisite checks, all the files and programs stay in-place and there is no additional work required Watch for: May leave legacy files and DLLs Introduce a new Windows Server 2012 server into the domain and promote it to be a domain controller This option is the usually the preferred choice Benefit: Result is a new server with no accumulated files and settings Watch for: May need additional work to migrate users’ file settings
14
Installing a Domain Controller by Using Install from Media
2: Introduction to Active Directory Domain Services
Similar presentations
