1 / 16

Active Directory

Active Directory. Installation. Naming. Computer has Full computer name, generally same as DNS name, consisting of Computer name Primary DNS suffix NetBIOS name Domain has DNS name NetBIOS name. Changing Names. Can change Computer name of a workstation or member server

more
Download Presentation

Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Installation

  2. Naming • Computer has • Full computer name, generally same as DNS name, consisting of • Computer name • Primary DNS suffix • NetBIOS name • Domain has • DNS name • NetBIOS name

  3. Changing Names • Can change • Computer name of a workstation or member server • Primary DNS suffix of a workstation or member server • Cannot change • Domain name • Applies to both DNS and NetBIOS names • Computer name of a domain controller • Applies to both DNS and NetBIOS names • Must ensure that server names are correct before promoting to DC

  4. Full Computer Name • Set in System Properties/Network Identification • Made by concatenating • Computer Name • Generally same as hostname (part of DNS name up to first ‘.’) • Primary DNS suffix • NetBIOS name is always first 15 characters of computer name • Cannot be changed • Must still be unique if using central WINS servers • Recommended unique for DCs even if not using central WINS servers

  5. Naming Conventions • Computer name • Unitcode+name of choice • E.g. oucs-fred, chem-w2kserver1 • Recommended to keep 15 characters or less • Primary DNS suffix • DNS domain name (e.g. oucs.ox.ac.uk, chem.ox.ac.uk) • http://www.oucs.ox.ac.uk/network/wins/ for full details

  6. Prerequisites for Active Directory Installation • 2000 Server, correctly named • NTFS Partition • Minimum of 200MB for AD database • Minimum of 50MB for log files • TCP/IP Protocol configured to use DNS • If at all possible, have at least two DCs for resilience

  7. Information Required for Active Directory Installation • Domain name for new AD domain • DNS name (must be same as unit name) • NetBIOS name • NB although untested, it is possible for a domain controller to have a different primary DNS suffix from the AD domain name • Need to turn off “Change primary DNS suffix when domain membership changes” option in System Properties before promoting to DC • Location for AD database and log files • Password for Directory Services Restore Mode Administrator account

  8. Installing Active Directory on the First Domain Controller • Run dcpromo to start the AD installation wizard • Don’t use the initial screen to configure the server — less flexible • Make it a DC for a new domain, create a new domain tree and new forest of domain trees • AD domain name must be same as unit DNS name for correct DNS integration • NetBIOS name of domain same as first part of DNS name by default • May need to change, especially if already using this name for existing NT domain

  9. Installing AD on the First Domain Controller cont. • For best performance, put database files and log files on different hard disks • Sysvol must be on NTFS partition • Only choose “Permissions compatible with pre-2000 computers” if you have NT servers in domain • Don’t forget the Directory Services Restore Mode administrator password — it is not the same as the AD Administrator account

  10. Installing Active Directory on Subsequent Domain Controllers • Run dcpromo • Select option to set up Additional DC for existing domain • Put main AD administrator account details into Network credentials page • Give DNS name of domain • For other information, as per the first DC

  11. Post-installation Tasks • Install and Configure DNS if necessary • For second and subsequent DCs, the first DC must already have DNS configured • Check SRV records correctly registered in DNS (more information later) • If no NT DCs, switch to native mode • AD Users and Computers/Properties of domain/General tab/Change Mode • Cannot be reversed

  12. Post-installation Tasks cont. • Check creation of default containers • Active Directory Users and Computers • Computers, Users, ForeignSecurityPrincipals, Domain Controllers • Verify SYSVOL creation • Run %systemroot%\sysvol (change if you put it somewhere else) • Check existence of following directories • domain, staging, staging areas, sysvol • Verify shares • Command Prompt — “net share” command • Look for NETLOGON and SYSVOL shares

  13. Post-installation Tasks cont. • Verify AD database and log file existence • Run %systemroot%\ntds (change if you put them elsewhere) • Check for ntds.dit (database), edb.* (transaction logs and checkpoint file), res*.log (reserved transaction logs) • Check for replication partner entries in AD Sites and Services under NTDS Settings for each server • Check event logs for errors

  14. Removing Active Directory from a Domain Controller • First, good idea to ensure replication is up to date; may want to move Operations Master roles manually; may need to change time synchronization if PDC emulator changes • Run dcpromo • Note that unlike NT, 2000 servers can be promoted to DCs and demoted to member servers as desired • Note also that demoting the last domain controller in a domain will delete all information contained in AD • Users, groups, etc.

  15. References • Best practice methods for Windows 2000 Domain Controller setup • http://support.microsoft.com/support/kb/articles/Q216/8/99.ASP • Promoting and demoting domain controllers • http://support.microsoft.com/support/kb/articles/Q238/3/69.ASP

  16. References • How to Verify an Active Directory Installation • http://support.microsoft.com/support/kb/articles/Q298/1/43.ASP

More Related