Microsoft Active Directory - Basic Overview and Installation.
Contents
1. Introduction
1.1 What is Active Directory?
1.2 Benifits of Active Directory
2. Structure of Active Directory
2.1 Nomenclature
2.2 Planning and Designing the Active Directory Structure
3. Installation
3.1 Prerequisites
3.2 Installation of First Domain Controller
3.3 Creation of Active Directory Client
3.4 Installation of Additional Domain COntroller
3.5 Installation of Child Domain Controller in exixting Tree
3.6 Installation of Child DOmain COntroller in New Tree
----------------------------------------------------------------
1. Introduction
1.1 What is Active Directory?
Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows environments. Active Directory allows administrators to assign enterprise-wide policies, deploy programs to many computers, and apply critical updates to an entire organization. An Active Directory stores information and settings relating to an organization in a central, organized, accessible database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects.
In other words Active Directory was previewed in 1996, released first with Windows 2000 Server edition, and revised to extend functionality and improve administration in Windows Server 2003.
Active Directory enables centralized, secure management of an entire network, which might span a building, a city, or multiple locations throughout the world.
for more information refer to http://en.wikipedia.org/wiki/Active_Directory on the web
1.2 Benifits of Active Directory
Deploying Active Directory provides the following benefits to the organization:
1.2.1 Simplified administration and resource management.
You can delegate administration to all levels of an organization, and you can use Group Policy to centralize administration.
1.2.2 Increased network security and single sign-on for users.
Active Directory supports multiple authentication protocols and X.509 certificates, and provides support for smart cards.
1.2.3 Interoperability with other directory services.
Active Directory provides standards-based, open interfaces that interoperate with other directory services and applications, such as e-mail applications.
1.2.4 Features that reduce administration costs, increase security, and provide additional functionality.
Active directory allow you to configure application-specific data replication settings on domain controllers.
1.2.5 Features Available after raisng the domain functionality level to windows server 2003:
Rename domains and domain controllers
Establish two-way forest trusts
Restructure forests
Improve replication
Remove some limitations in environments with a large number of sites
2. Structure of Active Directory
2.1. Nomenclature.
To understand the structure of Active Directory it is extremely important to knw abt the names of the various terms used with active directory some of them are:
a. Forest
It is at the top of the logical framework which holds one or more transitive, trust-linked Trees.
b. Trees
A tree holds one or more Domain and domain trees.
c. Domain
Domains are identified by their DNS name structure, the namespace. A domain has a single DNS name.
d. Objects
The objects fall into three broad categories — resources (e.g. printers), services (e.g. e-mail), and users (accounts, or users and groups). The AD provides information on the objects, organizes the objects, controls access, and sets security.
Each object represents a single entity — whether a user, a computer, a printer, an application, or a shared data source—and its attributes. Objects can also be containers of other objects. An object is uniquely identified by its name and has a set of attributes—the characteristics and information that the object can contain—defined by a schema, which also determines the kind of objects that can be stored in the AD.
For more information and about other Nomenclature refer to Microsoft Windows Server 2003 Administration Comapanion published by PHI available in starcom library.
2.2 Planning and Designing the Active Directory Structure
Structure of the Active Directory is designed taking into consideration various aspects of the organization hierarchy.
The no of domain controllers required is based on the geographical distribution of computing sites in the organization.
it is always ideal to have the least no of domain controllers and having multiple aditional domain controllers to provide redundancy for reliablity and round the clock infrastructure availablity.But if the sites are spread across geographical location connected via WAN links such as VSAT, Leased Lines,ISDN etc....the probablity of the link being down is very high and the turn around time for a single authentication is much and the bandwidth required for such activity is also high which increases overall cost. Therefore it is advisable to have child domains at each of such sites. windows Active Directory supports caching at every child domains which enables users at locations to authenticate to remote server even if the link is down and the directory is syncronised later when the connection is restored.
for more information refer to Microsoft Technet librarty and Search Planning an Active Directory Deployment Project.
3. Installation
The Various Scenarios of the Active Directory Installation are
3.1 Prerequisites
Prerequisites for an Active Directory Installation are.
a. TCP/IP Settings Configures on atleast one network interface card.
We cannot install Active Directory on a pc which do not have atleast one Ethernet card and and ip address configured.
b. A NTFS Partition.
Windows NTFS partitions are much secure and Active directory requires a secure partion to hold its encrypted copy of the the database.
c. DNS(Domain Name Server)
Windows Active Directory requires that we have a pre Configured DNS server which the domain controller can update. or it is always advisable to have a seperate DNS server to be installed with the first Domain COntroller.
3.2 Installation of First Domain Controller
When we create the First Domain Controller a FOrest, tree is also created with it. the steps involved for such an installation are.
1. At the Run Command enter dcpromo this utility opens Active Directory Installation Wizard. which will give a overview of the Wizard just press next there.
2. The Next screen is to Choose if the The requirement is Domain Controller for New Domain or If it is a Installation for additional Domain Controller. ( Choose DC for new Domain)
3. The next screen is for Creating a New Domain The options Available to Choose from is Domain in New Forest, CHild Domain in Existing tree and Domain tree in an exixting Forest. Here because this hass to be the first active directory select Domain in a new forest.
4. The next screen asks for the Full DNS Name of the New Domain. for eg(Starcomsoftware.com)
5. The Next Screen Asks for The NetBios Name(Not more than 15 chars) for earlier version of windows for eg(STARCOM)
6. The Next Screen is to Ask for the Database Folder and Log folder thease folder hold the directory Databse and log files and must reside on NTFS partition it is advisiable to have thease folders on seperate harddisk not just seperate partition.
7. THe wizard then checks for the DNS if it supports Dynamic update protocol or else it installs DNS server
8. The Wizards asks for permission compatiblity either for windows 2000 or windows 2003 if we need interoperablity with active directory with windows 2000 server then choose windows 2000 else windows 2003.
9. The next step is finishes and installs the active directory onto the computer and promotes it into the Domain controller.
3.3 Creation of Active Directory Client
To create a Active Directory client or to join a computer onto a Domain is the easiest task.
1. Open Control Panel and system properties.
2. On the Computer Name tab click the change button.
3. In the Member of panel choose Domain and enter the name of domain.
4. Windows will ask to provide a username/password for the user which has sufficient privledes to join a new computer into domain.
5. The Rest will be done by windows and a message will appear welcoming to the Domain.
6. The system needs to be restarted to use the domain
3.4 Installation of Additional Domain COntroller
Additional Domain Controllers provide Fault tollerence and load balancing for the Active Directory. the steps required for this are exactly the same as installing a new domain controller except the following steps.
1. After installing windows 2003 server the computer needs to be joined to the domain as a client to that domain.
2. After joining to the domain and logging into as local administrator run the dcpromo utility to open the active directory installation wizard. here on the first screen choose Additional Domain Controller where we choosed new domain controller
3. The DNS Domain for which replication has to be done needs to be provided
4. REst of the steps are same as that of creating new domain controller.
3.5 Installation of Child Domain Controller in exixting Tree
for eg. we have starcomsoftware.com as the domain. and a tree with lab.starcomsoftware.com as a child node exixts. then to create a new child to this tree like dc.lab1.starcomsoftware.com we have to do folowwing steps.
1. Join the Domain to which the child has to be created.
2. Choose the new domain
3. on next screen choose child domain under existing tree.
4. here we need to provide User credentials with sufficient priviledges on the parent domain to join a new node.
5. next screen asks for the name of parent domain and child domain.
6. all other option are same as that of creating a new domain.
3.6 Installation of Child DOmain COntroller in New Tree
all trees in a forest has its own seperate namespace , but all trees share the same schema and configuration.
To create a new tree follow theease steps.
1. we have to join the root domain as the new tree has to be the child of the root.
2. the instaltion for this is fully same as that of creating a new child domain in an existing tree only we have to choose the create a new tree when asked at the create new domain screen.
-----XXXX------