Ben’s Blog

Helping Ben’s students keep up with Ben since 2005.

«
»

Implementing Active Directory – 9/28/2009

Posted by Ben on Monday, September 28, 2009

Since this class is all about Active Directory, I can’t think of a better way to start than by talking about what exactly AD is.

So, what is it?  Active Directory is the directory service system that modern Windows networks use.  Most networks you’ll find are at least moderately complex, and AD serves as a way to navigate and organize them.  AD provides us a way to manage resources such as users, computers, applications and network devices (think printers) in a relatively easy way (at least compared to the way we used to have to do it!).

We quickly reviewed some concepts you’ll need to wrap your mind around as we go forward in this class.  Namely, the schema, domains, forests, sites, organizational units, functional levels and trusts.

Speaking of functional levels and trusts, since those are new concepts to us, why not cover them now?

Functional levels serve as the limits of what features your implementation of AD can cover.  The higher the functional level, the higher the amount of functionality you’ll have.  Why not have the most functionality you can?  Well, the reason comes from compatibility.  So, I can’t have Universal Groups if I still have some ancient NT4 domain controllers hanging around, and if I want to set up trusts between two forests, I’ll need all of my domain controllers running Server 2003.  You get the point.

Trusts have to do with the authentication arm of AD.  If you’re a user that needs to log into and access resources located on various domains, imagine the royal pain in the butt it would be to maintain separate logins for each of those domains.  Trusts allow domains to trust the previous authentications of other domains.  Obviously, by default, no trusts are configured when you first install Windows, but you can configure trusts to be shortcut trusts, external trusts, realm trusts or cross-forest trusts.  We discuss these more in depth later.

We went ahead and tackled chapter two, which dealt with actually installing this beast we call AD.  Before even starting, make sure you have the following: a version of Server 2000 or greater (and not Web Edition), at least 200 MB of free space on an NTFS partition, a network infrastructure running TCP/IP, DNS, or the ability to host it, and local access to the server you’d like to install it on.  Setting up AD is as simple as issuing a command and answering some questions in a wizard, but you can also configure an answer file if you see yourself setting up multiple identical servers.  The command for setting up AD is dcpromo, and if I wanted to point to an answer file to move that annoying wizard out of the way, I might issue a command that looks like this: dcpromo /answer:a:\dc.txt.  Then scoot back and walk away.

Most domains have more than one domain controller.  The controllers are, by definition, identical, so why have more than one?  Fault tolerance, my friend.  When setting up the second or third or whatever domain controller, we can make things easier on ourselves by setting these servers up as Replica servers.  What this means is that the dcpromo utility finds an existing controller for the domain and simply clones it.

Homework:

This entry was posted on Monday, September 28, 2009 at 4:05 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»