Active Directory

Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security and distributed resources and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. Active Directory was new to Windows 2000 Server and further enhanced for Windows Server 2003, making it an even more important part of the operating system. Windows Server 2003 Active Directory provides a single reference, called a directory service, to all the objects in a network, including users, groups, computers, printers, policies and permissions. For a user or an administrator, Active Directory provides a single hierarchical view from which to access and manage all of the network's resources.

Why implement Active Directory? There are many reasons to implement Active Directory. First and foremost, Microsoft Active Directory is generally considered to be a significant improvement over Windows NT Server 4.0 domains or even standalone server networks. Active Directory has a centralized administration mechanism over the entire network. It also provides for redundancy and fault tolerance when two or more domain controllers are deployed within a domain. Active Directory automatically manages the communications between domain controllers to ensure the network remains viable. Users can access all resources on the network for which they are authorized through a single sign-on. All resources in the network are protected by a robust security mechanism that verifies the identity of users and the authorizations of resources on each access.

Even with Active Directory's improved security and control over the network, most of its features are invisible to end users; therefore, migrating users to an Active Directory network will require little re-training. Active Directory offers a means of easily promoting and demoting domain controllers and member servers. Systems can be managed and secured via Group Policies. It is a flexible hierarchical organizational model that allows for easy management and detailed specific delegation of administrative responsibilities. Perhaps most importantly, however, is that Active Directory is capable of managing millions of objects within a single domain.

Basic divisions of Active Directory Active Directory networks are organized using four types of divisions or container structures. These four divisions are forests, domains, organizational units and sites.

Forests: The collection of every object, its attributes and attribute syntax Domain: A collection of computers that share a common set of policies, a Organizational units: Containers in which domains can be grouped. They

in the Active Directory.

name and a database of their members.

create a hierarchy for the domain and create the structure of the Active Directory's company in geographical or organizational terms.

Sites: Physical groupings independent of the domain and OU structure.

Sites distinguish between locations connected by low- and high-speed connections and are defined by one or more IP subnets. Forests are not limited in geography or network topology. A single forest can contain numerous domains, each sharing a common schema. Domain members of the same forest need not even have a dedicated LAN or WAN connection between them. A single network can also be the home of multiple independent forests. In general, a single forest should be used for each corporate entity. However, additional forests may be desired for testing and research purposes outside of the production forest.

Domains serve as containers for security policies and administrative assignments. All objects within a domain are subject to domain-wide Group Policies by default. Likewise, any domain administrator can manage all objects within a domain. Furthermore, each domain has its own unique accounts database. Thus, authentication is on a domain basis. Once a user account is authenticated to a domain, that user account has access to resources within that domain. Organizational units are much more flexible and easier overall to manage than domains. OUs grant you nearly infinite flexibility as you can move them, delete them and create new OUs as needed. However, domains are much more rigid in their existence. Domains can be deleted and new ones created, but this process is more disruptive of an environment than is the case with OUs and should be avoided whenever possible. By definition, sites are collections of IP subnets that have fast and reliable communication links between all hosts. Another way of putting this is a site contains LAN connections, but not WAN connections, with the general understanding that WAN connections are significantly slower and less reliable than LAN connections. By using sites, you can control and reduce the amount of traffic that flows over your slower WAN links. This can result in more efficient traffic flow for productivity tasks. It can also keep WAN link costs down for pay-by-the-bit services.

Scope:

Installation of Active Directory

Setting the IP address For the server Adding user client Connecting the client to server Edit the user account

Installation of Active Directory

Type dcpromo then click ok

Click next

Click next

Choose domain controller for a new domain and then click next

Choose domain in a new forest then click next

Type your own full DNS name for new domain then click next

Just click next do not set a NewBIOS name

Click next only

Choose permissions compatible only w/ windows 2000 or server 2003 then click next

Click next

Choose install & configure the DNS then click next

Set youre Password, this is important dont forget it because this is your administrator password that you will use to log on in server. Click next

Press Ctrl+Alt+Delete to begin

Click next

Wait until its done do not cancel Make sure that the CD of server is inserted in the CD rom

Click finish

Click restart now then wait

Type the password that you set for your administrator then click ok to enter to the server

Setting the IP address For the server

Click start button> control panel> network connection>local area connection then right click. Click properties

Click properties

Choose TCP/IP then click properties

Choose use the following IP address then set the IP address then click advance

Click DNS

Highlights the IP address then click ok

Setting the IP address For the client

The procedure of setting the IP address for client is same in the server but make sure that the last number of the IP address of the client is different from the last number of the IP address of the server.

Server IP address

IP address of the client is different from the last number of the IP address of the server.

Client IP address

After configuring the IP address of the client go back to the server then follow this instruction:

Click start button>administrator>active directory right click subset choose new subset

Right click subset then click new subset

Click start button>administrator tools>DNS Set the IP address of your server then highlight the site name then click ok Then close the window

Click next

Double click the DNS domain name

Choose to all domain controllers etc. then click next

Right click reverse lookup zones click new zone Choose allow only secure etc, then click next

Choose primary zone then click next

Click the subset Type IP address click next

Click finish

click the host name then click ok

right click to this area then click new pointer

Click the domain name Type the last number of your server IP address then click browse

Click host name then click ok

Double click

Click ok

Adding user client

Click administrative tool>active directory users & computers

Click domain name then right click user click new click user

Type name fullname logon then click next

Set your password check password never expired then click next

Click finish

Right clicks the user then click add to group

Click advance Click find now

Click ok

Click domain admin then ok

Connecting the client to server

Right click computer click properties

Click change Click computer name

Type the domain name click ok Click advance system settings

Type the domain name\the name of the user that youre created in the server then click ok

Edit the user account

Click administrator tools click active directory users & computers

right click on user click properties

Edit the information then click ok

Right click user then click to delete if you want to delete