System Administration (Windows Server 2008)

ACTIVE DIRECTORY DOMAIN SERVICES (ADDS)

Active directory was introduces on 1990’s and implemented in Windows 2000 Server with its

release in 2000. Windows Server 2003 and Windows Server 2008 used Active Directory with its

expansions during time. Window 2000 Server, Windows Server 2003 and Windows Server 2008 use

Active Directory domain Services as a base for distributed networks (distributed computing network

system).

Directory:

The listing of objects in the comprehensive way general data base of information or repository is

known as directory.

 Active Directory:

Active directory provides a way to store and avail information related to the network objects to other

users, administrator and applications. The objects organized inform of organizational units (OUs),

domain, sites, trees and forests. Active directory with the standard protocols is accessible by third

party directory services because it can easily exchange and use the information effectively.

Active Directory in Windows Server 2008 R2 with the expand functionalities provide centralized

administration to its users and application objects. The management of related identities are provided

for the network of organization by Active Directory.

Active Directory Domain Services (ADDS):

The Active directory domain Services stores information and use stored data in the computer

network. It has hierarchal structure for network objects. Objects include in the network are users,

resources, computer accounts, security policies and applications. The user account in the Active

directory can stores names, email address and password which are the example of particular

information stores in the directory. Active Directory Domain Services make the server domain

controller and it is integrated with Domain Name system (DNS).The data is protected from

unauthorized use and access of objects by any unauthorized access. The integration of AD DS with

operating system and other applications has different capabilities like shared resource management.

AD DS provides easier access of data for the users and administrator.

Rules and Features in Active Directory Domain Services:

The following features are included in Active Directory domain Services

 Access control to resources and authenticated logon for the users for the security integration in AD DS

Central management and organization by administrator with single network logon The specific formats and limits for the objects and their related attributes The use of global catalogue by the users and administrator for information about the objects Index mechanism provide query system for the easy access of network objects and their

attributes Centralized management of network with the security Comprehensive use of network object and properties with protected management

Benefits of Active Directory Domain Services:

Active Directory Domain Services is very secure with the comprehensive solution for the span

network in multiple locations.

Ease of administration with centralized secure management Comprehensive management with the increasing number of objects (users, computers and

roles) Provide single view of the users with proper management Single network with different mechanisms of security Automation for the administration tasks like managing and adding users and groups or other

works related to different objects

Important Terms, Tools and Concepts in AD DS:

FQDN (Fully Qualified domain Name):

The FQDN is specified for the host, internet or specific computer. It is the complete name with

two parts host name and domain name and also top level domain. Like project.sbk.com is

FQDN where project is host name, “sbk” is second level domain and com is top level domain.

FQDN has specific location in the hierarchy of Domain Name System (DNS).

Active Directory Users and Computers:

The active Directory Users and Computers is tool and a console snaps in introduced by

Microsoft for the management purposes. You can create user and computer accounts; set their

security policies an2d you can also apply group policies.

User:

User is the person who can use any specific computer in the given environment with the

specified policies. You can log on the computer by the Active Directory user account. The

Active Directory account identifies the user and establish authentication so that the user can

use the resources within the domain.

OU (Organizational Unit):

Organizational Unit let you organize the users in one container that can hold all user and

computer accounts that have common needs so that can be easily managed and supported by

the administrator. The example is an OU Students that is for all the common users. The domain

can contain the collection of different OUs with the same policies like security (password

policy) that is basically same for every user in the OU. The organizational unit administrator is

responsible for user and computer account maintenance in the OU.

Group Policy Object (GPO):

Group policy object is the tool which provides centralized configuration and management for

the operating system and let you set rules on user and computer accounts in the Active

Directory as the system administrator. It is used in the small businesses and organizations very

commonly. Group policy object will store the configured setting of Active Directory. The

management and configuration of software, desktop and network environments can be done by

GPO. The Group Policy is the feature in Windows Server 2008’s Server Manager you need to

install so that you could use and manage multiple accounts. Group Policy management console

let you easily use different policies for the group policy objects.

Benefits of using GPO

There are some uses of Group Policy Objects

You can block as the administrator the devices for specific users The improved security implementations for devices and users using firewall and IPsec Categorized management of resources makes it possible to easily deploy and manage the

resources You can manage multiple groups, logs and event in the GPO

Roaming Profile

The roaming profile let you store and access the shared documents and desktop setting on the same

network with the customize settings seamlessly. The roaming profile stores your customized data on

the server; you can get access of your profile data in the same way as you saved last time even using

the other computers on the network so roaming profile makes it possible by just joining the domain

regardless of location. Administrator can control and designate the roaming profile to the domain

administrator group and other groups and accounts.

The Issues with Roaming Profile:

The roaming profile bandwidth problems can appear inform of time consuming logging in and

logging off from the account. The transformation and use of higher bytes of data is not possible with

it and it can create problems for the different accounts of the users log in at the same time.

Network Drive (Z drive)

Network drive is the shared space on the hard disk for different users in the network. It is a central

location for the users provided on the server also known as remote drive. The data from here is

accessible by the authorized users of the domain.  Mapping the network drive can be the time saver

to access data files and folders from remote computer (Server). The path of drive is specified for

each user in the network so the users can easily access their required data.

Advantages Network Drive:

 Network drive has the following benefits:

A user do not need to follow and remember a large path to access the data, you just need to open ‘‘My Computer’’ and the access allocated drive by the administrator

You do not need to shift and transfer data after each modification, your data is save at your network drive

In case of any problem in the client computer data is accessible in the centralized domain controller or server

Home Directory/ Home Folder:

Home directory is used for the user so that they can save securely their data and could easily access

the data. The users can have their unique and individual home directory to save and use data. The

UNC (Universal Naming Convention) path is used and you can access your home drive from any

directory. The users can save the images, music, videos and text document in the home drive. In

command line activities it is called home directory and in graphical user interface it is known as

home folder. The user profile is used as the default home folder for the user accounts. It has

following benefits:

Provide backup of important data on the server central to separate users by the administrator Central collection of files makes the management easier for the administrator Secure data by providing separating system data and user’s data, and providing recovery to

data The large files can be store easily The user can access the data from any connected computer in the network

Assigning Home Folder:

You can assign home folder to the domain users easily by the following the instructions.

 Home folder path should be specified The shared permissions should permit the user to access the home folder Assign the home folder to the domain user

Installation and Configuration of ADDS

Installation and Configuration of Active Directory Domain Services

Go to Start menu and select Server Manager

In Server Manager Window Select Roles and Click on Add Role

In the Add Roles Wizard, Read Before You Begin instructions and Click Next

Select Active Directory Domain Services as Server Role and Click on Next

Check the overview and Click on Next to continue installation

The Confirm Installation Window in the Wizard will conform about the installation of AD DS

You can view the progress during installation of AD DS

The Installation Result can be viewed at the end of installation, now click on blue highlighted massage and Run dcpromo.exe before closing the Installation Result Window

After running dcpromo.exe you will get the Welcome window that will let you make the system domain controller

The Operating System Compatibility inform you about improved security settings in Windows Server 2008 and it compatibility effects, click on Next to continue

The AD DS Installation Wizard let you choose the appropriate choice suitable to your network environment, Select Create new domain in the new forest and Click on Next

Write the appropriate fully Qualified Domain Name and click on Next

The installation process will check and confirm that the FQDN is not already in use

Setting Forest Functional Level. Select Windows Server 2008 from drop down menu and click on Next to continue

The settings will be checked for DNS installation

In the Additional Domain controller Options check DNS server which is requirement for AD DS (Domain Controller), click on Next to proceed

The massage will appear when you are installing DNS server click on Yes

The paths of database, log files, and System volume folders is all given, you can change the folder paths according to your requirement and click next

Write the password and confirm it (Remember password as it is required for the first login and Removing of AD DS), click on Next to continue

You can check all the summary of the selected options and click on Next to start installation

The installation process can be viewed on AD DS Installation Wizard

System requires restart after completion of installation of AD DS so the server could take the updates

Creating User in the Active Directory

To create a user, go to Start Menu, Administrative Tools and select Active directory Users and computers

In the AD Users and computers Window select domain name, you can see expanded objects below FQDN (project.sbk.com)

Below FQDN (project.sbk.com) right click on Users, Select New then select User

On the New object User fill the required boxes and click Next

Write the user log on password, rewrite to confirm it and remember it, below password text areas check boxes are given check the proper option according to your requirement

The summary will be shown at the last to confirm all entered data click on Finish to create a user account in your domain

The user created can be seen with its Name, Type and description

Creating Organizational Unit (OU) in Active Directory

In the Active Directory Users and computers Window right click on FQDN (project.sbk.com) and in the appeared menu select New then Select Organizational Unit

Creating OU write the require Name, check protection container option and click OK

The required OU(Student) is created below FQDN (project.sbk.com)

Creating Home Folder for the User

To create home folder for the user, Select a drive e.g. volume (F :)

Right click in the drive and select New then folder from the menu to create new folder

After creating New folder Rename it as the Home Folder in the F: drive

Right click on the Home Folder and select properties from the menu

In the Home Folder properties Window click on Sharing tab and select Advance Sharing to set the sharing permissions for the folder

In the Home Folder properties window click on add tab, In the Select Users, Computers, Groups Window write the user account name (LubnaAijaz) or click on Check Names tab to select user name for setting Home Folder permissions on the user account and click OK

Select the check boxes Full Control Change and Read for the specified account (LubnaAijaz) click Apply to get the changes

The Home Folder is now shared for the user account

Continuing the steps creating home folder for the user account select Start menu, administrative Tools and then active Directory Users and Computers

In active Directory Users and Computers window select the user account (LubnaAijaz in the Students OU) right click and select Properties

In the user account properties (LubnaAijaz) select Profile Tab. In the Home folder select Connect radio button, select drive letter (L) and go to: define path of HomeFolder\\ServerName\HomeFolder\UserName (\\SystemDC\HomeFolder\Lubna) click OK to get settings

Client Side View

You can login and check the configuration for the user account to do so Login to system and follow the steps:

Select Start menu and go to Computer

In the computer window you can now check the drive (L :) created for user account (LubnaAijaz)

Note: This configuration gives the simple path to the user to save and use the data, otherwise the

user need to go in the Networks, select the server name and then specified drive letter.

You can define different quota for different accounts in the domain in the Advance Sharing of Home

folder Share permissions. Users cannot see the data of on another so they can use their drive and

store data in isolated way within the network environment.