1 ad1
TRANSCRIPT
-
8/10/2019 1 AD1
1/11
Active Directory Services
WORKGROUP AND DOMAIN
A computer network can be divided logically in to two networking
models:
Workgroup
Domain
Workgroup is a peer-to-peer network while domain is a server-based
network. The important differences between the two models are listed
below:
-
8/10/2019 1 AD1
2/11
DOMAIN1. It is a server-based networking model.
2. There is a centralized dedicated serve
computer called Domain Controller (DC) which
controls all other computers called Clients.
3. This model is recommended for large
networks.
4. There is centralized administration and eachPC can be administrated and managed from the
server.
5. In this model, high-grade OS like Win
2003/2008 server on the server end.
6.Domain can also given a name like xyz.com
abc.com etc.7. User accounts are created only in the serve
(DC) and are called DomainUsers.
WORKGROUP1. It is a peer-to-peer networking model.
2. There is no client and no server. All the
computers are equal in status.
3. This model is recommended for small
networks (up to 10 PCs).
4. There is no centralized administration and
each computer is administrated separately.5. In this model, low-grade OS like 2000/XP
professional and vista can be used.
6.Workgroup can be given a name like sales,
HR, accounts etc.
7. User accounts are created in each PC and
are called LocalUsers.
-
8/10/2019 1 AD1
3/11
What is Active Directory (AD)?
We can manage all user and security centralize with the help of ADS.
In simple terms, AD is a database containing list of user accounts, computer accounts,
shared folders, printers, groups and group policy objects present in the domain network. The
service running AD is called Active Directory Service (ADS).
Client PCs use the protocol LDAP (Lightweight Directory Access Protocol) to
access the ADS. Port Number use 389 in LDAP.
Use of DNS in Domain Network
DNS in the Microsoft Domain Network helps in the following ways:
1. DNS provides ADS service to the clients.
2. Clients locate DCs through DNS.
3. DNS provides Name Resolution Service in the network.4. Active Directory Domain Network is given the same name as the DNS
domain network
-
8/10/2019 1 AD1
4/11
HOW TO CONFIGURE A DOMAIN NETWORK?
There are main two steps in creating a domain network:
STEP 1First, create a Domain Controller (DC) by installing AD in a win 2003/2008
server computer.
STEP 2
Second, create a computer account for each client PC or make the client PC
member of the domain.
-
8/10/2019 1 AD1
5/11
Types of Active
Directory1. Domain.2. Domain Controller.
1. Domain.A domain is a group of computer connected logically in a network. The domain enable the
system administrator to simplify the process of managing the computer and user on the
network.
Types of Domain.1. Domain forest.A forest is created when you configure the win 2008 server computer as a domain controller.
A forest is a collections of multiple domain link together and relationship between the
domains. You can add domain tree and domain in a forest.
2. Domain Tree.A domain tree is made up when there is a parent child relationship between domain in a
forest. The child domain name must include the complete parent domain name.A tree is set of two or more domains sharing common namespace. For example, we can create a parent
domain and then a child domain. (mail.yahoo.com) mail child domain yahoo parent domain.
-
8/10/2019 1 AD1
6/11
Domain Forest and
Tree
Yahoo.com
mail.yahoo.com
abc.mail.yahoo.com
chd.yahoo.com
del.chd.yahoo.com
(parent domain)
(Child domain)
(Child domain)
(Child domain)
(Child domain)
Domain Forest
Domain Tree
(Parent Child Relationship)
-
8/10/2019 1 AD1
7/11
Types of Active
Directory2. Domain Controller.
1. PDCPrimary Domain Controller.
2. ADC - Additional Domain Controller.
3. CDC- Child Domain Controller.1. PDCThis is first domain controller in the domain all entrees are created in it like
user account, group policy OU etc.
2. ADCThis is true copy of the PDC. This domain controller is use for fault tolerance and loadbalance. All Active Directory database is replicated automatically with PDC.
3. CDCThis domain controller is sub domain of the PDC. This is use for load balancing
example mail.yahoo.com. Mail is child domain and yahoo parent domain.
Note:- Active Directory Services which make a computer to
Domain controller.
-
8/10/2019 1 AD1
8/11
Install Active DirectoryNote: Active Directory can not work without DNS. DNS automatically
install and configure during the Active Directory installation.
Requirements for installing AD:
1. Windows 2003/2008 server computer
2. At least one NTFS partition.
3. Static ip address.4. At least 1 GB free hard disk space.
5. NIC card enabled and connected to network.
Note: - Active Directory (AD) can not be installed in win 2008 server, web edition.
Dcpromo: Type in start>> Run>> dcpromo
This Command is use to install or remove Active Directory.
If you are not able to remove AD, then in the RUN, type:
Dcpromo /forceremovalClick O.K.
-
8/10/2019 1 AD1
9/11
Install Active Directory
PROCEDURE OF INSTALL ACTIVE DIRECTORY
1. Go to a 2008 server computer and in the TCP/IP properties, give an ip address andin the 'Preferred DNS server' box, type the same ip. But if DNS is already configured
in another PC, type the ip of that PC in the 'Preferred DNS server' box.
2. In the RUN, type
dcpromo
3. Click O.K.
4. Click next > next.5. Select DomainController of a new domain> next.
6. Select Domainin a new forest> next.
7. Type the full DNS name. Type yahoo.com > next.
8. NetBIOS name will remain as YAHOO. Just click next.
9. Give path for storing Active Directory database and log files or just click next.
10. Give the path to store the data of SYSVOL folder or just click next.
11. Select Install and configure.. if you haventcreated DNS. Active Directory
will install and configure DNS automatically.
12. Click next and then just next.
-
8/10/2019 1 AD1
10/11
Install Active DirectoryPROCEDURE OF INSTALL ACTIVE DIRECTORY CONTINUEE.
13.Give the Restore Mode password. This password is used to repair Active Directory.14. Click next.
15. Click next to start the installation of Active Directory.
16. Finally click on finish and restart the computer.
17. Now the computer is a powerful server called Domain Controller (DC).
The following three folders are created by Active Directory:
Database Folder
Log files Folder
SYSVOL Folder
Go to programs > administrative tools > you will get the following new tools:
Active Directory Users and Computers
Active Directory Domains and Trusts
Active Directory Sites and Services
Domain Controller Security PolicyDomain Security Policy.
You can create users in the Active Directory Users and Computers. These users
are called Domain Users and they logon to the domain from the client PC.
Client PC is should be member of the domain.
-
8/10/2019 1 AD1
11/11
THANK YOU