Lab#3

Active Directory in Windows Server 2022 Configuration

By Rogino Apacible

In this lab:
• Install active directory in windows server 2022
• Create a domain name and configure our first domain forest
• Describe active directory terms
• Demonstrate the use of OUs, groups and describing object securities.
• Show how to manage and organize active directory objects.
• This lab will also be the foundation for the following labs that will happen in this course. (Update is
need in the future)

Part 1
Plan a server farm based on what you want your company’s domain to be (there is no right or wrong
configuration) or what you know of one of your Co-Op companies. On paper, first create your unique domain
name (yourname.local or yourname.org etc.) with 3 named department OU’s each and 6 unique Users. You
will locate 2 users into each OU.

• I will be using sheridan-ra.local for my first domain.

• This is going to be the domain controller in the first domain tree.
• 3 departments will be Operations, Finance, Administration. This will be the core departments of each
domain in the future. There will be changes as things goes in this course.
• Domain will start with 6 users. 2 on each department.
• granted that this is just the first domain of the forest, in the future there will be changes that will make
the structure more sense

The Logical and physical Structure

Active directory can be considered to have both a logical and physical structure, and there is no correlation
between the two.

Active directory domain forest for this lab.

Figure 1: Active directory diagram (will be updated)

Part 1-continued

Logical Structure

The logical part of active directory includes the forest, trees, domains, OUs, and global catalog.

Domain –It is still a logical group of users and computers that share the characteristics of centralized security
and administration. A domain is still a boundary for security – this means that an administrator of a domain is
an administrator for only that domain, and no others, by default. A domain is also a boundary for replication –
all domain controllers that are part of the same domain must replicate with one another. Domains in the same
forest automatically have trust relationships configured.
• In this lab it has 5 domains
• 1 will be the DC1 and 3 child domains
• 1 will be the DC2, it is an additional domain controller. It is recommended to have a high fault
tolerance and high availability. For example, if DC1 is unavailable, DC2 will be the backup.

Tree – a tree is a collection of Active Directory domains that share a contiguous namespace. In this
configuration, domains fall into a parent-child relationship, which the child domain taking on the name of the
parent.
• In this lab, the child domains take the parent domain name. For example, the first child domain
dev.sheridan-ra.local take the parent domain name sheridan-ra.local.

Forest – a forest is the largest unit in Active Directory and is a collection of trees that share a common
Schema, the definition of objects that can be created. In a forest all trees are connected by transitive two-way
trust relationships, thus allowing users in any tree access to resources in another for which they have been
given appropriate permissions and rights. By default, the first domain created in a forest is referred to as the
root domain. Amongst other things, this is where the Schema is stored by default.
There are two types of active directory forest:
I) Single Forest
2) Multiple forest
• In this lab we only have a single forest, further in the future another domain forest will be added. The
other domain will have a different name, it could be another company or an organization that has
another forest with parent and child domains.

Organizational Unit – An organizational unit (OU) is a container object that helps to organize objects for the
purpose of administration or group policy application. An OU exists within a domain and can only contain
objects from that domain. OU can be nested, which allows for more flexibility in terms of administration.
Different methods for designing OU structures exist including according to administration (most common),
geography, or organizational structure. One popular use of OUs is to delegate administrative authority – this
allows you to give a user a degree of administrative control over just the OU, and not the entire domain.
• In this lab, I created OUs under the parent domain sheridan-ra.local. It is still basic, but once we added
users or computers, it will make sense. The OU is like a folder windows explorer in organize the objects
based on functionality, geography etc. In this case, I had made OUs base on functionality.

Global Catalogs –Are listings of every object that exists within an Active Directory Forest. By default, a domain
controller only contains information about objects in that domain. A Global Catalog server is a domain
controller that contains information about every object (though not every attribute for each) stored in the
entire forest. This facilitates and speeds up the search for information in Active Directory. By default, only the
first domain controller created in a forest has a copy of the global catalog – others much be designated
manually.
• The global catalogue for this lab would be the parent directory sheridan-ra.local.

Part 1-continued

Physical Structure

The physical structure of Active Directory helps to manage the communication between servers with respect
to the directory. The two physical elements of Active Directory are domain controllers and sites.

Domain Controllers – domain controllers are Server-based systems that store the Active Directory database.
Every Windows domain controller has a writable copy of the directory. Domain controllers in the same domain
contain replicas of the directory that must be synchronized periodically.
• In this lab, there will be 2 DCs, it is responsible for replication and clustering in the future.
• This would be an onsite domain controller.
• The parent domain sheridan-ra.local will be the Operations Master.

Site – In Active Directory, sites are groups of IP subnets that are connected at high speed. Although the
definition of ‘high speed’ is open, it is generally considered to be subnets that are connected at LAN speeds
(say 10 Mb) or higher. The purpose of defining sites in Active Directory is to control network traffic relating to
directory synchronization, as well as to help ensure that users connect to local resources. For example, domain
controllers located in the same site replicate with one another on a 5-minute change notification interval.
However, replication between domain controllers in different sites can be scheduled according to your needs.
This allows a much greater degree of flexibility. For example, you could set things up such that replication
between sites could only happen between midnight and 6am – thus ensuring that replication traffic would not
interfere with normal data transfer during business hours. Sites also help ensure that users avoid accessing
resources over the WAN by having client systems access servers (such as domain controllers) that are in the
same physical site first.
• In this lab, the DC2 will also act as an on-premises site. It will establish replication and clustering in the
future.
• The DC1 will also become the DHCP server where all connected clients will get their IP address
automatically. This will be demonstrated as we connect client computers in the VM in the future.
• A site link bridge connects two or more site links and enables transitivity between site links. In this case
all child domains in this lab for the mean time will be an example of site link bridge servers. They will
be connected to each other, if one child domain connection to the parent domain has failed, it will use
this site links to continue the connection to the parent domain.
Part 2
ADDS configuration

Installing Active Directory Domain Services role

In windows server 2022
server manager.

click Add roles and features

Continue.

The Add roles and features

wizard will appear.

Click next for this first step

Continue.
Select role-based installation
option

Click next

Continue.

As we are installing in the

windows server 2022 there
is only one option here.

Click next

Continue.

Under server roles.

click the checkbox

Active directory domain
services.

This wizard will appear.

Click
add features

Continue.
Verify that the check box is
selected
Active directory domain
services.

Then click next.

Continue.

No extra features will be

added for the mean time.
Skip and

Click next

Continue.

This is describing that we are

installing ADDS.

Click next.

Continue.
Confirm installation

Click next.

Continue.

This will take a time so take

a break.

Continue.

After installing close the

wizard by clicking

Close.

Continue.
 Verify and confirm that the
AD DS is installed and is now
listed on the left pane of
Server Manager.

Installing a new forest and configuring root domain controller

After ADDS install we can
now promote this server to a
domain controller

Click the notifications with

yellow exclamation mark

Click Promote this server to

a domain controller.

Continue.
This wizard will appear.

then we select the option

Add a new forest.

for this lab, I will be using

the root domain name

sheridan-ra.local

Click next

Continue.

Verify and check DNS server

checkbox

Global catalog is selected as

default because this is the
parent directory for the new
forest.

Add a password

then click next.

Continue.

In DNS option

this will not be an option

because we are starting as a
parent domain.

click next.

Continue.
NetBIOS domain will scan for
a moment.

Then it will use the parent

domain name for a NetBIOS
domain name if available.

use this default

Click next

Continue.

Use the default paths

Click next

Continue.

Review the selections.

At this point, you can go

ahead and copy the script in
view script for using
powershell deployment of
DC in the future.

Click Next

Continue.
it will start scanning for
prerequisites. Once its done

Click Install.

Continue.

After installation of the new

domain forest. The system
will automatically restart.

Continue.

After restart we can confirm

that the domain is created
as displayed on server
manager. DNS is also added
on the left pane of the
server manager.
Creating Users
In Server Manager.

Click tools found on the

upper right.

Click
Active directory users and
computers.

Continue.

This window will appear.

Click the drop-down arrow

on the left side of the
domain. This will reveal the
contents under it.

Continue.

To create user.

Right click on the users

container.

Click new.

Then Click user.

#backtocontainer

Continue.
This little wizard will appear
for creating a new object-
User

Fill the credentials.

assign a user logon name.

then click next

Continue.

Create a password.

there are some options

here.

for new created user it is by

default required to change
the password at next logon.

Click next.

then click finish.

Continue.

After creating users,

continue creating users
applicable for this lab.
Creating OUs
Right click the domain name

Click new

then click Organizational

Unit.

This container will be under

the domain.

A wizard will appear.

#backtomoreOu
Continue.

Name the new OU

click Ok

Continue.

We can now move the users

that are newly created.

click the users container

then select the users you

want to move,

use ctrl or shift key for

multiple select

right click then click move

Continue.
select the location of the
container you want to put
the users

in this case, I put the users in

my container which is
sheridan-ra_users

click ok

Continue.

Verify by clicking the

container

and we can see that the

users are now in the new
container

Continue.

For creating new users in the

new container.

right click on the container

and use the steps on
creating users

Continue.
Further create more Ou’s for
different departments
Under the domain.

use the steps on creating an

OU under the new
container.

Continue.

Name the new container

Continue.

Newly created OUs under

sheridan-ra_users container

Operations
Finance
Administration

Then move the users in their

respective OUs.

Continue.
 The users are now on their
respective OUs.

these containers are helpful

on organizing AD objects like
the users. As you can see,
they are look like files in the
folders.

Summary:

This lab took was done over a two-day period due to taking breaks, but I think it took 4 to 5 hours in total to
complete ... much of the time was taken to review the concept of ADDS but there were no issues in
implementing this lab as I used the GUI to configure the server.