Active Directory ton tp - Phn 1+2

Active Directory l dch v h thng quan trng bc nht vi vai tr qun l d liu ngi dng, my tnh, groups, v cc chnh sch cng nh rt nhiu thng tin khc. trin khai h thng Active Directory chun, trnh cc s c lin quan l iu cn thit. Trong lot bi vit v Active Directory ny ti s gii thiu vi cc bn t ci t 1 my ch Domain Controller cho mt Domain ti ci thm mt my ch DC khc cho Domain . Doanh nghip pht trin cn phi trin khai cc Domain Con, v cc Domain ngang hng trong cng mt Forest. Cc phn trong lotbi vit v Active Directory

1. Ci t ActiveDirectory trn Windows Server 2003 2. Backup ActiveDirectory 3. Ci t thm mt mych Active Directory vo mt Domain c 4. Ci t MultipleDomain cho mt h thng
1. 2.

Ci t Active Directory trn mt Forest mi Ci t Active Directory trn mt domain con

5. i tn Domain 6. Chuyn Master caDomain

Phn I Gii thiu vSeries bi vit

Trong Series bi vit v Active Directory ny cc bn s bit cch ci t v cu hnh ln mt h thng nh di y.

1.

2.

3. 4.

5. 6.

7. 8.

Phn 2: ca bi vit ti s gii thiu vi cc bn lm cch no ci chun mt my ch Active Directory, c th y ti ci Active Directory cho domain Thaibinhit.net Phn 3: ca bi vits gii thiu v ci t thm my ch Domain Controller cho domain c lThaibinhit.net. Cch Backup v Restore li Active Directory Phn 4 : ca bi vitl ci t Domain Con trong Domain c sn l mcsa.Thaibinhit.net v ccna.Thaibinhit.net Phn 5: Ci t mt Domain mi trong forest c t trc l: bacgiangit.net, join my client vo domain, truy cp vo d liu c share trn Forest. Phn 6: i tn Domain Khc phc s c khi my ch Domain Controller hot ng vi chc nng Master ca c Forest b li, v cch nng cp cc my ch th cp nn thnh Master. Phn 7 : Rename DC Phn 8 : DC vai tr l Master

Phn II Ci t Active Directory trn Windows Server 2003

1.

Khi ci t Active Directory trn Windows Server 2003 theo kinh nghim ca ti th cc bn nn ci t DNS trc vi cc thit lp chun. a ch IP t l a ch tnh v a DNS l aca chnh my mnh

To Zone trong DNS v thit lp Dynamic Update cho Zone y l mt yu cu bt buc trong Active Directory c kh nng t ng Update cc thit lp ca mnh vo trong DNS.

Bc 1 : t a ch IP cho my ch - Static IP v DNS vo DNS ca chnh my mnh.

1. 2. 3.

Vo Start =>Settings=>Network connection R.click vo biu tng Local Area Connection=>Properties t a ch IP v DNS nh hnh sau:

Bc 2: : Bn i computer name ca my DC ca bn

1. 2. 3.

R.click vo My computer=> Properties Ti mc Computer Name click vo Change Thay i tn my tnh nh hnh di ( thay tn ty bn d nh) bn ch vic n OK v Restart li my th mi c hiu lc

Bc 3 : trc khi ci t bn ci t dch v DNS ( Domain name System)

1.

Bc 1 : vo Control panel=>chn chc nng Add or remove programs

Chn Add-remove windows components ci t thm chc nng DC=>chn Networking services

Tch vo Domain Name System (DNS)=> OK

Qu trnh ci t DNS ang din ra=> n Finish hon thnh:

[IMG]]http://data.sinhvienit.net/2012/T10/img/SinhVienIT.Net--anh7.JPG[/IMG]

Vo Start=>Programs=> Adminstrative Tools Ta thy c dch v DNS va mi ci t xong:

Tip ta s vo DNS cu hnh :

Bc 4 : tin hnh nng cp my ln Domain Controller (DC) Ta s vo start=> Run=> g lnh: dcpromo

Ti ca s welcome to the .ta chn next=>next tip n khi ra c ca s Domain controller type=>chn Domain controller for a new domain=> next nh hnh nh sau:

Chn domain in a new forest=> next

Nhp y tn DNS name vo, to y ta nhp tn ca chng ta v d s l thaibinhit.net=>next:

Tip theo trong qu trnh nng cp s hi ta lu c s d liu ca AD v file log ti ng dn nh th no trn my DC, chng ta nn mc nh ng dn nh th v nhn next tip tc qu trnh

Bc tip theo my yu cu ta khai bo ng dn cha th mc SYSVOL, th mc SYSVOL s cha ton b pulic files ca Domain trn my server, nu cc bn khng mun thay i ng dn th mc nh v n next:

Bc tip theo my yu cu ta khai bo ng dn cha th mc SYSVOL, th mc SYSVOL s cha ton b pulic files ca Domain trn my server, nu cc bn khng mun thay i ng dn th mc nh v n next:

Sau khi hon thnh tt c cc bc trn, th mc nh n bc ny option Install and configure DNS server v cc bn mc nh v n next th my s ly a ch ca Perferred DNS server khai bo tn min thnh IP v ngc li:

Bc k tip lien quan n quyn ca domain trong DC, nu ta chn option nh hnh di th cc quyn s tng thch vi my server ci t h iu hnh server 2000 hoc 2003

n bc tip theo kh quan trng ta t password cho user administrator khi v mt l do no m bn mun

restore li h thng v bc ny khuyn co nn t password khc vi user admin logon vo domain, v 1 im na l d b hacker li dng xm nhp vo server chng ta tin hnh t pass v n next:

Tip theo ta n next n khi hin bng ci t ang din ra=>Finish

Mn hnh s hin ra yu cu bn phi Restart li my hay khng th bn n Restart li my mi c hiu lc:

V cui cng l mn hnh ng nhp khi logon vo DC:

Vy l AD hng dn xong cc bn bi nng cp 1 my t Peer-to-Peer thnh Domain Controller ri nh, chc cc bn thnh cng!!! Trong Phn tip theo ti s trnh by cch Add thm mt my ch Domain Controller vo mt Domain c sn v cch Backup cng nh Restore Active Dicrectory. Phn 3 Backup & Restore

Trong phn 1+2 caSeries bi vit v Active Directory ti trnh by v cch thit lp cc thng scn thit nh t a ch IP tnh cho Card mng, v DNS, v ci t hon chnhmt my ch Domain Controller. Trong phn 3 ny ti trnh by vi cc bn cchbackup v restore Active Directory trn my ch Domain Controller phng c sc xy ra

1.Cng ngh NTBACKUP trong Windows Server 2003

Backup v Restore lmt trong nhng kin thc v cng quan trng trong vic m bo h thng hot ngmt cch hiu qu, v trnh c nhng s c ng tic xy ra. Trong WindowsServer 2003 c s dng mt cng c backup d liu l: ntbackup 1. NTBACKUP trong Windows Server 2003 s dng cng ngh backup l Shadow Copy backup c nhng d liu ang hot ng nh SQL, hay dch v Active Directory, cc file ang chy hay cc folder b cm truy cp 2. Nhng trong Windows C mt quy nh l khng cho can thip vo cc file hay d liu ang ang c mt chng trnh khc ang hot ng hay ang s dng. 3. V hai iu ny c ngha l bn hon ton c th backup c Active Directory theo mt cch no , nhng bn khng th Restore li c bi Service ny hot ng t lc h thng bt u khi ng. Vy khng c cch no Restore sao, tht may mn Microsoft tnh ton n tnh hung ny v trong bi vit ny ti s gii thiu vi cc bn cch Backup v Restore d liu ca Active Directory. 4. Khi backup SystemState s cha ton b thng tin ca Active Directory

2. Backup v Restore Active Directorytrong my ch DomainControllers. L thuyt

1.

Sau phn 1+2 ti c mt Domain vi tn min l: thaibinhit.net c my ch Domain Controller ci dch v Active Directory l dc1.thaibinhit.net. Bc 1: To mt OU trong Active Directory vi tn MCSA trong OU ny ti to tip mt User Name l Hopqd Bc 2: Backup Active Directory Bc 3: Xo OU v User va to ra

Bc 4: Khi phc li d liu Active Directoryva b xo Trin khai. Bc 1: Log on vo my ch Domain Controller bng user administrator Vo Start=> AllPrograms=> Administrative tools=> Active Directory Users and Computers

Chut phi vo Active Directory domain thaibinhit.net chn New Organizational Unit (OU) vi tn Mcsa:

Vo trong OU MCSA kick chut phi chn New User Account - to mt ti khon User mi.

y ti to User tn Hopqd, logon name l Hopqd:

Nhn Next h thng yu cu g Password ca user mi to ra l g ti chn Password l: 123456a@

Bc 2: Backup Active Directory: Vo Run g ntbackup hthng s hin ca s sau y:

H thng s hin cas v bn chn Advanced Mode (dng ch mu xanh) s xut hin ca s BackupUtility:

Chn Tab Backup s cca s nh hnh di y: Bn mun backup Active Directory bn cn phi Backup System State. thy khi backup

System State s bao gm rt nhiu thng tin: Active Directory, Boot Files, Registry, SYSVOL Sau khi chn System State, cn phi thit lp ni cha file Backup, y ti chn l lu ti Destop: v tn file l Backup.bkf

Khi nhn Start Backup h thng s bt ra ca s nh hnh di y bn chn Start Backup bt u thc hin backup.

Ca s hin th qu trnh Backup ang c thc hin, bn i mt lt h thng hon thnh cng vic

Bc 3: Xo d liu trong Active Directory

Sau khi h thng kt thc vic Backup System State bn vo Active Directory (nh cch vo bn trn) chut phi vo OU MCSA chn Delete, xo d liu trong Active Directory

Bc 4: Bn khng th thc hin Restore thao tc ln cc d liu ang hot ng, gi ti phi khi ng li my ch Domain Controller. Trong lc my tnh ang khi ng nhn F8 chn cc Mode ca h thng nh cch vo Safe Mode Trong Menu cc Modeti phi chn "Directory Service Restore Mode" - Bn bt buc phi chnmode ny bi khi bn la chn Mode ny mc nh Service Active Directory s btt v bn c th thao tc bng cc tc v khc vo d liu ca ActiveDirectory c

Khi chn khi ng t"Directory Service Restore Mode" h thng s yu cu g User name vPassword

Vo c trong mi trng Windows Run ntbackup trong ca s ntbackup chn tab Restore Chn System State restore

Nhn Start Restore h thng bt u ly li d liu nh lc Backup. Di y l ca s h thngang Restore li System State

Sau khi h thng Restore hon tt s yu cu khi ng li my tnh v bn chn Yes:

Chng ta ng nhp li kim tra xem OU Mcsa v User Hopqd xem c cn hay khng??

Chng ta vo li Active Directory Users and Computers:

Ok Ad hon thnh xong lap chc cc bn thnh cng!!! Phn 4 - Addtional New DC

1. Replication d liu trong Active Directory. - Active Directory trn my ch Windows Server 2003 c c ch Replications gia cc my ch Domain Controller vi nhau. Cho php nhiu my ch Domain Controller cng qun l chung mt d liu Active Directory, vi d liu v thit lp ging nhau. ng thi cho php nhiu my ch Domain Controllers hot ng vi quyn ngang hng nhau trong Active Directory. - Cc my ch hon ton c kh nng thm d liu vo trong Active Directory (nh vic to User mi, hay thay i thng tin trong Active Directory). Khi bn thay i d liu Active Directory trn mt my ch Domain Controller th chng s t ng ng b ho vi ton b my ch Domain Controller trong h thng mng. - Nh vy nu mt h thng Domain nu bn c mt my ch Domain Controller chng may my ch ny b gin on trong mt thi gian nht nh th c h thng

s b t lit. Khc phc vn ny bn ci t thm mt hay nhiu my ch Domain Controller na cng qun l d liu Active Directory v DNS ca h thng. Khi mt trong cc my ch Domain Controller trong h thng phi bo tr hay gin on mt thi gian th h thng vn hot ng bnh thng. - Trong Phn 4 ca bi vit ny ti gii thiu vi cc bn cch to ci t thm mt my ch Domain Controller vo Domain c sn l vnexperts.net vi d liu DNS v Active Directory ging Domain Controller u tin v hot ng vi chc nng tng ng nhau trong h thng. 2. Trin khai Additions Domain Controller mi vo h thng c sn. - my ch Domain Controller mi hot ng vi chc nng tng ng vi my ch Domain Controller u tin phi p ng: + Cung cp gii php tn min DNS cho cc my Client + Cung cp xc thc v cc d liu lin quan khc ti d liu Active Directory. Phn 1: DNS trn my ch Domain Controller mi. - My ch u tin cha ton b d liu DNS v cc thit lp khc trn DNS. my ch th hai ny cng c kh nng p ng cc yu cu DNS ca Client chng ta cn phi to mt bn sao bao gm d liu DNS ging ht my ch u tin. + Trn Windows Server 2003 dch v DNS cho php to Secondary Zone nh mt bn sao d liu DNS t mt Primary Zone c to sn. + Domain ca ti c ci t vi mt my ch DNS v Domain Controller l: DC1.thaibinhit.net + Trn d liu DNS ca dc1.thaibinhit.net c mt Primary Zone tn thaibinhit.net cha ton b cc record v tn ca domain thaibinhit.net. + Yu cu a ra bn phi to ra mt my ch vi d liu DNS ging ht DC1.thaibinhit.net Bc 1: Ta s backup to bn sao lu DNS trn my DC2.
*

Trn my ch DC1 ta t a ch IP nh sau:

* Tip sau bn chuyn sang my DC2 t t a ch ip nh th ny:

* Trn my tin hnh trn my DC2 th u tin cc bn ci t dch v DNS:

* Tip sau bn chn vo phn Forward lookup zone =>Secondary zone tin hnh backup DNS:

* Trong bng zone name bn s in tn Domain m bn mun backup y ti in tn lad thaibinhit.net :

* in a ch IP ca my ch DC1=> bn n next hon thnh n s bo du bn yn tm v chng ta s cu hnh bn my DC1 DC2 c th sao lu c bn ghi DNS :

* Tip theo bn chn vo phn Reverse Lookup zone => New zone :

* Cc bc tip theo bn lm tng t :

* Sau khi cu hnh xong ta chuyn sang my DC1 cho php backup DNS, bn chon properties :

* Bn vo phn zone tranfers => Tch vo phn Allow zone Transfers => To any server => ok:

* Bn chuyn sang my DC2 chut phi vo thaibinhit.net => Transfer for master:

* Sau khi bn chn xong th my s khng bo li na ^^ v bn s lm tng t nh th trn phn resverse Lookup zone lm xong th my DC2 s hin ton b bn ghi DNS ca my DC1 l bn thnh cng!:

Phn 2: Ci t Additions Domain Controller vo mt domain c sn

Vic ci t Addtions mt Domain Controller mi vo mt domain c sn v cng n gin ta tin hnh thc hin trn my DC2:
+

* Bc 1: Ta t a ch IP tnh * Bc 2: t a ch DNS th ta t 2 a ch DNS, my ch DC2 : 192.168.1.3 V my ch DC1: 192.168.1.2

* Tip tc qu trnh ci t vo Run g dcpromo.vn hin ra ca s quen thuc^^

* Nhn Next tip tc qu trnh ci t Addtions Domain Controller

* n bc chn hai Options: Bn bt buc phi chn Additional domain controller for an existing domain. y chnh l s khc nhau c bn gia ci mi v add vo mt domain c sn

* Nhn Next tip tc qu trnh, h thng s yu cu bn g Username, Password v domain m bn cn add vo:

* Sau khi in cc d kin t domain, username password. + Nhn Next h thng t ng tm kim Domain chn, nu bn t a ch DNS cho card mng sai n bc ny s khng tm thy domain m bn cn add vo, khi bn ch cn kim tra li DNS khi t a ch IP l ok. + Nhn Next tip tc

* Nhn Next tip tc qu trnh ci t. H thng yu cu ni cha folder NTDS cho qu trnh Replications trong Domain.

* Nhn next tng t nh cc bai trn n khi t pass^^:

* Nhn Next h thng s bt u ci t cho dc2 ny.bn n finish hon tt:

* Sau khi bn ci xong h thng yu cu bn restart li my mi c hiu lc, sau khi khi ng li my b ng nhp vo v kim tra trong phn Active Directory Users and Computers xem v ti thy c hai my ch Domain Controller.

Vy l ta hon thnh xong bi lab ny chc cc bn thnh cng!

Phn 5 - Child Domain

Mt doanh nghip pht trin vi tr s lm vic trn nhiu lnh th khc

nhau, nu mt Domain duy nht khng th gii quyt nhu cu ca doanh nghip. Mt gii php c a ra l ti mi site to mt domain con ca Domain c s to n gin cho ngi qun tr v nng cao p ng cho ngi dng. Trong phn 5 ny ti s hng dn cc bn cch ci t domain con mcsa.thaibinhit.net t 1 domain c sn l thaibinhit.net.

* y ti s lm trn domain mcsa.thaibinhit.net cn ccna.thaibinhit.net cc bn s lm tng t^^ *Trn my mcsa.thaibinhit.net ta tin hnh t a ch IP: 192.168.1.3 v Perferred DNS server : 192.168.1.3 & Alternate DNS server: 192.168.1.2

* Tng t nh phn 4 ca bi vit to ra mt Secondary Zone ca DNS trn my ch dc3 mi v t a ch IP v DNS nh trn trc khi ci t Active Directory. - Sau khi hon thnh qu trnh to Secondary Zone thaibinhit.net ca DNS trn my ch dc3 v t a ch IP nh trn ti vo run g dcpromo bt u qu trnh ci t. Nhn Next nhng bc bt u qu trnh ci t n khi ca s sau xut hin

* Do domain mcsa.thaibinhit.net cha c nn khi ci t domain trn my ch dc3 ti phi chn l Domain Controller for a new domain. Bn chn next tip tc ci t

* Bc ny bn phi buc phi chn Option "Child domain in an existing domain tree" Sau khi la chn ng Option 2 nhn Next tip tc qu trnh:

*H thng s yu cu bn g domain cha: ti g thaibinhit.net v user name no m bn s dng ci t mt domain mi

* Sau khi in y thng tin cn thit ti nhn Next tip tc qu trnh. H thng yu cu domain cha ti g: thaibinhit.net

* Trong phn Child domain y l tn domain con mi ti g mcsa. Trong phn tn y ca domain mi ti s thy l: mcsa.thaibinhit.net Nhn Next tip tc qu trnh ci t:

* H thng s hin th NetBIOS Name ca domain mi to ra l MCSA ti mc nh, tn MCSA ny chnh l tn khi client join vo domain s la chn trong danh sch nhng domain trong khi logon. mc nh nhn Next:

* V ch th mc NTDS (dng thc hin Replication). mc nh ti nhn Next tip tc qu trnh ci t:

* H thng hi v tr ca th mc SYSVOL ti mc nh .Tng hp ton b thng tin ti thit lp s c hin th trong bng trn Nhn Next tip tc qu trnh ci t.

* H thng yu cu g Password dnh cho qu trnh backup v Restore Active Directory trn my ny ti nhp password. n next tip tc:

* Cc bc cn li bn ch n next v kt qu s nh th ny:

* Nhn Finish v khi ng li my tnh

* Bn khi ti logon li vo my tnh mcsa.thaibinhit.net s sut hin danh sch hai domain MCSA V thaibinhit bn chn vo MCSA:

*Start administrative tools Active Directory Site and Services xem ton b cc site v cc my ch Domain Controller ca ti.

Cn li domain con ccna cc bn lm tng t nh trn chc cc bn thnh cng!