Active Directory Features for Windows Server Working of these features in Windows 8 Administration Pocket Consultant (Microsoft Press,. ) . Active Directory Administrator's Pocket Consultant by William R. Stanek, , available at Book Depository with free delivery. Server Administrator's Pocket Consultant, Second Edition (Microsoft Press, Administrators can reset forgotten passwords using the Active Directory.
|Language:||English, Spanish, Dutch|
|ePub File Size:||26.50 MB|
|PDF File Size:||18.63 MB|
|Distribution:||Free* [*Regsitration Required]|
Command Line Pocket subiecte.info Windows Group Policy Pocket subiecte.info Install Guide Windows Server Active Directory Domain Controller v Active Directory Administrator's Pocket Consultant is designed to be used in the daily administration of Active Directory, and as such, the book is organized by. Using restartable Active Directory Domain Services. 16 .. dev lab for all my books since Windows 8 Pocket Consultant but also for perform- ing check reads of.
Microsoft More information. Goodreads helps you keep track of books you want to read. If you are installing from media, you can refer to the location where you stored the installation media by using the following command. Tim rated it really liked it Aug 01, Log on to a domain controller. If you want to configure the domain controller as a DNS server, add the following command. The Domain Controllers OU should have an account for the domain controller you installed.
Return to Book Page. Portable and precise, this pocket-sized guide delivers immediate answers for the day-to-day administration of Active Directory in Windows Server Zero in on core support and maintenance tasks using quick-reference tables, instructions, and lists.
Get Portable and precise, this pocket-sized guide delivers immediate answers for the day-to-day administration of Active Directory in Windows Server Get fast facts to: Install forests, domain trees, and child domains Add and remove writable domain controllers and deploy read-only controllers Configure, maintain, and troubleshoot global catalog servers Maintain directory and data integrity using operations masters Evaluate sites, subnets, and replication before expanding a network Establish a trust relationship between domains and between forests Maintain and recover Active Directory Domain Services Employ essential command-line utilities Get A Copy.
Paperback , pages. Published January 14th by Microsoft Press first published January 1st More Details Original Title. Other Editions 6. Friend Reviews. To see what your friends thought of this book, please sign up. Lists with This Book. This book is not yet featured on Listopia.
Community Reviews. Showing Rating details. Sort order. Bobby Mitchell rated it it was amazing Sep 18, Kidd rated it really liked it Sep 21, Frank rated it it was amazing Jul 11, Kidd rated it it was amazing Dec 14, Victoria L Shaw rated it it was amazing Jul 26, James rated it really liked it May 17, Tim rated it really liked it Aug 01, Gene Lacy rated it it was amazing Sep 23, Garrett Rodriguez rated it really liked it Jul 03, Sean Rinn rated it liked it Mar 21, Joseph Ng rated it it was amazing Jun 01, Lai Duc rated it it was amazing Aug 13, Good reference.
Jay rated it liked it Dec 21, Sushant Mishra rated it liked it Aug 05, Patrick rated it it was amazing Jan 30, Lars Panzerbjrn rated it it was amazing Jan 07, Jonathan Hashimoto rated it liked it Apr 28, Mr T Evans rated it liked it Dec 25, Laurie Kepford rated it it was amazing Nov 21, Chris Rose rated it liked it Jul 15, Donald Thompson rated it really liked it Oct 30, David Kraus rated it really liked it Feb 13, William rated it really liked it Apr 12, Jeremy added it May 23, Mark Didgeman added it Aug 27, The type of material you might find includes updates to book content, articles, links to companion content, errata, sample chapters, and more.
This Web site is available at and is updated periodically. Support Every effort has been made to ensure the accuracy of this book. Microsoft Press provides corrections for books through the World Wide Web at the following address: Introduction xvii.
Postal mail: Microsoft Press Attn: For support information, visit Microsoft s Web site at xviii Introduction. After setting up the initial domain controller in a domain, you deploy additional domain controllers to increase fault tolerance and improve operational efficiency.
The decommissioned domain controller can then be taken out of service, or it can act as a server. Preparing to Deploy or Decommission Domain Controllers Before deploying or decommissioning domain controllers, you should create a plan that lists any prerequisites, necessary postmodification changes, and overall impact on your network.
Domain controllers host the Active Directory database and handle related operations. Active Directory uses a multimaster replication model that creates a distributed environment where no single domain controller is authoritative with regard to logon and authentication requests. This model allows any domain controller to be used for logon and authentication. It also allows you to make changes to standard directory information without regard to which domain controller you use.
As discussed in Chapter 5, Managing Operations Masters, operations masters perform tasks that can be performed only by a single authoritative domain controller. Global catalog servers store partial replicas of data from all domains in a forest to facilitate directory searches for resources in other domains and to determine membership in universal groups. When you establish the first domain controller in a forest, the domain controller hosts the forestwide and domainwide operations master roles and also acts as the global catalog server for the domain.
When you establish the first domain controller in a domain, the domain controller hosts the domainwide operations master roles and also acts as the global catalog server for the domain.
Every domain in the enterprise should have at least two domain controllers. If a domain has only one domain controller, you could lose the entire domain and all related accounts if disaster strikes. Although you may be able to recover the domain from a backup, you will have significant problems until the restore is completed.
For example, users may not be able to log on to the domain or obtain authenticated access to domain resources. Every site should have at least one domain controller. If a domain controller is not available in a site, computers in the site will perform logon and authentication activities with domain controllers in another site, which could significantly affect response times.
Every site should have a global catalog server. If a global catalog server is not available in a site, computers in the site will query a global catalog server in another site when searching for resources in other domains in the forest.
Global catalog servers are also used during logon and authentication because they store universal group membership information for all domains in the forest. If a global catalog server isn t available in the site and the universal group membership has not been previously cached, the domain controller responding to a user s logon or authentication request will need to obtain the required information from a global catalog server in another site.
Essentially, domain controllers are database servers with extensive directory, application, and replication features. Because of this, the hardware you choose for the domain controllers should be fairly robust. You ll want to look carefully at the server s processor, memory, and hard disk configuration. In many cases, you ll want to install domain controllers on hardware with multiple, fast processors. This will help ensure the domain controller can efficiently handle replication requests and topology generation.
When you install the second domain controller in a forest, the Knowledge Consistency Checker KCC begins running on every domain controller.
Not only does the KCC generate replication topology, it also dynamically handles changes and failures within the topology. By default, the KCC recalculates the replication topology every 15 minutes. As the complexity of the replication topology increases, so does processing power required for this calculation.
You ll need to monitor processor usage and upgrade as necessary. In addition to running standard processes, domain controllers must run processes related to storage engine operations, knowledge consistency checking, replication, and garbage collection.
You ll need to monitor memory usage and upgrade as necessary. With regard to hard disks, you ll want to closely examine fault tolerance and storage capacity needs. Domain controllers should use fault-tolerant drives to protect against hardware failure of the system volume and any other volumes used by Active Directory.
Storage capacity needs depend on the number of objects related to users, computers, groups, and resources that are stored in the Active Directory database.
Each storage volume should have ample free disk space at all times to ensure proper operational efficiency. When you add a domain controller to an existing domain, you should consider whether you want to perform an installation from media rather than creating the domain controller from scratch.
With either technique, you will need to log on to the local machine using either the local Administrator account or an account that has administrator privileges on the local machine. Then start the installation. You also will be required to provide the credentials for an account that is a member of the Domain Admins group in the domain of which the domain controller will be a part. Because you will be given the opportunity to join the domain controller to the domain if necessary, it is not necessary for the server to be a member of the domain.
Install the Active Directory binaries by entering the following command at an elevated command prompt: Before starting an Active Directory installation, you should examine local accounts to determine whether you need to take special steps to preserve any local accounts.
You should also check for encrypted files and folders using the EFSInfo utility. Encrypted where DriveDesignator is the drive designator of the volume to search, such as C:. Making a server a domain controller deletes all local accounts and all certificates and cryptographic keys from the server.
Any encrypted data on the server, including data stored using the Encrypting File System EFS , must be decrypted before Active Directory is installed, or it will be permanently inaccessible. By default, the wizard uses Basic Installation mode. If you want to install from media as discussed in Adding Writable Domain Controllers Using Installation Media, later in this chapter, or choose the source domain controller for replication, select the Use Advanced Installation Mode check box before clicking Next to continue.
If the Operating System Compatibility page is displayed, review the warning about the default security settings for Windows Server domain controllers and then click Next.
By choosing this option, you specify that you are adding a domain controller to an existing domain in the Active Directory forest. When you click Next, you see the Network Credentials page, shown in Figure In the field provided, type the full DNS name of any domain in the forest where you plan to install the domain controller. Preferably, this should be the name of the forest root domain, such as cpandl.
If you are logged on to a domain in this forest and have the appropriate permissions, you can use your current logged-on credentials to perform the installation. Otherwise, select Alternate Credentials, click Set, type the user name and password for an enterprise administrator account in the previously specified domain, and then click OK. When you click Next, the wizard validates the domain name you provided and then lists all domains in the related forest.
On the Select A Domain page, shown in Figure , select the domain to which the domain controller will be added and then click Next.
When you click Next, the wizard determines the available Active Directory sites. On the Select A Site page, you ll see a list of available sites. If you want to place the new domain controller in a different site or there isn t an available subnet for the current IP address, select the site in which you want to locate the domain controller.
When you click Next, the wizard examines the DNS configuration and attempts to determine whether any authoritative DNS servers are available. As permitted, select additional installation options for the domain controller and then click Next. If you choose to let the wizard install the DNS Server service, note the following: A primary DNS zone will be created as an Active Directory integrated zone with the same name as the new domain you are setting up.
During installation of the operating system, Windows Setup installs and configures IPv4 and IPv6 if networking components were detected. Click Yes to ignore the warning and continue. If you configure a static IPv4 address but do not configure a static IPv6 address, you ll also see the warning.
To ignore the warning and continue with the installation, click Yes. Click Start, type ncpa. If you decide not to configure a static IPv6 address, you may need to make changes to DNS records later if your organization starts using IPv6 addresses.
The wizard next attempts to register a delegation for the DNS server with an authoritative parent zone. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to the DNS server and then click Yes to continue.
Otherwise, you can ignore this warning and click Yes to continue. If you choose to not let the wizard install the DNS Server service, the wizard next attempts to register a delegation for the DNS server with an authoritative parent zone. If the wizard cannot create a delegation for the DNS server, it displays a warning message to indicate that you must create the delegation manually.
You can provide the location of installation media to be used to create the domain controller and configure AD DS, or you can have all of the replication done over the network. Even if you install from media, some data will be replicated over the network from a source domain controller.
Then click Next. If you choose to install from media, only changes since the media was created will be replicated from this source domain controller.
If you choose not to install from media, all data will be replicated from this source domain controller.
You ll get better performance if the database folder and log folder are on two separate volumes, each on a separate disk.
Although you can change the storage locations later, the process is lengthy and complex. NOTE Your organization should have a specific plan in place for sizing the server hardware and designating Active Directory storage locations. You ll want to ensure the server you use is powerful enough to handle authentication, replication, and other directory duties. The server s hard disk configuration should be optimized for storage of Active Directory data.
Each storage volume should have at least 20 percent free storage space at all times. You may also want to use a redundant array of independent disks RAID to protect against disk failure. Click Next. On the Directory Services Restore Mode Administrator Password page, type and confirm the password that should be used when you want to start the computer in Directory Services Restore Mode.
Be sure to track this password carefully. This special password is used only in Restore mode and is different from the Administrator account password. The password complexity and length must comply with the domain security policy. On the Summary page, review the installation options. If desired, click Export Settings to save these settings to an answer file that you can use to perform unattended installation of other domain controllers.
When you click Next again, the wizard will use the options you ve selected to install and configure Active Directory. This process can take several minutes. When the wizard finishes configuring Active Directory, click Finish. You are then prompted to restart the computer. Click Restart Now to reboot. After installing Active Directory, you should verify the installation.
Start by examining the installation log, which is stored in the Dcpromo.
The log is very detailed and takes you through every step of the installation process, including the creation of directory partitions and the securing of the Registry for Active Directory. Because you created a new domain, DNS is updated to include a forward lookup zone for the domain.
You may also need to add a reverse lookup zone for the domain. Check for updates in Active Directory Users and Computers. The Domain Controllers OU should have an account for the domain controller you installed. In this way, you establish a domain controller using a media backup of another domain controller rather than using replication over the network.
Although not designed to be used to restore failed domain controllers, this technique does help you rapidly establish additional domain controllers by reducing the amount of network traffic generated, accelerating the process of installing an additional domain controller, and getting the directory partition data synchronized.
You can use a bit domain controller to generate installation media for a bit domain controller, and vice versa. When installing Active Directory using a media backup, you ll want to follow these guidelines: Use the most recent media backup to reduce the number of updates that must be replicated.
Use a backup of a domain controller running the same operating system in the same domain in which the new domain controller is being created. Copy the backup to a local drive on the server you are configuring. Don t use backup media that is older than the tombstone lifetime of the domain. The default value is 60 days. If you try to use backup media older than the tombstone lifetime, the Active Directory installation will fail.
Log on to a domain controller. On a writable domain controller, the account you use must be a member of the Administrators, Server Operators, Domain Admins, or Enterprise Admins group. On a read-only domain controller, a delegated user can create the installation media for another read-only domain controller. At the command prompt, type ntdsutil.
This starts the Directory Services Management tool. At the ntdsutil prompt, type activate instance ntds. This sets Active Directory as the directory service instance to work with. Type ifm to access the install from media prompt. Then type one of the following commands, where FolderPath is the full path to the folder in which to store the Active Directory backup media files: You can use the media to install a writable domain controller or a read-only domain controller.
You can use the media to install a read-only domain controller. The backup media does not contain security credentials, such as passwords. Ntdsutil creates snapshots of Active Directory partitions.
When it finishes creating the snapshots, Ntdsutil mounts the snapshots as necessary and then defragments the media backup of the Active Directory database. The progress of the defragmentation is shown by percent complete. Next, Ntdsutil copies registry data related to Active Directory.
When it finishes this process, Ntdsutil unmounts any snapshots it was working with. The backup process should complete successfully. If it doesn t, note and resolve any issues that prevented successful creation of the backup media, such as the target disk running out of space or insufficient permissions to copy to the folder path. Type quit at the ifm prompt and then type quit at the ntdsutil prompt.
Copy the backup media to a local drive on the server for which you are installing Active Directory. Follow all the same steps you would if you were adding a domain controller to the domain without media. After you select additional domain controller installation options and get past any DNS prompts, you see the Install From Media page. On this page, select Replicate From Media Stored At The Following Location, and then type the location of the backup media files or click Browse to find the backup media files.
You can now complete the rest of the installation as discussed in the section titled Adding Writable Domain Controllers Using Replication earlier in this chapter. Continue with the rest of the steps and perform the postinstallation checks as well. If the installation media was created recently, the amount of replication that is required should be considerably less than the amount of replication required otherwise.
You must be logged on as the Domain Admins group in the domain. With the unattended method of installation, you must first prepare an answer file that contains the desired configuration values. You can create the required answer file by completing the following steps: Open Notepad or any other text editor.
Type the following entries, one entry on each line. When you run Dcpromo to initiate the unattended installation, you will be prompted for the password. If you don t want to include the password, you can omit the password. If you want to configure the domain controller as a DNS server, add the following command. If you want to configure the domain controller as a global catalog server, add the following command. If you are installing from media, you can refer to the location where you stored the installation media by using the following command.
Save the answer file as a. The following is a complete example. After you create the answer file, you can start the unattended installation by entering the following at a command prompt: At the command line, you can add a domain controller to a domain using the following command. Yes If you are installing from media, you can refer to the location where you stored the installation media by using the following command.
FolderPathtoMedia When the unattended installation or command-line execution completes, Dcpromo exits with a return code. A return code of 1 to 10 indicates success. A return code of 11 to indicates failure. Note any related error text and take appropriate corrective action as necessary.
March Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide provides instructions for setting up a test environment to. October Author: Carolyn Eller Abstract This step-by-step guide. This guide also explains about how to install.
C H A P T E R 4 Planning Domain Controller Capacity Planning domain controller capacity helps you determine the appropriate number of domain controllers to place in each domain that is represented in a. Microsoft Jump Start M If you have set up a domain controller previously with Windows Server, or Windows Server , then you would be familiar with the dcpromo. Log in as the default administrator of the local computer with the username Administrator and cisisthebest!
About this Course Configuring and Troubleshooting Windows This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting Active Directory Domain. Active Directory About this Course This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting AD DS in and R2 environments.
It covers core. Course C: June 02, Language s: English Audience s: IT Professionals Level: Chapter 3: Course B: Windows Server. Contents Overview 1 Lesson: Creating a Forest and Domain Structure 2 Lesson: Creating Trust Relationships. Course Code: M Vendor: Microsoft Course Overview Duration: All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,.
Introduction to Active Directory June Updated: April Abstract. SAM 8. All rights reserved. Installing Active Directory Installing Active Directory Installing Active Directory is an easy and straightforward process as long as you planned adequately and made the necessary decisions beforehand.
Windows Server Active. The scope of this document covers the scenario. Windows Server Active Directory Configuration: Chapter 1 Chapter 2 Chapter Objectives 1.