Download
active directory n.
Skip this Video
Loading SlideShow in 5 Seconds..
Active Directory PowerPoint Presentation
Download Presentation
Active Directory

Active Directory

178 Vues Download Presentation
Télécharger la présentation

Active Directory

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Active Directory Installation

  2. Naming • Computer has • Full computer name, generally same as DNS name, consisting of • Computer name • Primary DNS suffix • NetBIOS name • Domain has • DNS name • NetBIOS name

  3. Changing Names • Can change • Computer name of a workstation or member server • Primary DNS suffix of a workstation or member server • Cannot change • Domain name • Applies to both DNS and NetBIOS names • Computer name of a domain controller • Applies to both DNS and NetBIOS names • Must ensure that server names are correct before promoting to DC

  4. Full Computer Name • Set in System Properties/Network Identification • Made by concatenating • Computer Name • Generally same as hostname (part of DNS name up to first ‘.’) • Primary DNS suffix • NetBIOS name is always first 15 characters of computer name • Cannot be changed • Must still be unique if using central WINS servers • Recommended unique for DCs even if not using central WINS servers

  5. Naming Conventions • Computer name • Unitcode+name of choice • E.g. oucs-fred, chem-w2kserver1 • Recommended to keep 15 characters or less • Primary DNS suffix • DNS domain name (e.g. oucs.ox.ac.uk, chem.ox.ac.uk) • http://www.oucs.ox.ac.uk/network/wins/ for full details

  6. Prerequisites for Active Directory Installation • 2000 Server, correctly named • NTFS Partition • Minimum of 200MB for AD database • Minimum of 50MB for log files • TCP/IP Protocol configured to use DNS • If at all possible, have at least two DCs for resilience

  7. Information Required for Active Directory Installation • Domain name for new AD domain • DNS name (must be same as unit name) • NetBIOS name • NB although untested, it is possible for a domain controller to have a different primary DNS suffix from the AD domain name • Need to turn off “Change primary DNS suffix when domain membership changes” option in System Properties before promoting to DC • Location for AD database and log files • Password for Directory Services Restore Mode Administrator account

  8. Installing Active Directory on the First Domain Controller • Run dcpromo to start the AD installation wizard • Don’t use the initial screen to configure the server — less flexible • Make it a DC for a new domain, create a new domain tree and new forest of domain trees • AD domain name must be same as unit DNS name for correct DNS integration • NetBIOS name of domain same as first part of DNS name by default • May need to change, especially if already using this name for existing NT domain

  9. Installing AD on the First Domain Controller cont. • For best performance, put database files and log files on different hard disks • Sysvol must be on NTFS partition • Only choose “Permissions compatible with pre-2000 computers” if you have NT servers in domain • Don’t forget the Directory Services Restore Mode administrator password — it is not the same as the AD Administrator account

  10. Installing Active Directory on Subsequent Domain Controllers • Run dcpromo • Select option to set up Additional DC for existing domain • Put main AD administrator account details into Network credentials page • Give DNS name of domain • For other information, as per the first DC

  11. Post-installation Tasks • Install and Configure DNS if necessary • For second and subsequent DCs, the first DC must already have DNS configured • Check SRV records correctly registered in DNS (more information later) • If no NT DCs, switch to native mode • AD Users and Computers/Properties of domain/General tab/Change Mode • Cannot be reversed

  12. Post-installation Tasks cont. • Check creation of default containers • Active Directory Users and Computers • Computers, Users, ForeignSecurityPrincipals, Domain Controllers • Verify SYSVOL creation • Run %systemroot%\sysvol (change if you put it somewhere else) • Check existence of following directories • domain, staging, staging areas, sysvol • Verify shares • Command Prompt — “net share” command • Look for NETLOGON and SYSVOL shares

  13. Post-installation Tasks cont. • Verify AD database and log file existence • Run %systemroot%\ntds (change if you put them elsewhere) • Check for ntds.dit (database), edb.* (transaction logs and checkpoint file), res*.log (reserved transaction logs) • Check for replication partner entries in AD Sites and Services under NTDS Settings for each server • Check event logs for errors

  14. Removing Active Directory from a Domain Controller • First, good idea to ensure replication is up to date; may want to move Operations Master roles manually; may need to change time synchronization if PDC emulator changes • Run dcpromo • Note that unlike NT, 2000 servers can be promoted to DCs and demoted to member servers as desired • Note also that demoting the last domain controller in a domain will delete all information contained in AD • Users, groups, etc.

  15. References • Best practice methods for Windows 2000 Domain Controller setup • http://support.microsoft.com/support/kb/articles/Q216/8/99.ASP • Promoting and demoting domain controllers • http://support.microsoft.com/support/kb/articles/Q238/3/69.ASP

  16. References • How to Verify an Active Directory Installation • http://support.microsoft.com/support/kb/articles/Q298/1/43.ASP