Domain Controller

Domain Controller

“Information Technology”

2016PAssewrelles numeriques cambodia

Songkat Tek thla, Khan Sen Sok, Phnom Penh, Cambodia

Passerelles Numériques Cambodia

P a g e | 52

By SamNang (SNA_B_2017) 2016


Contents:I. Install Active Directory and DNS Windows Server 2008 R2:........................................................1

A. Assign IP address on server 192.168.ID.1 and subnet mask /24 (My ID is 42):.........................1

B. Assign hostname’s DomainID (Domain42):................................................................................2

C. Install Active Directory: Domain’s name samnang42.lan (nameID.lan):....................................3

II. Create Organizational Unit (OU) of each department:................................................................9

III. Create group account and users account of each department without required strong password:............................................................................................................................................10

A. Add membership to group in their department:.........................................................................19

IV. Computer Create Account: Right click on OU (Computers) > New > Computer > Put the name of Computer Account > OK..................................................................................................................21

V. Create users account template on each department: We just do the same following of creating user account and put the name as Template......................................................................................22

A. Department (Department Finance):............................................................................................22

B. Add user account template into group (Finance Group): Double click on group that we want to add member > Select tab Members > add user with the same to the following of adding membership as the..........................................................................................................................23

VI. Enable and Disable Account User:..........................................................................................23

A. Enable Account User: Right click on user that we want to enable > Enable Account..................23

B. Disable Account User: Right click on user that we want to enable > Disable Account................24

VII. Unlock User Account:..............................................................................................................24

A. From Monday to Friday period 8:00 AM to 5:00 PM allow, other deny:.....................................25

B. Only User name “samnang.leap” can loin only computer name “Win-Client”:...........................27

VIII. How to reset password of user:..............................................................................................27

IX. Create multiple users with introduction below:....................................................................28

A. Create Organizational Unit name “SNA-B”:.................................................................................28

B. Create Multiple User Account (Do on Excel):..............................................................................28

X. Take windows client joins domain: “Before take windows client joins domain we must install DNS service and AD and take them (Server & Client) in the same network........................................32

A. Take one user to logon your computer client that joined to domain:.........................................40

XI. Make sure that manager can do the following task in each OU department by delegate control:................................................................................................................................................42

XII. Make sure manger can access from his/her computer to domain service (AD):...................45

To make sure manager can access to domain service in windows client we must do with the following below:..............................................................................................................................45

Make sure that manager (samnang.leap) can access to domain service (AD):........................49

P a g e | 52



P a g e | 52



Domain Controller I. Install Active Directory and DNS Windows Server 2008 R2:

A. Assign IP address on server 192.168.ID.1 and subnet mask /24 (My ID is 42):

Run > type: ncpa.cpl > double click on Local Area Connection > …> input IP > OK.

Run > cmd > ipconfig > see the IP and Subnet Mask.

P a g e | 52



B. Assign hostname’s DomainID (Domain42): Run > type: sysdm.cpl > Click on Change > Input the computer’s name

> Click on OK.

Run > cmd > type: hostname > see the host name.

P a g e | 52



C. Install Active Directory: Domain’s name samnang42.lan (nameID.lan):

Click on Server Manager > Click on Roles > Click on Add Roles.

P a g e | 52



Tick on Active Directory Domain Services > Next > Next > Install.

P a g e | 52



Click on Active Directory Domain Services >

Click on Run the Active Directory Domain Services Installation Wizard.

P a g e | 52



Select Create a new domain in a new forest.

Assign Domain’s name (samnang42.lan) > Next.

P a g e | 52



Tick o DNS server (If you want to install it) > Next.

Assign password > Next > Computer will restart machine.

P a g e | 52



Check system properties > See Domain’s name.

P a g e | 52



II. Create Organizational Unit (OU) of each department: Click on Start > Click on Active Directory.

Select domain’s name (samnang42.lan) > Click on OU icon (2) > Type the name (IT_Admin) > OK.

P a g e | 52



Create OU of each department’s name such as IT_Admin, Finance and Sale (Just do with the following above).

III. Create group account and users account of each department without required strong password:

To create users account without required strong password we must change group policy. Please, do with the following below:

o Click on Start > Click on Group Policy Management > Double click on Domains > Double click on samnang42.lan > Right click on Default domain Policy > Click on Edit…

P a g e | 52



o Double click on Policies > Double click on Windows Settings > Double click on Security Policy > Double click on Password must meet complexity requirements…

o Click on Disabled > OK.

P a g e | 52



After changed group policy we must update group policy by use command line (gpupdate):

o Run > cmd > type: gpupdate.

P a g e | 52



Create users in department’s name IT_Admin: o Go to Active Directory Users and Computers > Select OU that we want to create users

(IT_Admin) > Click on user icon > Put first name, last name > Put user logon name > Next > Put password > Next > Click on Finish.

P a g e | 52



o Do the same following above (These are users in department’s name IT_Admin).

Create users in department’s name Finance:o Go to Active Directory Users and Computers > Select OU that we want to create user

(Finance) > Click on user icon > Put first name, last name > Put user logon name > Next…

P a g e | 52



o Put password > Next > Click on Finish.

o Do the same following above (These are users in department’s name Finance).

P a g e | 52



Create users in department’s name Sale:o Go to Active Directory Users and Computers > Select OU that we want to create user (Sale)

> Click on user icon > Put first name, last name > Put user logon name > Next…

o Put password > Next > Click on Finish.

P a g e | 52



o Do the same following above (These are users in department’s name Sale).

Create Group Account for each department:o Go to Active Directory Users and Computers > Select OU that we want to create user

(IT_Admin) > Click on group icon > Put the name of group(Group_A > OK

P a g e | 52



o Do the same following above (These are groups in each departments such as IT_Admin, Finance, and Sale).

P a g e | 52



A. Add membership to group in their department: Double click on group that we want to add memberships (Group_A) >

Select tap Members > Click on Add… (3) > Type user name > OK (5).

P a g e | 52



Do the same following above. These are memberships in Group_A (IT_Admin Group).

These are memberships in Group_B (Finance Group)

P a g e | 52



These are memberships in Group_C (Sale Group)

IV. Computer Create Account: Right click on OU (Computers) > New > Computer > Put the name of Computer Account > OK.

P a g e | 52



V. Create users account template on each department: We just do the same following of creating user account and put the name as Template.

A. Department (Department Finance): o Double click on account template that we created already > Click on tab

Organization > Put the name of department (Finance) > OK.

P a g e | 52



B. Add user account template into group (Finance Group): Double click on group that we want to add member > Select tab Members > add user with the same to the following of adding membership as the

VI. Enable and Disable Account User:A. Enable Account User: Right click on user that we want to enable > Enable Account.

P a g e | 52



B. Disable Account User: Right click on user that we want to enable > Disable Account.

VII. Unlock User Account: Double click on a user that we want to unlock >…

P a g e | 52



Select tab Account > Tick on Unlock account > OK

A. From Monday to Friday period 8:00 AM to 5:00 PM allow, other deny:o Double click on a user >…

P a g e | 52



o Select tab Account > Click on tab Logon Hours…

o Select the white part around the blue part as the picture below and then click on Logon Denied > OK (Please see the note).

P a g e | 52



B. Only User name “samnang.leap” can loin only computer name “Win-Client”:

o Double click on user name samnang.leap > Select tab Account > Click on tab Log On To…> Select the following computers > Type: name of computer (Win-Client) > Click Add > OK.

VIII. How to reset password of user: Right click on a user that we want to reset password > Input password > OK.

P a g e | 52



IX. Create multiple users with introduction below:A. Create Organizational Unit name “SNA-B”:

o Click on samnang42.lan (Domain Name) > Click on OU icon > Put the name of OU (SNA-B) > OK.

P a g e | 52



B. Create Multiple User Account (Do on Excel):o Name: firstname.lastname, Office: A21, Email Address: [email protected]

and Description: SNA-B.

o Password: 12345 and User must change password.

o Copy the formula of command line of creating users account into Notepad

o Save file in notepad with type as All Files and extension “.bat”

P a g e | 52


mailto:[email protected]


o Double click on this file to run command line of creating user account.

o This is the process of creating user account in cmd.

P a g e | 52



o The result of creating multi users.

P a g e | 52



X. Take windows client joins domain: “Before take windows client joins domain we must install DNS service and AD and take them (Server & Client) in the same network.

Installing DNS:o Click on start > Click on DNS

P a g e | 52



o Double click on DOMAIN42 > Right click on Reverse Lookup Zones

P a g e | 52



o Click on Next.

o Select IPv4Reverse Lookup Zone.

o Put Network ID (192.168.42) > Click Finish.

P a g e | 52



o Right click on 42.168.192,in-addr.arpa > Click on New Pointer(PTR) > Click on Browse

o Double click on DOMAIN42.

o Double click on Forward …

P a g e | 52



o Double click on samnang42.lan

o Double click on domain42 (hostname)

P a g e | 52



o Completed New Pointer > Click OK

o After installed DNS > Run > cmd > nslookup

P a g e | 52



Figure windows client and windows server into the same network connection:

o Assign IP address and Subnet Mask and IP DNS (IP of DNS server) > OK.o Note: IP address of server (192.168.42.1) and IP of DNS server (192.168.42.1)

P a g e | 52



o Ping IP address of server (192.168.42.1)

o Test nslookup

o Run > sysdm.cpl > Click on Change.

P a g e | 52



Take client windows joins domain: o Click on Domain > Put domain name of server (samnang42.lan) > OK.

o Required username and password of windows server (Admin) > OK > PC will restart machine.

P a g e | 52



A. Take one user to logon your computer client that joined to domain:o Take a user name hav.che to logon in windows client.

o User must change password > Click ok to change password.

o Input the new password > Enter to log in account user.

P a g e | 52



o Password changed > Click ok

o User name hav.che could log on to client windows.

P a g e | 52



XI. Make sure that manager can do the following task in each OU department by delegate control:

Delegate Control by a user who is a manager in a department:o Choose a user account as a manager in a department (User name’s samnang.leap is

a manager in department IT_Admin.

o Right click on a department that we want to do delegation control (IT_Admin department and user name’s samnang.leap is a manager).

P a g e | 52



o Click Add > Type the username that we want to delegate > OK.

o Click Next…

P a g e | 52



o Tick the following tasks:a. Manager can modify the membership of a group.b. Manager can reset user passwords and force password change at next logon.c. Manager can create, delete, and manage user accounts.

o Click Finish.

P a g e | 52



XII. Make sure manger can access from his/her computer to domain service (AD):

To make sure manager can access to domain service in windows client we must do with the following below:

a) First we must install RSAT (Remote Server Administration Tools) program in windows client:

o Double click on RSAT software > Type an administrator password, and then click yes.

o It is preparing the installation….

o It is already installed on the computer.

P a g e | 52



b) After installed, we must open service by go to configure windows features on or off in control panel:

o Run > type: control panel > OK.

o Click on programs.

o Click on Turn Windows features on or off and then it will require username and password of administrator (Server Admin).

P a g e | 52



o Type an administrator username and password, and then click Yes > Please wait >…

o Double click on Remote Server Administration Tools > Double click on Role Administration Tools > Click on AD DS and AD LDS Tools > Tick Active Directory Module for Windows PowerShell > Ok.

P a g e | 52



o It is making changes to features.

o After installed we can open Active Directory Users and Computers in windows client as windows server.

P a g e | 52



Make sure that manager (samnang.leap) can access to domain service (AD):

o Now we take user name’s samnang.leap to log on to windows client.

o So, he can access to domain service in windows client as windows server.

P a g e | 52



o Now, he can delete user in his department (Because we did delegate control for this user already)

o He can create user in his department (In department IT_Admin).

P a g e | 52



o He can reset password for user in his department (He is a user in department IT_Admin)

P a g e | 52



Note: He couldn’t delete user, create user, and reset password in another department beside his department (His department is IT_Admin).

o He couldn’t create user in department Finance.

o He couldn’t reset password for user name Template in department Finance.

P a g e | 52



P a g e | 52


The End

Domain Controller

Technology

Transcript of Domain Controller