Domain means network with
centralize administration.
DC(Domain Controller) means
a server in which AD is installed.
AD (Active Directory)
AD is directory service of windows server
2000,2003,2008,2008 R2, 2012 and 2012 R2. AD is central location or repository
in which we can get information of each and every object. Object means any
resource of network like user, group etc. By default there are 10 types of
object in windows 2008 and 2012 AD. OS use SID number (Security Identifier) to
identify any object. Objects can be store and replicate in AD. Replication
means automatic updates between the links. FRS (File Replication Service) is
use for the replication purpose in AD.
The database file of AD is ntds.dit (new technology
directory service. directory information tree)
Kerberos is an authentication protocol and LDAP
(Lightweight Directory Access Protocol) is use to access the resources.
There are different functional levels or modes of AD domain :-
1. Mixed mode
domain It means the domain which
is compatible with Pre-Windows 2000 domain controllers (Windows NT4 Server)
2. Windows 2000
Native mode It means the domain which can support Windows
2000 DC, Windows 2003 DC, Windows 2008 DC and Windows 2008 R2 DC.
3. Windows 2003
Native mode It means the domain
which can support Windows 2003 DC and higher versions.
4. Windows 2008
Native mode It means the domain which
can support Windows 2008 32 bit DC and
higher versions.
5. Windows 2008
R2 Native mode It means
the domain which can support Windows 2008 R2 DC and higher versions.
6. Windows 2012
Native mode It means the domain
which can support Windows 2012 DC and higher versions of DC.
7. Windows 2012
R2 Native mode It means the domain
which is compatible with Windows 2012 R2 Domain Controllers only.
NOTE:
(a) We have to
select functional level during the installation of AD and we can upgrade functional
level but it cannot be reverse.
(b) Windows
2008 and 2012 does not support Mixed mode.
(c) Windows
2012 does not support Windows 2000 Native mode also.
(d) Windows
2012 R2 does not support W2K3 Native mode also.
The maximum objects can be store in AD
are :-
1. Mixed mode = 40,000
objects
2. Windows 2000 Native mode = 1 million objects
3. Windows 2003 Native mode = 4 million objects
4. Windows 2008 Native mode = Unlimited objects
5. Windows 2008 R2 Native mode = Unlimited objects
6. Windows 2012 Native mode = Unlimited objects
7. Windows 2012 R2 Native mode = Unlimited objects
To install AD :-
1. Windows Server 2000/2003/2008/2012
2. Minimum disk space 250 MB (200MB for NTDS folder and
50 MB for SYSVOL folder)
3. NTFS partition
(convert c:/fs:ntfs)
4. Network connection
(Microsoft Loopback Adapter can be install)
5. Static (Manually)
IP addressing
6. DNS
(automatically install and configure)
7. RUN
dcpromo
NOTE: In
Windows 2012 , dcpromo is not available.
NOTE: Active
Directory cannot be install in Web Edition.
To remove AD :-
Option1:- RUN
dcpromo (Demote option in Windows 2012
from Server Manager Roles)
Option2:- RUN regedit
-> HKEY LOCAL MACHINE -> system -> Current control set -> Control ->
Product Option -> Product
Type ->
LanmanNT -----Change to ---> ServerNT -> OK
-> Restart
After option 1 or option 2 Open Server Manager -> Roles
-> Remove Roles ->
(Uncheck)Active Directory Service -> Remove -> Restart
Then check system properties
To join computer in the domain
or to configure client or member server :-
Check connection with DC -> System properties -> Computer Name tab -> Change -> More
-> DNS name of the domain
-> OK -> Domain
name-> OK -> Restart
Practical
1. Create Virtual machine in VMware
2. OS installation
3. Installation of AD in Windows 2008 R2
4. Join computer in the domain
5. Remove AD in Windows 2008
User
User
is a person who can work on computer.
User
Account is logical identity to logon computer. There are 2 types of user account :-
1. Local user
2. Domain user
1. Local user
They can be create in computer management, they are use in the workgroup
network, they can logon one computer only, their profile or information can be
create on one computer only.
NOTE: Local users and Local groups cannot be create on
DC.
step:- Open
Computer management -> Local users
and groups -> User (option) -> Rt. click
-> New user
2. Domain user
They can be create in AD (Active Directory) , they can logon any
computer provided they got appropriate rights, their profile or information can
be store on more than one computers.
step:- Open AD
users and computers (dsa.msc) -> User
(option) -> Rt. click -> New
-> User
NOTE: By default there
is policy for the domain users :-
1. Password must be atleast 7 characters long
2. Password must meet complexity requirement is Enable
3. Password will be expire after every 42 days
User Properties
1. Logon hours
2. User cannot change password
3. User logon name
4. Reset password
5. Account is disable
etc.
NOTE:
By default user cannot logon DC(Domain Controller).
We get message "this logon
method is not allowed on this computer"
Step to remove this restriction or to allow user for
logon locally :-
Logon as Administrator
-> Program -> Administrative tools -> Group Policy Management(gpmc.msc) ->
Forest -> Domain -> xyz.com (Domain name)
-> (1)Default
Domain Policy ->
(2) Default Domain Controller Policy ->
Rt. click ->
Edit -> Computer Configuration -> Policy -> Windows Settings ->
Security settings
-> Local Policy -> User
Rights Assignment -> Allow Logon
Locally
-> Add -> User, group and Administrators
group -> OK -> RUN gpupdate
No comments:
Post a Comment