Professional Documents
Culture Documents
In this lab:
• Install active directory in windows server 2022
• Create a domain name and configure our first domain forest
• Describe active directory terms
• Demonstrate the use of OUs, groups and describing object securities.
• Show how to manage and organize active directory objects.
• This lab will also be the foundation for the following labs that will happen in this course. (Update is
need in the future)
Part 1
Plan a server farm based on what you want your company’s domain to be (there is no right or wrong
configuration) or what you know of one of your Co-Op companies. On paper, first create your unique domain
name (yourname.local or yourname.org etc.) with 3 named department OU’s each and 6 unique Users. You
will locate 2 users into each OU.
Logical Structure
The logical part of active directory includes the forest, trees, domains, OUs, and global catalog.
Domain –It is still a logical group of users and computers that share the characteristics of centralized security
and administration. A domain is still a boundary for security – this means that an administrator of a domain is
an administrator for only that domain, and no others, by default. A domain is also a boundary for replication –
all domain controllers that are part of the same domain must replicate with one another. Domains in the same
forest automatically have trust relationships configured.
• In this lab it has 5 domains
• 1 will be the DC1 and 3 child domains
• 1 will be the DC2, it is an additional domain controller. It is recommended to have a high fault
tolerance and high availability. For example, if DC1 is unavailable, DC2 will be the backup.
Tree – a tree is a collection of Active Directory domains that share a contiguous namespace. In this
configuration, domains fall into a parent-child relationship, which the child domain taking on the name of the
parent.
• In this lab, the child domains take the parent domain name. For example, the first child domain
dev.sheridan-ra.local take the parent domain name sheridan-ra.local.
Forest – a forest is the largest unit in Active Directory and is a collection of trees that share a common
Schema, the definition of objects that can be created. In a forest all trees are connected by transitive two-way
trust relationships, thus allowing users in any tree access to resources in another for which they have been
given appropriate permissions and rights. By default, the first domain created in a forest is referred to as the
root domain. Amongst other things, this is where the Schema is stored by default.
There are two types of active directory forest:
I) Single Forest
2) Multiple forest
• In this lab we only have a single forest, further in the future another domain forest will be added. The
other domain will have a different name, it could be another company or an organization that has
another forest with parent and child domains.
Organizational Unit – An organizational unit (OU) is a container object that helps to organize objects for the
purpose of administration or group policy application. An OU exists within a domain and can only contain
objects from that domain. OU can be nested, which allows for more flexibility in terms of administration.
Different methods for designing OU structures exist including according to administration (most common),
geography, or organizational structure. One popular use of OUs is to delegate administrative authority – this
allows you to give a user a degree of administrative control over just the OU, and not the entire domain.
• In this lab, I created OUs under the parent domain sheridan-ra.local. It is still basic, but once we added
users or computers, it will make sense. The OU is like a folder windows explorer in organize the objects
based on functionality, geography etc. In this case, I had made OUs base on functionality.
Global Catalogs –Are listings of every object that exists within an Active Directory Forest. By default, a domain
controller only contains information about objects in that domain. A Global Catalog server is a domain
controller that contains information about every object (though not every attribute for each) stored in the
entire forest. This facilitates and speeds up the search for information in Active Directory. By default, only the
first domain controller created in a forest has a copy of the global catalog – others much be designated
manually.
• The global catalogue for this lab would be the parent directory sheridan-ra.local.
Part 1-continued
Physical Structure
The physical structure of Active Directory helps to manage the communication between servers with respect
to the directory. The two physical elements of Active Directory are domain controllers and sites.
Domain Controllers – domain controllers are Server-based systems that store the Active Directory database.
Every Windows domain controller has a writable copy of the directory. Domain controllers in the same domain
contain replicas of the directory that must be synchronized periodically.
• In this lab, there will be 2 DCs, it is responsible for replication and clustering in the future.
• This would be an onsite domain controller.
• The parent domain sheridan-ra.local will be the Operations Master.
Site – In Active Directory, sites are groups of IP subnets that are connected at high speed. Although the
definition of ‘high speed’ is open, it is generally considered to be subnets that are connected at LAN speeds
(say 10 Mb) or higher. The purpose of defining sites in Active Directory is to control network traffic relating to
directory synchronization, as well as to help ensure that users connect to local resources. For example, domain
controllers located in the same site replicate with one another on a 5-minute change notification interval.
However, replication between domain controllers in different sites can be scheduled according to your needs.
This allows a much greater degree of flexibility. For example, you could set things up such that replication
between sites could only happen between midnight and 6am – thus ensuring that replication traffic would not
interfere with normal data transfer during business hours. Sites also help ensure that users avoid accessing
resources over the WAN by having client systems access servers (such as domain controllers) that are in the
same physical site first.
• In this lab, the DC2 will also act as an on-premises site. It will establish replication and clustering in the
future.
• The DC1 will also become the DHCP server where all connected clients will get their IP address
automatically. This will be demonstrated as we connect client computers in the VM in the future.
• A site link bridge connects two or more site links and enables transitivity between site links. In this case
all child domains in this lab for the mean time will be an example of site link bridge servers. They will
be connected to each other, if one child domain connection to the parent domain has failed, it will use
this site links to continue the connection to the parent domain.
Part 2
ADDS configuration
Continue.
Continue.
Select role-based installation
option
Click next
Continue.
Click next
Continue.
Click
add features
Continue.
Verify that the check box is
selected
Active directory domain
services.
Continue.
Click next
Continue.
Click next.
Continue.
Confirm installation
Click next.
Continue.
Continue.
Close.
Continue.
Verify and confirm that the
AD DS is installed and is now
listed on the left pane of
Server Manager.
Continue.
This wizard will appear.
sheridan-ra.local
Click next
Continue.
Add a password
Continue.
In DNS option
click next.
Continue.
NetBIOS domain will scan for
a moment.
Click next
Continue.
Click next
Continue.
Click Next
Continue.
it will start scanning for
prerequisites. Once its done
Click Install.
Continue.
Continue.
Click
Active directory users and
computers.
Continue.
Continue.
To create user.
Click new.
#backtocontainer
Continue.
This little wizard will appear
for creating a new object-
User
Continue.
Create a password.
Click next.
Continue.
Click new
#backtomoreOu
Continue.
click Ok
Continue.
Continue.
select the location of the
container you want to put
the users
click ok
Continue.
Continue.
Continue.
Further create more Ou’s for
different departments
Under the domain.
Continue.
Continue.
Operations
Finance
Administration
Continue.
The users are now on their
respective OUs.
Summary:
This lab took was done over a two-day period due to taking breaks, but I think it took 4 to 5 hours in total to
complete ... much of the time was taken to review the concept of ADDS but there were no issues in
implementing this lab as I used the GUI to configure the server.