4/1/10 Notes

Active directory – a database that stores

Directory services – stores information about network resources

MS Active Directory Domain Services

LDAP – lightweight directory access protocol

x.509 industry standard

DC domain controller
AD active directory
DNS domain name service
OU organizational unit

Benefits of AD
group policies, don’t have to do to each computer, “push down”
security
grow-ability
ability to change
create consistency

1. Create a domain plan

2. Create an OU plan for each domain

3. Create a forest plan if necessary

4. Create a site plan for your network

Get to start menu

Active Directory Uers, not Explorer
folders are called containers

Don’t touch these two folders under instructor.local:

Default DC policy
domain policies

Install Active Directory onto server, changing their role from a stand-alone server to
an Active Directory Domain Controller. This will be our “central Management” server
which maintains a read/write copy of the Active Directory Database, NTDS.DIT.

1
4/1/10 Notes

All user accounts, computer accounts and other Active Directory related objects will
be created and managed through the Domain Controller.

You will notice when you finish that there will be objects already created in Active
Directory Users and Computers.

1. In the NetBIOS Domain Name window, accept the default domain NetBIOS name (it is set to
MYCOMPANY in our case) and click Next.
2. In the Database and Log Folders window, accept the default location (C:\WINDOWS\NTDS) for the
folders that will store the Active Directory database and log files; then click Next.

3. In the Shared System Volume window, accept the default location (C:\WINDOWS\SYSVOL) for the
SYSVOL folder (this folder is used to store the server's copy of the domain's public files) and click Next.

Directory Services Restore Mode. Password is P@ssword. This password is used

when you have to recover from losing your Active Directory database or are
possibly doing a hardware upgrade and need to restore the System State as stated
during the Backup presentation.

Computer I use SVBLUE7RKL

A forward zone resolves hosts names to IP addresses.

A reverse zone resolve IP addresses to host names.

Four commands at a cmd prompt:

Ipconfig/flushdns – Windows IP configuration; successfully flushed the DNS Resolver

cache

Ipconfig/registerdns Windows IP configuration, registration of the DNS

resource records

Net stop netlogon The net logon service was stopped successfully

Net start netlogon The net logon service was started successfully

Located within your Forward Lookup Zone folder (yourdomain.local)

Service Locator Records

_TCP
_Sites
_UDP
_MSDCS

2
4/1/10 Notes

DNS Troubleshooting steps:

Ipconfig/flushdns: Flushes dns resolver cache

Ipconfig/registerdns: re-registers machine with DNS

Net stop netlogon: Stops netlogon service. Netlogon service allows authentication
to station

Net start netlogon: Starts netlogon service

Investigate your DNS to see if your service records are available

The above creates a domain controller. This is the central management tool in your
network at this point. You can have multiple domain controllers within a domain as
well as domains within domains.

Next is joining a workstation to participate in the domain. Then you will have your
own Active Directory Network.

The first step:

Set your workstation’s primary DNS to point to your Domain Controller IP address in
the TCP/IP settings of the network interface card. The secondary should be left
blank.
Local Area Connection Status/ Properties/Version 4 /Properties/DNS Server
Addresses

In the Computer Name Changes dialog box type Administrator and Password.
This is the Domain Administrator account, not the Local Workstation Administrator
account.

Click start/ programs/Administrative Tools and open Active Directory Users and
Computers. This is the primary tool for managing your domain/network.

Logon Script Field looks in the netlogon share which points to:

c:\windows]sysvol\sysvol\your domain name\scripts

3
4/1/10 Notes

You can verify this by looking at the Shares in your Computer Management Utility.
(right click My Computer / Manage)