Scribd Logo
Upload

Welcome to Scribd!

  • Shashank NMA 9

    Uploaded by

    Khushi Mak
    21 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views16 pages

    Shashank NMA 9

    Uploaded by

    Khushi Mak

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Practical-9

    Aim: Installing Active Directory & Creating AD Objects.


    Installing Active Directory:
    Before installing Active Directory you should ensure that your computer has:
     A meaningful name i.e. Server, DC.
     A static IPv4 address.
     At least one NTFS partition.
     A Network connection.
    The Active Directory Domain Controller role is actually a two-step process to get the Active Directory DC
    installed: first you install the role and second you run dcpromo.
    Setup Active Directory Domain Services
    1. Log into your Windows Server and start the Server manager.

    2. Now Click on Add Roles and features.


    3. Click Next to Start the setup.

    4. Click Next.
    5. Selection in not necessary for this and click Next.

    6. Now Check mark on Active Directory Domain Services.


    7. Click on Add Features To get more Features to use Active Directory.

    8. Click Next.
    9. Check mark on Net Framework 3.5 and Click Next.

    10. Click Next That Rules are shown as below.


    11. Check mark on Restart and click on Yes To give permission for restart.

    1. Click on Install.
    2. Setup will complete with features.

    3. Now Click on flag and Promote This server to the domain Controller.
    4. Check mark on ADD a new Forest and Write the domain name and click next.

    5. Select Whether Client has Lower version of Windows Server to Get into Domain. Click Next.
    6. Click Next.

    7. Check Whether Domain is correct or not or need to change the name and click next.
    x
    8. Click Next.

    9. Click Next to Continue.


    10. Once again Click on Install and Close to Restart the PC.
    11. Now u can see the Domain name is shown in front of Administrator.
    12. Go to server Manager and See the Domain Name and Installation is complete.
    You will able to manage the domain through the new tools that will appear in the Administrative tools
    folder in the start menu. Followings are appear.
     Active Directory Domain and Trusts.
     Active Directory sites and Services.
     Active Directory Users and computers.
     ADSI Edit.
     DNS
     Group Policy Management.

    Active Directory Objects:

    Real-world entities such as users, computers are represented as objects in Active Directory. One important
    aspect with respect to object characteristics is that some of the objects can contain other objects. Objects
    that contain other objects are container objects while others are just leaf objects.

    Each object consists of a set of attributes which best describes it. For example, consider a user object. A
    user is described by attributes like Name, Address, and Telephone number and so on. Active Directory
    supports numerous types of objects. The objects that can be authenticated and to which permissions can be
    assigned are called as security principals. Each security principal object has a security identifier associated
    with it in addition to the global identifier. User, computer and group objects are referred to as security
    principal objects.

    Active directory supports various types of objects like User, Group, Contact, Computer, Shared Folder,
    Printer and Organizational Unit.

    A user object represents individuals who need access to the resources in a network. Each user account has a
    user name and a password. The purpose behind creating user accounts is to authenticate the identity of the
    user and authorize the access to the network resources. Active Directory supports two types of built in user
    accounts – Administrator and Guest account.

    A computer object represents a work station or a server in a network. A computer account helps in
    authenticating and authorizing its access to network resources.

    A group object represents a collection of user accounts, computer accounts, contacts and other groups that
    can be managed as a single unit. Groups facilitate role based access to network resources. There are two
    types of groups – Security and Distribution groups. Security groups are mainly used for the purpose of
    providing access to network resources. Distribution groups are not security enabled and can be used only
    for communication purpose. Groups can vary in scope which limits its membership and scope of operation.

    A contact object contains the contact information about people who are associated with the organization
    but are not part of it like contractors, suppliers. A contact object does not have a SID associated with it
    which prevents it from having access to the network resources.

    A shared folder object is used to share files across the network. It is mapped to a server share.

    A printer object corresponds to a printer resource in a network.

    Creating Objects in Active Directory:


    Active Directory is the Windows directory service, and its role is to maintain information about enterprise
    resources, including users, groups, and computers. Resources can be divided into Organizational Units
    (OUs) to facilitate manageability and visibility that is, they can make it easier to find objects.

    You can create objects in Active Directory by using the Active directory users and computers console.

    1. Start -> Administrators tools -> Active Directory users and computers.
    2. On the Active Directory users and computers console, right click on the container object within
    which you would like to create an object.
    3. A submenu pops out, from that choose the option new.
    4. On choosing the option “new” another submenu pops out with a list of objects, from that choose the
    object that you intend to create.
    5. After you choose an object, respective dialogue boxes appear in which you can enter the attribute
    values for the object .When you complete this, the object has been created.

    Organizational Unit:

    Select New> Select Organizational Unit. Assign a descriptive name and ensure Protect Container from
    Accidental Deletion is selected. Then click OK to create the OU.
    Note: The Windows Server 2008 administrative tool adds a new option: the Protect Container from
    Accidental Deletion. This option adds a safety switch to the OU so that it cannot be accidentally deleted.
    Two permissions are added to the OU:
     Everyone::Deny::Delete
     And Everyone:: Deny::Delete Subtree.
    No user, not even an administrator, will be able to delete the OU and its contents accidentally. It is highly
    recommended that you enable this protection for all new OUs.
    Users
    Select New>Select User. Fill in the user’s details and Click Next. Assign a temporary password and ensure
    User must change password at next logon is selected. Then Click Next. Click Finish to create the user.
    Groups
    Select New>Select Group. Assign a descriptive name and a group scope and group type and Click OK to
    create the group
    Note: There are two main functions of groups in Active Directory:
     Gathering together objects for ease of administration
     Assigning permissions to objects or resources within the Directory.
    There are three types of group scope in Active Directory: Universal, Global, and Domain Local.
    There are two types of groups in Active Directory: Security and Distribution.
     Security groups are used for assigning permissions and are the most commonly used.
     Distribution groups are solely used for grouping users together for administrative purposes, for
    example e-mail and messaging. You cannot assign permissions to distribution groups.
    Computers
    Select New>Select Computer. Assign Computer name. User or group who have the permissions to join a
    computer to the domain, default is Domain Admins. Do not select the check box labeled Assign This
    Computer Account as a Pre-Windows 2000 Computer unless the account is for a computer running
    Microsoft Windows NT 4.0. Click OK to create computer object.

    You might also like