Domain Controllers and Active Directory

Published on December 2016 | Categories: Documents | Downloads: 29 | Comments: 0 | Views: 272
of 121
Download PDF   Embed   Report

A in-dept guide to setting up a domain controller, adding computers to domains and using other active directory services.

Comments

Content

James McDermott ([email protected])

Installing and Configuring a Domain Controller and Active Directory Services

James McDermott ([email protected])

Table of Contents Introduction.......................................................................................................................... 2 A.1 Windows Server 2008 R2 Standard Server Core Installation ......................................... 3 A.2 Windows Sever 2008 Datacenter Full Installation ....................................................... 12 B.1 Setting up a Domain Controller.................................................................................... 19 B.2 Adding a second Domain Controller (server2) ............................................................. 29 B.3 Setting up a member server (MS-Core) ...................................................................... 36 C.1 Setting up a disk mirror ................................................................................................ 41 C.2 Creating Spanned Volumes .......................................................................................... 46 D.1 Setting up Organizational Units (OUs) ......................................................................... 49 D.2 Setting up Users ........................................................................................................... 52 D.3 Setting user logon times .............................................................................................. 56 E.1 Setting up groups ......................................................................................................... 58 E.2 Restrict view to Organizational Unit with a Group Policy ............................................ 64 E.3 Redirecting My Documents from client machine to server ......................................... 68 E.4 Blocking access to Control Panel with GPOs ................................................................ 79 E.5 Publishing software to Users with GPOs ...................................................................... 85 F.1 Installing print server role ............................................................................................ 89 F.2 Installing Printers .......................................................................................................... 92 F.3 Publishing printer to directory ..................................................................................... 96 F.4 Installing a generic unshared printer............................................................................ 99 G.1 Setting up server core file services ............................................................................ 100 G.2 Configuring Remote Desktop on Server Core ............................................................ 103 G.3 Remote connecting to Server Core from Windows 7 ................................................ 105 H.1 Setting up DHCP Services (Server2) ........................................................................... 108 H.2 Setting up windows 7 to obtain IP from server2 ....................................................... 114 H.3 Removing DHCP services ........................................................................................... 115 I.1 Decommissioning a domain controller ....................................................................... 118 References ........................................................................................................................ 120

1

James McDermott ([email protected])

Introduction
This manual will demonstrate how to configure a domain controller and use active directory services. We will be setting up two server machines which will be used as domain controllers (each running a full installation of Windows Sever 2008 R2), a member server (running a core installation of Windows Server 2008 R2) and a client machine (running windows 7) which will be connected to the domain. The four machines will be named as follows:  Server1 - will be the first domain controller  Server2 - will be a second domain controller  MS-Core - will be the member server  Client1 - will be the client machine For the purpose of this manual a domain will be created to host a college network for staff members, which will include trainers, managers and administrative staff. The college is called IPA and has trainers for both IT and Marketing. The IT department is subdivided into two locations Dublin and Belfast. There are also managers and administrative staff within the college that will be represented in the domain.

2

James McDermott ([email protected])

A.1 Windows Server 2008 R2 Standard Server Core Installation
The core installation of Windows server gives us a textual user interface (TUI) which is lighter and requires less processing power to run (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.111). As this is a light installation it can run on machines that have limited resources. Due to the fact that there are fewer features installed (such as graphic interfaces) there is less need to repair or patching. This makes for a more stable installation of the system. Installing the system Start the windows installation. 1. Choose the install language and keyboard input (See Figure 1: Language and Input)

Figure 1: Language and Input

Next screen click “Install now”, setup will now begin. 2. Select “Windows Server 2008 R2 Standard (Server Core Installation)” and click “Next” (See Figure 2: Installation Version)

Figure 2: Installation Version

3

James McDermott ([email protected])

3. Click “I accept” to aggree to the license term then click “Next” (See Figure 3: Licensing Agreement).

Figure 3: Licensing Agreement

4. Click “Custom” to install a fresh copy of Windows (See Figure 4: Custom Installation).

Figure 4: Custom Installation

4

James McDermott ([email protected])

5. Select “Drive Options” to create a partition and install the OS (See Figure 5: Configuring Hard Drive)

Figure 5: Configuring Hard Drive

6. Click “New” (See Figure 6: Adding Partition).

Figure 6: Adding Partition

7. Enter the size of partition required in MB then click “Apply” (here we will use 30000MB, 30GB, see Figure 7: Set Partition Size).

Figure 7: Set Partition Size

5

James McDermott ([email protected])

8. Click “OK” to the notification window. (See Figure 8: Windows Drive Usage Notification).

Figure 8: Windows Drive Usage Notification

9. Next click on partiaion that has just been created and click “Next” (See Figure 9: Install to Partition).

Figure 9: Install to Partition

10. Windows will now install the system; Windows will restart several times before finishing (See Figure 10: Windows Installation)

Figure 10: Windows Installation

6

James McDermott ([email protected])

11. Click “OK” to change password on first use (See Figure 11: Password Change Prompt).

Figure 11: Password Change Prompt

12. Enter the new password (here we use Pa$$w0rd) and click the blue arrow (See Figure 12: New Password Entry).

Figure 12: New Password Entry

7

James McDermott ([email protected])

Renaming the server Server core contains a very useful tool which includes a menu oriented command interface called server configuration (sconfig) which allows us to manage many configuration settings (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p. 1277) 1. Using the server core command prompt window, type “sconfig” and press “Enter” (See Figure 1: sconfig command).

Figure 1: sconfig command

2. In the sconfig console type “2” and press “Enter” (See Figure 2: Computer Name Option).

Figure 2: Computer Name Option

3. Type in a new computer name (here we are using MS-Core) and press “Enter” (See Figure 3: Rename Core Server).

Figure 3: Rename Core Server

8

James McDermott ([email protected])

4. You will be prompted to restart the computer. Click “Yes” and restart (See Figure 4: Restart Prompt).

Figure 4: Restart Prompt

5. Log into the server once Windows restarts and run “sconfig” again (See Figure 5: Servers New Name).

Figure 5: Servers New Name

The computer name field will now display the new name setting.

9

James McDermott ([email protected])

Setting static IP address When dealing with domain controllers the IP4 address should be statically assigned (Tittel, E. & Korelc, J.,2008,p.107). It is beneficial to set up static IP addresses for any server machine that is connected to the domain as it may be later upgraded to be a domain controller. Here we will set the static IP address for the server core installation. 1. Run “sconfig” and type 8, then press “Enter” (See Figure 1: sconfig window – Network Settings).

Figure 1: sconfig window – Network Settings

2. Choose the index number of the network adapter that you want to edit (in our case we use 0, see Figure 2: Choose Network Adapter).

Figure 2: Choose Network Adapter

3. In network adapter settings type “1” and press Enter. Then type “S” and press “Enter” to set a static IP address (See Figure 3: Static IP Options)

Figure 3: Static IP Options

10

James McDermott ([email protected])

4. Type the IP address you wish to use if you are changing the IP and press “Enter”. Then type the subnet mask if you wish to change it and press “Enter”

Figure 4: Static IP Settings

Set a static IP of 192.168.0.34 and press Enter, subnet mask of 255.255.255.0 (the default setting) which is the same as /24 in the Classless Inter-Domain Routing (CIDR) notation and press Enter. As we are not looking at internet access leave gateway blank. 5. The new static IP settings are displayed (See Figure 5: New IP Settings).

Figure 5: New IP Settings

6. Type “4” then press Enter to exit to the main menu. Next type 12 and press Enter to shut down the server (See Figure 6: Restart Server).

Figure 6: Restart Server

11

James McDermott ([email protected])

A.2 Windows Sever 2008 Datacenter Full Installation
The full installation of windows server presents us with a graphical interface to change the setting of the server, it also has more features than the server core installation which uses a minimal server operating environment (Tittel, E. & Korelc, J., 2008, p.284). It is heavier than the core installation and requires more resources to run, however it is more user friendly. Installing the system Installing the full installation is similar to A.1 Installing the System 1. At step 2 select “Windows Server 2008 R2 Datacenter (Full Installation)” (See Figure 1: Full Installation Option).

Figure 1: Full Installation Option

Once installation has completed, log in using the password set up during installation. Now rather than being presented with a command line interface, we are presented with the familiar windows interface (See Figure 2: Server Startup).

Figure 2: Server Startup

12

James McDermott ([email protected])

Configuring computer name and IP address Setting name settings and static IP address in the full installation of Windows Server 2008 R2 is not the same as the core installation. Similar to a standard windows environment we change these settings using properties windows and control panel. Here we will set a staticIP address for Server1 and name the server appropriately. 1. Go to “Start”  “Computer” (Right Click)”Properties” (See Figure 1: Computer Properties Option).

Figure 1: Computer Properties Option

2. Click “Advanced System Settings” from the left-hand pane (See Figure 2: Advanced System Settings).

Figure 2: Advanced System Settings

13

James McDermott ([email protected])

3. From the “System properties” window select the “Computer Name” tab 4. Next select “Change…” (See Figure 3: Computer Name Tab).

Figure 3: Computer Name Tab

5. Enter a new “Computer name” (here we use Server1) and click “OK” (See Figure 4: Computer Name Change).

Figure 4: Computer Name Change

14

James McDermott ([email protected])

6. You will be prompted to restart your computer. Click “OK”, then click “Restart now” (See Figure 5: Restart Prompts).

Figure 5: Restart Prompts

7. Once the computer has restarted go to “Start””Network” (Right Click)”Properties” (See Figure 6: Network Properties Option).

Figure 6: Network Properties Option

This will open the “Network and Sharing Center”

15

James McDermott ([email protected])

8. Choose “Change adapter settings” from the left-hand pane (See Figure 7: Network Sharing Center).

Figure 7: Network and Sharing Center

9. In the “Network Connections” window right click on the connection you want to edit. (See Figure 8: Network Adapter Properties)

Figure 8: Network Adapter Properties

16

James McDermott ([email protected])

10. Select “Internet Protocol Version 4” form the list then click “Properties” (See Figure 9: Adapter Properties).

Figure 9: Adapter Properties

11. Set static IP to 192.168.0.1 and subnet of 255.255.255.0 Leave all other fields blank and click “OK” (See Figure 10: Static IP Settings).

Figure 10: Static IP Settings

The defaul gateway is used when dealing communication outside of the local network, i.e. internet communication (Northrup, T. & Mackin, J.C., 2010, p.536). As we are not looking at internet access we will leave this setting blank. The server itself will act as a DNS server (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.260), so it is also unnecesary to enter in an ip address into the DNS fields. 17

James McDermott ([email protected])

Setting up Network configuration on Server2 and Client For the purpose of this manual we will set up another domain controller as in Part 2 we will name this domain controller Server2 and the IP address to 192.168.0.3 with a subnet mask of 255.255.255.0. We will also use a client machine running windows 7. This machine will be named client1 and will have a static IP of 192.168.0.35, a subnet mask of 255.255.255.0 and a DNS of 192.168.0.1 (The IP address of Server1, as this will be a workstation on the domain see Section B: Part 2) For a full listing of the network settings see Table 1: Serer2 and Client1 Network Settings Server2 Client1 (windows 7) 192.168.0.2 192.168.0.4 255.255.255.0 255.255.255.0 192.168.0.1 192.168.0.1 Table 1: Server2 and Client1 Network Settings

Static IP Address Subnet Mask DNS

As we are going to use Server2 as a second domain controller we need to point it’s primary dns server to the static IP of Server1 Client1 will be used as a workstation on the domain therefore we need to point the primary DNS server to the static IP of Client1 and the alternative DNS to the static IP address of Server2.

18

James McDermott ([email protected])

B.1 Setting up a Domain Controller
A domain controller (DC) is a tool primarily used for network security, and user authentication. However it can also incorporate several features and roles that can extend the functionality of the DC (Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G., 2009, p.5). To enable domain controller roles and services we need to use dcpromo (domain controller promotion). Running dcpromo 1. Go to “Start” and type “dcpromo” in the search box (See Figure 1: Search For dcpromo).

Figure 1: Search For dcpromo

Click on dcpromo search result and wait for application to load

19

James McDermott ([email protected])

2. You will be presented with a wizard interface, leave “Use advanced mode installation” unchecked and click “Next” (See Figure 2: dcpromo Wizard).

Figure 2: dcpromo Wizard

3. You will be presented with information about “Operating System Compatibility”, click “Next” to continue (See Figure 3: Compatibility Information).

Figure 3: Compatibility Information

20

James McDermott ([email protected])

4. As we are setting up our first domain controller chose “Create a new domain in a new forest” and click “Next” (See Figure 4: Deployment Configuration).

Figure 4: Deployment Configuration

5. Enter a name for the domain (here we use “MSCCONV.IPA”) and click “Next” (See Figure 5: Name Domain).

Figure 5: Name Domain

21

James McDermott ([email protected])

6. Next we will be prompted to set the domain and forest fuctional level, leave both as “Windows Server 2003” and click “Next” (See Figure 6: Forest Functional Level).

Figure 6: Forest Functional Level

Set to the same level as all other domain controllers on the network Click “Next” for the forest function level and the domain functional level The funtional level defines which features are available to the domain or forest. Higher levels often incorporate features from lower levels (i.e. 2008 has features from 2003). Once a functional level is set all other domain controllers within the forest or domain must be at the same funtional level (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.118).

22

James McDermott ([email protected])

7. On the “Additional Domain Controller Options”, make sure the “DNS server” is checked and click “Next” (See Figure 7: Additional DC Options).

Figure 7: Additional DC Options

The global catalog is contains information on every object in the entire domain forest, it can be accessed by any client that supports active directory can query this catalog (Tittel, E. & Korelc, J., 2008, p.121). The domain name services (DNS) role allows the domain controller to associate fully qualified domain names (FQDN) to their network IP address (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.180). 8. When prompted, click “Yes” to continue (See Figure 8: DNS Delegation Prompt)

Figure 8: DNS Delegation Prompt

23

James McDermott ([email protected])

9. Leave the “Location for Database, Log Files, and SYSVOL” set to the default settings and click “Next” (See Figure 9: Location for DB, Log File and SYSVOL).

Figure 9: Location for DB, Log Files and SYSVOL

10. A restore administrator password needs to be set, in case there are any issues with the server. Enter a password (“Pa$$w0rd”) and click “Next”

Figure 10: Restore Admin Password

24

James McDermott ([email protected])

11. Click “Next” on the summary page to continue (See Figure 11: Server Summary).

Figure 11: Server Summary

12. The Active Directory will now be configured. Click “Reboot on completion” and wait for system to restart.

Figure 12: Active Directory Install

25

James McDermott ([email protected])

Adding a Windows 7 workstation member to the Domain By adding a client machine to the domain we can log onto the computer using any domain account (Bott, E., Sienchert, C. and Stinson, C., 2011, p.650). The client machine will then be a workstation on the domain. Assuming that the networks settings have been set up using the settings given in A.2: Setting up Network configuration on Server2 and Client. 1. Go to “Start”, right click on “Computer” and select “Properties” (See Figure 1: Computer Properties Option)

Figure 1: Computer Properties Option

2. Choose “Advanced system settings” from the left-hand pane (See Figure 2: Advanced System Settings Option)

Figure 2: Advanced System Settings Option

26

James McDermott ([email protected])

3. Choose the “Computer Name” tab then click “Change…” (See Figure 3: System Properties Window)

Figure 3: System Properties Window

4. In the “Domain” text box type the name of the domain we set up earlier (MSCCONV.IPA), see Figure 4: Join Domain Settings.

Figure 4: Join Domain Settings

5. You will be prompted to enter the domain administrator details. Username: administrator, Password: Pa$$w0rd, (See Figure 5: Logon Prompt)

Figure 5: Logon Prompt

NOTE: The local administrator of the first domain controller is promoted to the domain administrator 27

James McDermott ([email protected])

6. Once the client has joined the domain a welcome message will appear, click “OK” (See Figure 6: Domain Welcome)

Figure 6: Domain Welcome

7. Restart the computer when prompted. Note: Currently there are no domain user accounts set up other than the administrator account, so we cannot log on to the domain. However sets 8 and 9 demonstrate how to log on to the network. 8. When windows restarts at the logon screen choose “Switch User” (See Figure 7: Domain Logon Window).

Figure 7: Domain Logon Window

9. Choose “Other User” and then enter domain_name\username and enter the password (e.g. Username: MSCCONV.IPA\user Password: Pa$$w0rd).

28

James McDermott ([email protected])

B.2 Adding a second Domain Controller (server2)
As with all computer systems, domain controllers are susceptible to failures and viruses. It is advisable to use a secondary domain controller to maintain the domain should anything happen to the primary domain controller (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.158). Having more than one domain controller can also be useful for decentralized administration and load sharing. Using an additional domain controller to provide DNS services will lighten the load on the primary domain controller. Using dcpromo to join existing forest Assuming that the networks settings have been set up using the settings given in A.2: Setting up Network configuration on Server2 and Client 1. Start dcpromo on Server2 (see Section B Step 1: Setting up Server1 as a Domain Controller and creating a forest). The installation process is similar to the setup of Server1 however as this will be the second domain, we are adding it to an existing forest. 2. when prompted to “Choose a Deployment Configuration”, choose “Existing Forest” and “Add a domain controller to an existing domain”, then click “Next” (See Figure 1: Add Domain Controller).

Figure 1: Add domain controller

29

James McDermott ([email protected])

3. Enter the name of the domain we set up earlier (MSCCONV.IPA) in the box provided, then click “Set..” (See Figure 2: Identify Domain)

Figure 2: Identify domain

4. When prompted, enter the domain administrator details (username: Administrator and password: Pa$$w0rd), see Figure 3: Administrator Logon

Figure 3: Administrator Logon

30

James McDermott ([email protected])

5. MSCCONV.IP should appear highlighted (see figure 4), click “Next” (See Figure 4: Select a Domain).

Figure 4: Select a Domain

6. Leave the settings as default on the “Select a Site” screen and click “Next” (Figure 5: Select a Site)

Figure 5: Select a Site

31

James McDermott ([email protected])

7. Make sure “DNS server” and “Global catalog” are selected and click “Next” (See Figure 6: Additional Options).

Figure 6: Additional Options

8. Click “Yes” to the DNS notification (See Figure 7. DNS Notification).

Figure 7: DNS Notification

32

James McDermott ([email protected])

9. Leave the default settings on the “Location for Database…” window and click “Next” (See Figure 8: Location for Database…).

Figure 8: Location for Database...

10. Enter a restore password and click “Next” (See Figure 9: Restore Mode Password Settings).

Figure 9: Restore Mode Password Settings

33

James McDermott ([email protected])

11. Click “Next” on the “Summary” window to continue (See Figure 10: Summary Window).

Figure 10: Summary Window

12. Check “Reboot on completion” on the installation window (See Figure 11: Installation Window).

Figure 11: Installation window

34

James McDermott ([email protected])

13. After reboot you will now see a domain logon window (See Figure 12: Domain Logon).

Figure 12: Domain Logon

35

James McDermott ([email protected])

B.3 Setting up a member server (MS-Core)
Following the same method as in Section A Part 1 Step 3 we can use sconfig to configure the DNS settings of the MS-Core server. 1. Run sconfig, type “8” and press Enter to view the network settings console (See Figure 1. Sconfig – Network Settings).

Figure 1: Sconfig - Network Settings

2. Choose the index number of the network connection you wish to configure from the list (here we choose 0) and press Enter. The adapter setting for this network connection will be displayed. 3. Next type “2” and press Enter to configure the DNS settings 4. Enter in the IP address of server1 (192.168.0.1) and press “Enter” (See Figure 2: DNS Settings).

Figure 2: DNS Settings

36

James McDermott ([email protected])

5. Click “OK” on the “Preferred DNS server set” notification 6. Enter the IP address of the alternative DNS server (server2, 192.168.0.2) and press “Enter” (See Figure 3: Alternative DNS Settings).

Figure 3: Alternative DNS Settings

7. Click “OK” on the “Alternative DNS server set” notification 8. Once completed type “4” and press “Enter” to return to main menu (See Figure 4: Return to Main Menu).

Figure 4: Return to Main Menu

9. Type “1” and press “Enter”, to edit the Domain/Workgoup settings

37

James McDermott ([email protected])

10. Type “D” and click “Enter” to select domain (See Figure 5: Change Domain)

Figure 5: Change Domain

11. Type the name of the domain you wish to join (MSCCONV.IPA) and press “Enter” (See Figure 6: Name of Domain to Join).

Figure 6: Name of Domain to Join

12. When prompted to enter a domain username enter the administrator details for the domain (UN: administrator PW: Pa$$w0rd), see Figure 7: Domain Logon

Figure 7: Domain logon

38

James McDermott ([email protected])

NOTE: The password window will pop up but will look like nothing is being typed. Enter the password and press “Enter” (See Figure 8: Password Entry Window)

Figure 8: Password entry window

13. When prompted if you want to change the computer name, as the computer was name previously, click “No” (See Figure 9: Change Name Prompt).

Figure 9: Change Name Prompt

14. You will then be prompted to restart. Click “Yes” and restart the server (See Figure 10: Restart Prompt).

Figure 10: Restart Prompt

39

James McDermott ([email protected])

15. Once the server has restarted, run sconfig. MSCCONV.IPA is now listed as the domain. MS-Core is now a member server (See Figure 11: Domain Change Confirmation).

Figure 11: Domain Change Confirmation

40

James McDermott ([email protected])

C.1 Setting up a disk mirror
A disk mirror allows for one disk to be copied to another, each disk must be the same size to allow for mirroring. Data is duplicated across each disk and can therefore withstand the failure of a single disk (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.1108). Here we add connect extra hard disks to the server, both 40GB in size, once the disks are physically installed we begin this process. 1. Click the “Server Manager, see Figure 1: Server Manager Icon.

Figure 1: Server Manager Icon

2. Select “Disk Management” from the item tree in the left-hand of the server manager console. This will display the disks and volumes on the system (See Figure 2: Disk Management).

Figure 2: Disk Management

The hard disks cannot be used until they are online and initialised 41

James McDermott ([email protected])

3. Right click on Disk 1 and Disk 2 and choose “Online” (See Figure 3: Set Disks Online).

Figure 3: Set Disks Online

4. Right click on Disk 1 and Disk 2 again and choose “Initialize Disk” (See Figure 4: Initialize Disks).

Figure 4: Initialize Disks

42

James McDermott ([email protected])

5. Check the disks to be initialized, choose “GPT” and click “OK” (See Figure 4: Choose Disks to Initialize).

Figure 4: Choose Disks to Initialize

Note: By Initialising these two disks, disk0 is automatically set to be Dynamic If disk0 is not dynamic already do the following: 5b. Right click on Disk0 and click “Convert to Dynamic Disk” (See Figure 5: Make Dynamic)

Figure 5: Make dynamic

43

James McDermott ([email protected])

6. Right click on the drive to be mirrored and choose “Add mirror” (use the C drive), see Figure 6: Add Mirror Option

Figure 6: Add Mirror Option

7. Choose which disk you want the drive mirrored on to (here we use disk 1) and click “Add Mirror” (See Figure 7: Choose Disk to Mirror to).

Figure 7: Choose Disk to Mirror to

44

James McDermott ([email protected])

8. Mirroring to disk 1 will set disk 1 to be dynamic. Click “Yes” to confirm this change (See Figure 8: Basic to Dynamic Prompt)

Figure 8: Basic to Dynamic Prompt

9. When this is completed you will see the drive mirrored on disk 1 (See Figure 9: Mirrored Drive)

Figure 9: Mirrored Drive

45

James McDermott ([email protected])

C.2 Creating Spanned Volumes
A spanned volume works in the same way as a single drive however it is spans two or more disks (Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C., 2010, p.1107). Now that the C drive has been mirrored to disk 1 there remains 10gb free on disk 0 and disk 1 and disk 2 has 40gb free. We can create a spanned virtual volume which will make all free space appear as one drive (60gb using the free 10gb + 10gb + 40gb) 1. Right click on Disk 2 and choose “New Spanned Volume” (See Figure 1: Spanned Volume Option).

Figure 1: Spanned Volume Option

2. The new spanned volume wizard will begin, click “Next” (See Figure 2: Spanned Volume Wizard).

Figure 2: Spanned Volume Wizard

46

James McDermott ([email protected])

3. Select the disks to be included in the spanned volume. Add all disks by clicking “Add”, then click “Next” (See Figure 3: Add Disks)

Figure 3: Add Disks

4. Leave the options as default (assign drive letter E) and click “Next” (See Figure 4: Assign Drive Letter).

Figure 4: Assign Drive Letter

47

James McDermott ([email protected])

5. Format the volume using the default settings (NTFS, Default size, Quick Format). Click “Next” (See Figure 5: Format Spanned Volume).

Figure 5: Format Spanned Volume

6. Click finished when wizard completes 7. When wizard has completed new spanned volume information will appear in the disk management console (See Figure 6: Spanned Volume Information)

Figure 6: Spanned Volume Information

48

James McDermott ([email protected])

D.1 Setting up Organizational Units (OUs)
Active directory allows us to define users and computers based on the organisational structure of the network. Using organizational units we can delegate control and management of data (Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G., 2009, p.3). Unlike groups, OUs are containers for objects that allow them to be represented in the domain hierarchy (Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G., 2009, p.248). 1. Go to “Start”  “Administrative Tools”  “Active Directory Users and Computers” (See Figure 1: Active Directory Users and Computers).

Figure 1: Active Directory Users and Computers

2. Right click on the domain name (MSCCONV.IPA) in the left-hand pane. Choose “New” then “Organisational Unit” (See Figure 2: Organisational Unit).

Figure 2: Organisational Unit

49

James McDermott ([email protected])

3. Enter the name of the new organisational unit (name it IPA) and click “OK” (See Figure 3: Name Organisational Unit).

Figure 3: Name Organisational Unit

Now we will create a new organisational unit within the one that has just been created. 4. Right click on the newly created “IPA” organisational unit and choose “New” then “Organisational Unit” (See Figure 4: Nested Organisational Unit).

Figure 4: Nested Organisational Unit

50

James McDermott ([email protected])

A diagram of the organisational structure we will be using can be seen in figure 5: Organisational Unit Structure

Figure 5: Organisational Unit Structure

5. Once all organisational unit have been entered there should be a nested list of all unit visible in the left-hand pane (See Figure 6: Nests Organisational Unit Tree).

Figure 6: Nests Organisational Unit Tree

51

James McDermott ([email protected])

D.2 Setting up Users
When setting up a user account in active directory, it becomes an active directory account. This means the user account can log on to any work station within the domain (Tittel, E. & Korelc, J., 2008, p.204). 1. Click the “IPA” organisational unit from the left-hand pane. Then right click the white space in the right-hand pane (below marketing). Choose “New” then “User” (See Figure 1: Add User).

Figure 1: Add User

2. Enter in the user details (see figure 2) and click “Next” (See Figure 2: User Details).

Figure 2: User Details

52

James McDermott ([email protected])

3. Enter a password (Pa$$w0rd) and uncheck “User must change password on next logon” and click “Next” (See Figure 3: User Password).

Figure 3: User Password

4. Click “Finish” to confirm user settings (See Figure 4: Confirm User Settings)

Figure 4: Confirm User Settings

53

James McDermott ([email protected])

5. We will set up users in each of the organisational units as follows in Figure 5: Organisational Unit Users

Figure 5: Organisational Unit Users

6. To set up users in each organisational units open each unit and right click in the white space and choose “New” then “User” (See Figure 6: New User in OU)

Figure 6: New User in OU

54

James McDermott ([email protected])

7. Users should appear listed in the organisational unit (See Figure 7: Organisational Unit User List)

Figure 7: Organisational Unit User List

55

James McDermott ([email protected])

D.3 Setting user logon times
The “Active Directory Users and Computers” console allows us more control over user accounts and settings. Along with the usual password restrictions (as found in standard Windows user setup) we can also define logon times. Restricting logon times allows greater control over when users can access the system (Tittel, E. & Korelc, J., 2008, p.208). 1. In ADUC highlight the users you wish to apply the logon restrictions to, right click and choose “Properties” (See Figure 1: Multiple User Properties).

Figure 1: Multiple User Properties

2. On the “Account” tab, check the box beside “Logon Hours:” and click “Logon Hours…” (See Figure 2: Logon Hours).

Figure 2: Logon Hours

56

James McDermott ([email protected])

3. In the “Logon Hours” window choose “Logon Denied” to clear the time restrictions (See Figure 3: Clear Times).

Figure 3: Clear Times

4. Highlight the time and day you want to allow logon, select “Logon permitted”, then click “OK” (See Figure 4: Specify Times).

Figure 4: Specify Times

Now all users that were selected are limited to only log on to the domain between Monday and Friday

57

James McDermott ([email protected])

E.1 Setting up groups
Groups are collections of users that need similar levels of access to resources. Groups simplify administration by reducing the number of relationships that need to be managed (Tittel, E. & Korelc, J., 2008, p. 212). Here we will set up groups to represent the hierarchical structure of our users. More information on best practice for setting up groups can be found at: http://technet.microsoft.com/en-us/library/cc779601%28v=ws.10%29.aspx 1. Users will be grouped according organisational unit and role within the organisation. See Figure 1: User Grouping Diagram

Figure 1: User Grouping Diagram

2. Open “Active Directory Users and Groups” and select the organisational unit in which you want to create the group. Right click in the white space and choose “New” then “Group” (See Figure 2: Adding a New Group).

Figure 2: Adding a New Group

58

James McDermott ([email protected])

3. On the new group window enter the name of the group and choose “Global” under the “Group scope” then click “OK” (See Figure 3: Name Group).

Figure 3: Name Group

There are three group scopes available, domain local, global, and universal. The domain local only applies to a single machine. Global applies to the entire domain, and universal applies to the entire forest, including all domains (Tittel, E. & Korelc, J., 2008, p.212). 4. Right click on the newly created group and choose “Properties” (See Figure 4: Group Properties).

Figure 4: Group Properties

59

James McDermott ([email protected])

5. Choose the “Members” tab and click “Add…” (See Figure 5: Add Members to Group).

Figure 5: Add Members to Group

6. From the “Select users..” dialogue type “user” and click “Check Names” (See Figure 6: Check Names).

Figure 6: Check Names

Note: As there are several users with a username similar to user this will open a “Multiple Names Found” dialogue, which will allow us to easily add several users to the group at once.

60

James McDermott ([email protected])

7. As we are setting up the group to cover all users (as all are “Staff”) select all the users from the “Multiple Names Found” window and click “OK” (See Figure 7: Add Multiple Users).

Figure 7: Add Multiple Users

8. Click “OK” to confirm the users to be added to the group (See Figure 8: Confirm Add Users).

Figure 8: Confirm Add Users

We will now add groups based on figure 1. As “Managers”, “Trainers” and “Admin” contain users from all sub organisational unit we will create new groups within the “IPA” organisational unit. For groups based on organisational unit we will place the group within the OU itself.

61

James McDermott ([email protected])

9. Create a new group for “Managers” within the “IPA” organisational unit. Repeat steps 2 – 8 (See Figure 9: Managers Group).

Figure 9: Managers group

10. Add user1, user11, user16 and user19 to this group using the method as step 7. Press the ctrl key to select multiple users (See Figure 10: Select Multiple Users).

Figure 10: Select Multiple Users

62

James McDermott ([email protected])

11. Within the marketing OU create a new group called marketing and add all the users from the organisational unit to this group (See Figure 11: OU Group).

Figure 11: OU Group

Create a group for the “Dublin” and “Belfast” organisational unit Note: For organisational units that have sub groups it is possible to add a group within a group to save time. 12. Go to the “IT” organisational unit and create a group called “IT”, now when it comes to adding users simply type the name of the sub group to be added (add “Dublin” and “Belfast”), see Figure 12: Groups in Groups.

Figure 12: Groups in Groups

63

James McDermott ([email protected])

E.2 Restrict view to Organizational Unit with a Group Policy
We can restrict users from one organisational unit from being able to see users from another organisational unit in a similar way to setting NTFS permissions in windows. Here we will restrict users in the Marketing OU from seeing users in the IT OU. 1. In the “Active Directory Users and Computers” console go to “View” and choose “Advanced Features” (See Figure 1: View Advanced Features).

Figure 1: View Advanced Features

2. Right click on the “IT” organisational unit and select “Properties” (See Figure 2: Organisational Unit Properties).

Figure 2: Organisational Unit Properties

64

James McDermott ([email protected])

3. Choose the “Security” tab then choose “Add” (See Figure 3: Add Security Privileges).

Figure 3: Add Security Privileges

4. Add the “Marketing” group and click “OK” (See Figure 4: Add Group Privileges).

Figure 4: Add Group Privileges

65

James McDermott ([email protected])

5. Once we have added the Marketing group check the box under “Deny” for the “read” option (See Figure 5: Deny Read).

Figure 5: Deny Read

6. On the client machine log in as a user13 from the marketing group. 7. Go to start and type in the searchbox “c:\Windows\system32\rundll32.exe dsquery.dll, OpenQueryWindow”. This will allow us to search the active directory 8. Type “User” in the search box to list all users, this will demonstrate that users are visible (See Figure 6: Search Directory).

Figure 6: Search Directory

66

James McDermott ([email protected])

9. Next type “user19” (a user in the IT OU), this user cannot be found as the logged on user does not have access to read that OU (See Figure 7: Search For User).

Figure 7: Search For User

The user does not appear in the search because the logged on user is a member of the restricted (Marketing) group which applied to the Marketing OU and cannot read/see users from the IT organisational unit of which user19 is a member.

67

James McDermott ([email protected])

E.3 Redirecting My Documents from client machine to server
When a user saves a file to the “My Documents”/”Documents” folder the files are stored on the local machine. In order to ensure that these files will be available to users no matter which machine they are logged on to we can use a tool called folder redirection. This will redirect the “My Documents”/”Documents” to a shared folder on the domain, that can be accessed from anywhere within the domain (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.1336). 1. Start-up server2 and set up a folder on the C: drive called “User_Docs” (See Figure 1: Set Up User_Docs Folder).

Figure 1: Set up User_Docs folder

To make the folder accessible from other machines on the domain we will need to share it.

68

James McDermott ([email protected])

2. Right click on the “User_Docs” folder and choose “Properties”. Next choose the “Sharing” tab and click “Advanced Sharing…” (See Figure 2: Advanced Sharing Options).

Figure 2: Advanced Sharing Options

3. Check the option to “Share this folder” and the click “OK” (See Figure 3: Share Folder).

Figure 3: Share Folder

4. Close the properties window

69

James McDermott ([email protected])

5. On server1 go to “Start”  “Administrative Tools”  “Group Policy Management” (See Figure 4: Group Policy Management Option).

Figure 4: Group Policy Management Option

6. Right click on “Group Policy Objects” and select “New” (See Figure 5: New Group Policy Object).

Figure 5: New Group Policy Object

70

James McDermott ([email protected])

7. Name the group policy object (“RedirectDocsGPO”, See Figure 6: Name Group Policy Object)

Figure 6: Name Group Policy Object

8. Click “OK” to confirm the creation of the object (See Figure 7: Group Policy Confirmation Notification).

Figure 7: Group Policy Confirmation Notification

9. Right click on the newly created object and choose “Edit” (See Figure 8: Edit Group Policy Object).

Figure 8: Edit Group Policy Object

71

James McDermott ([email protected])

10. Go to “User Configuration””Policies””Windows Settings””Folder Redirection””Documents” (See Figure 9: Folder Redirection).

Figure 9: Folder Redirection

11. Right click “Documents” and choose “Properties” (See Figure 10: Documents Properties).

Figure 10: Documents Properties

72

James McDermott ([email protected])

12. Choose “Basic – Redirect everyone’s folder to the same location” from the “Setting” option, then enter the location of the shared “User_Docs” folder in the “Root Path:” then choose “OK” (See Figure 11: Redirect Settings).

Figure 11: Redirect Settings

13. Choose the “Settings” tab and check all three checkboxes for this example we will leave the folder in place even if the policy is removed, click “OK” (See Figure 12: Document Redirect Policy Settings).

Figure 12: Document Redirect Policy Settings

73

James McDermott ([email protected])

14. Click “Yes” to confirm the settings (See Figure 13: Confirm Settings).

Figure 13: Confirm Settings

Note: The editor will appear empty even though policies have been applied. Close the editor. 15. Close the “Group Policy Management Editor” 16. At the “Group Policy Management” window right click on the domain (MSCCONV.IPA) and choose “Link an Existing GPO…” (See Figure 14: Link Existing GPO).

Figure 14: Link Existing GPO

74

James McDermott ([email protected])

As we want to apply to a client within the domain we can apply the group policy object to the entire domain 17. Choose the newly created group policy object (RedirectDocsGPO) from the list and click “OK” (See Figure 15: Select GPO).

Figure 15: Select GPO

18. The group policy object should now be listed in the right-hand pane when the domain is selected (See Figure 16: Listed GPO).

Figure 16: Listed GPO

19. Double click on the GPO in the right-hand pane

75

James McDermott ([email protected])

20. Check “Do no show this message again” (for convenience) and click “OK” (See Figure 17: GPO Notification).

Figure 17: GPO Notification

As we only want this GPO to apply to the client1 machine we must add it to the scope of the policy 21. On the “Scope” tab choose “Add..” (See Figure 18: Add to Scope).

Figure 18: Add to Scope

22. In the “Select Users, Computers..” window click “Object Types..” (See Figure 19: Select Object Types).

Figure 19: Select Object Types

76

James McDermott ([email protected])

23. Check the box beside “Computers” to list computers in the add dialogue (See Figure 20: List Compuers).

Figure 20: List computers

24. Now we can type “Client1” and add it to the scope, click “OK” (See Figure 21: Adding Client1).

Figure 21: Adding Client1

77

James McDermott ([email protected])

25. Client1 will now be listed in the scope (See Figure 22: Client Listed in Scope).

Figure 22: Client Listed in Scope

26. To demonstrate the folder redirection we need to save a file in the documents folder of the client machine. 27. Start client1 and log on as User16, open the Documents folder and save a file. 28. On server2 go to the User_Docs folder on the C: drive. We can now see the user folder for User16 (See Figure 23: User folder in User_Docs).

Figure 23: User folder in User_Docs

The users documents are now stored in a subfolder within the C:\User_Docs directory of server2

78

James McDermott ([email protected])

E.4 Blocking access to Control Panel with GPOs
For security purposes we can remove user access to the control panel using group policy object. (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.1350). In this task we will block users from the Belfast OU from having access to the Control Panel we will then add an exception to this for User20 1. Open the “Group Policy Management” console and right click on “Belfast” and choose “Create a GPO on this domain, and Link it here…” (See Figure 1: Create and Link GPO)

Figure 1: Create and Link GPO

2. Name the GPO “BlockControlPanelGPO”. Right click on the GPO and select “Edit” (See Figure 2: Edit GPO).

Figure 2: Edit GPO

79

James McDermott ([email protected])

3. Go to “User Configuration”“Policies”“Administrative Template”“Control Panel” and right click on “Prohibit access to the Control Panel” and choose “Edit” (See Figure 3: Prohibit Control Panel Access).

Figure 3: Prohibit Control Panel Access

4. Click the radio button beside “Enabled” then click “OK” (See Figure 4: Enable Prohibited Access).

Figure 4: Enable Prohibited Access

80

James McDermott ([email protected])

5. To test the restriction log in to client1 as User19 and try access Control panel 6. An error message will appear (See Figure 5: Restriction Notification).

Figure 5: Restriction Notification

Now we will add an exception for User20. 7. On the group policy management window choose “Delegation” from the right-hand pane of the group policy window and choose “Add…” (See Figure 6: Add Delegation).

Figure 6: Add Delegation

81

James McDermott ([email protected])

8. Add “User20” and click “OK” (See Figure 7: Add User to Delegation).

Figure 7: Add User to Delegation

9. Choose “Read” from the dropdown list under permissions and click “OK” (See Figure 8: User Read Permission).

Figure 8: User read permission

10. With “User20” highlighted in the list choose “Advanced” (See Figure 9: Advanced Delegation Options).

Figure 9: Advanced Delegation options

82

James McDermott ([email protected])

11. From the “Security Settings” window choose “User20” and check the box under “Deny” for “Read” (See Figure 10: Deny Read of GPO).

Figure 10: Deny Read of GPO

12. Click “Yes” to confirm settings (See Figure 11: Confirm Settings).

Figure 11: Confirm settings

Note: As the user cannot read the GPO it will not apply to user20

83

James McDermott ([email protected])

13. To confirm these setting log into Client1 as user20 the control panel will now be listed in the start menu and the user can access it (See Figure 12: User20 Control Panel Access).

Figure 12: User20 Control Panel Access

84

James McDermott ([email protected])

E.5 Publishing software to Users with GPOs
Using GPOs it is also possible to automate many tasks, which includes software distribution. In this task we will publish a software package to the domain which will be available to all users on the domain to install through the control panel (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.382). 1. To publish software the msi application needs to be stored in a shared folder. 2. For the purpose of this demonstration an MSI installer for google chrome was downloaded and saved to a shared folder on Server1 called sysvol. 3. Create a new group policy name “InstallChromeGPO” and link it to the Dublin OU (See Figure 1: InstallChromeGPO).

Figure 1: InstallChromeGPO

85

James McDermott ([email protected])

4. Edit the GPO and go to “User Configuration””Policies””Software Settings”, right click “Software Installation” and choose “New”, then “Package…” (See Figure 2: Software Installation Settings).

Figure 2: Software Installation settings

5. Select the MSI file from the shared folder and click “Open” (Figure 3: Select MSI File).

Figure 3: Select MSI File

86

James McDermott ([email protected])

6. Choose “Published” from the “Select deployment method” option and click “OK” (See Figure 4: Deployment Method).

Figure 4: Deployment Method

7. The software should now be listed under the “Software Installation” option (See Figure 5: MSI Listed).

Figure 5: MSI listed

To demonstrate this we will log onto the client machine as User16 (a user from the Dublin OU). Published software is available to user through the control panel, it is not automatically installed

87

James McDermott ([email protected])

8. On client1 log in as User16 and open the “Control Panel”, under programs select “Get Programs” (See Figure 6: Get Programs Option).

Figure 6: Get Programs Option

9. The deployed MSI file should appear in the “Get Programs” window (See Figure 7: MSI in Get Programs Window)

Figure 7: MSI in Get Programs Window

88

James McDermott ([email protected])

F.1 Installing print server role
Adding a print server role allows the server to manage the print queue for all users on the domain. A server role also adds advanced sharing features for the printer (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.539). 1. On the “Initial Configuration Tasks” window choose “Add roles” from the “Customize This Server” (See Figure 1: Initial Configuration Task Window - Roles)

Figure 1: Initial Configuration Task Window - Roles

2. Choose “Print and Document Services” from the “Select Server Roles” options and click “Next” (See Figure 2: Print and Document Services).

Figure 2: Print and Document Services

89

James McDermott ([email protected])

3. When presented information about “Print and Document Services” click “Next” (See Figure 3: Print and Document Services Information).

Figure 3: Print and Document Services Information

4. Choose “Print Server” from the top of the list of services and click “Next” (See Figure 4: Printer Server – Role Services).

Figure 4: Print Server - Role Services

90

James McDermott ([email protected])

5. Click “Install” to confirm the installation the role will now be installed (See Figure 5: Installation Confirmation).

Figure 5: Installation Confirmation

6. When the installation has completed successfully click “Close”

91

James McDermott ([email protected])

F.2 Installing Printers
Installing Printers in active directory is similar to a printer installation in windows 7 (Bott, E., Sienchert, C. and Stinson, C., 2011, p.1061). However once a printer is installed to a domain controller there are options to list the printer in the directory (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.562). 1. Go to “Start” and click “Devices and Printers” (See Figure 1: Devices and Printers Option)

Figure 1: Devices and Printers Option

2. In the “Devices and Printers” window right click under the “Printers and Faxes” and choose “Add a printer” (See Figure 2: Add Printer Option).

Figure 2: Add Printer Option

92

James McDermott ([email protected])

3. Choose “Add a local printer” (See Figure 3: Add Local Printer).

Figure 3: Add Local Printer

4. Next choose and existing port from the drop down list (See Figure 4: Choose Printer Port). Note: Choose a port which is not already in use.

Figure 4: Choose Printer Port

5. From the “Manufacturer” list choose “HP” and then choose “HP 910” from the “Printers” list (See Figure 5: Printer Selection).

Figure 5: Printer selection

93

James McDermott ([email protected])

6. Name the printer you want to install (here we name the printer “HP910”), click “Next” (See Figure 6: Printer Name).

Figure 6: Printer name

7. Choose “Share this printer” and leave the default field entries, click “Next” (See Figure 7: Printer Sharing).

Figure 7: Printer Sharing

8. Click “Finish” when the installation is completed (See Figure 8: Installation Completion).

Figure 8: Installation Completion

94

James McDermott ([email protected])

9. Repeat the process ensure that you choose a different port to the one used for the installation of the HP900 printer (step 4) and install a HP 915 (step 5), (See Figure 9: Alternate Port Selection).

Figure 9: Alternate Port Selection

Name this second printer “HP900”

95

James McDermott ([email protected])

F.3 Publishing printer to directory
Although printers that are directly connected to server machines can be shared through the network it is better to have the printer managed by a server which allows for more control over print jobs and multiple user access (Lowe, D., 2011). In this section we will publish both the HP910 and HP900 printer. 1. In “Devices and Printers” under the “Printers and Faxes” section right click on the printer you wish to publish. Choose “Printer properties” (Figure 1: Printer Properties).

Figure 1: Printer Properties

2. Choose the “Sharing” tab and then check “List in the directory”, click “OK” (See Figure 2: List in Directory).

Figure 2: List in directory

96

James McDermott ([email protected])

3. Search for printer in active directory. Using “Server2”, run “Active Directory Users and Computers”. Right click on the domain name (“MSCCONV.IPA”) and choose “Find” (See Figure 3: Find in Directory).

Figure 3: Find in Directory

4. In the “Find Users, Contacts and Groups” window choose “Printers” from the “Find:” dropdown menu (See Figure 4: Find Window).

Figure 4: Find Window

97

James McDermott ([email protected])

5. Enter the name of the printer into the name field and click “Find Now”. If the printer is found it will be listed under the “Search results:” (See Figure 5: Search Results).

Figure 5: Search Results

98

James McDermott ([email protected])

F.4 Installing a generic unshared printer
Next we will install a generic printer which will not be shared. A generic printer installation provides general printer configuration without specific hardware settings. Although it may work in some cases for attached hardware, it should generally be replaced with specific hardware drivers (Bott, E., Sienchert, C. and Stinson, C., 2011, p.57). For the purpose of this manual we will install a generic printer. Follow the steps in “F.2 Installing Printers” At step 4, choose a free port and then choose “Generic” and “Generic/Text Only” at step 5. Then click “Next” (See Figure 1: Generic Printer Installation).

Figure 1: Generic Printer Installation

6. At step 7 choose “Do not share this printer” (See Figure 2: Do Not Share Printer).

Figure 2: Do Not Share Printer

99

James McDermott ([email protected])

G.1 Setting up server core file services
Enabling Network File System and creating share By default any machine sharing a file or folder is a file server. However to demonstrate some of the extra file server features we will install a new role. Server machines allow us to add extra functionality and system maintenance roles (“Installing a server role on a server running a Server Core installation of Windows Server 2008 R2: Overview”, 2010). The “Network File System” (NFS) role, is a file sharing role to allow sharing between windows and unix systems. This role would be used when the domain hosts several different environments e.g. Mac, Linux and Windows. 1. Start windows server core (MS-Core) and type “start /w ocsetup ServerForNFS-Base” and press “Enter” (See Figure 1: Install NFS Role).

Figure 1: Install NFS Role

2. Next we will make a folder to share. Type “mkdir c:\share” and press “Enter” (See Figure 2: Make Folder).

Figure 2: Make folder

This will place a folder on the C drive called “share” 3. Navigate to the folder to confirm it has been created. Type “cd c:\share” and press enter (See Figure 3: Navigate to Folder).

Figure 3: Navigate to folder

Once we have confirmed the folder is created we will share it on the network

100

James McDermott ([email protected])

4. Type “net share ms-coreShare=c:\share” and press “Enter”. This will set up a share called ms-coreShre and points it to the share folder on the C drive (See Figure 4: Folder Share).

Figure 4: Folder share

By sharing the ms-coreShare folder the MS-Core machine is now a file server, however as we have also installed NFS, this share is also accessible by machines running unix systems.

101

James McDermott ([email protected])

Testing share on the network using server1 To find a shared resource on the network we can simply search for the computer name on the network using the prefix “\\”, network shares are identified as follows “\\computer\\shareName” (Bott, E., Sienchert, C. and Stinson, C., 2011, p.742). 1. On server1 go to “Start” and type “\\ms-core” to display the network shares for the core server (See Figure 2: Search for Core Server).

Figure 1: Search for Core Server

2. If the core server has been configured correctly we should see the “ms-coreShare” folder (See Figure 2: Shared Folder).

Figure 2: shared folder

102

James McDermott ([email protected])

G.2 Configuring Remote Desktop on Server Core
Remote Desktop is one of the most powerful tools available to an administrator, it allows an administrator to virtually connect to a machine and use it as thought they were using the physical machine (Lowe, D., 2011, p.494). Note: In order to remote desktop to another machine within the domain we must ensure that the primary domain server is powered on to allow logon services. 1. Start Server1 2. Run “sconfig” on the core server. (MS-Core). Type “7” and press enter for “Remote Desktop” options. Then type “E” and press “Enter” to enable remote desktop (See Figure 1: Remote Desktop Options).

Figure 1: Remote Desktop Options

3. Next type “2” and press “Enter” to allow clients with any version of Remote Desktop to connect (See Figure 2: Any Remote Desktop Client).

Figure 2: Any Remote Desktop Client

103

James McDermott ([email protected])

4. Click “OK” to close the notification (See Figure 3: Notification).

Figure 3: Notification

104

James McDermott ([email protected])

G.3 Remote connecting to Server Core from Windows 7
Windows 7 comes with an inbuilt feature called “Remote Desktop Connection” which allows us to access remote desktop services easily (Bott, E., Sienchert, C. and Stinson, C., 2011, p.762). In this section remote desktop will be used to connect into the core installation from the windows 7 client machine (client1). 1. Go to “Start” and type “Remote Desktop Connection”. Click the top entry in the list (See Figure 1: Remote Desktop Search)

Figure 1: Remote Desktop Search

2. Enter the IP address of the core server in the “Computer” field and click “Connect” (See Figure 2: Connection Setup)

Figure 2: Connection Setup

105

James McDermott ([email protected])

3. Logon with an administrator account. Click “Use another account” (See Figure 3: Use Another Account)

Figure 3: Use Another Account

4. Enter in the domain administrator username (administrator) and password (Pa$$w0rd), (See Figure 4: Administrator Logon).

Figure 4: Administrator Logon

5. Remote desktop will now connect (See Figure 5: remote Desktop Connecting).

Figure 5: Remote Desktop Connecting

106

James McDermott ([email protected])

6. Click “Yes” to accept the security certificate (See Figure 6: Remote Desktop Certificate)

Figure 6: Remote Desktop Certificate

7. A window will now open that displays the screen of the MS-Core server (See Figure 7: Remote Desktop to Core).

Figure 7: Remote Desktop to Core

107

James McDermott ([email protected])

H.1 Setting up DHCP Services (Server2)
Dynamic Host Configuration Protocol (DHCP) services allow a server to assign IP addresses to nodes on the network. This allows for greater control over the network and better management of network resources (Lowe, D., 2011, p.125). 1. Start-up Server2 and choose “Add roles” from the “Initial Configuration Tasks” window (See Figure 1: Initial Configuration Tasks Window).

Figure 1: Initial Configuration Tasks Window

2. Click “Next” on the “Before You Begin” notification. Choose “DHCP Server” from the “Select Server Roles” page and click “Next” (See Figure 2: Install Server Role).

Figure 2: Install Server Role

108

James McDermott ([email protected])

3. Click “Next” at the “Introduction to DHCP Server” 4. Select the network connection you wish to use with the DHCP server and click “Next”. (Here we use 192.168.0.2)

Figure 3: Network Connection Selection

5. Set the DNS server to point to the local host (127.0.0.1) and parent domain to the domain network we have set up. Make sure all settings are the same as those in Figure 4 (Below) and click “Next”

Figure 4: DNS Settings

Make sure there are no references to server1 in the DNS as we want to use server2 solely for DHCP services 109

James McDermott ([email protected])

6. WINS is not required, so choose “WINS is not required for application on this network” and click “Next”

Figure 5: WINS Server Settings

7. On the “Add or Edit DHCP Scopes” window choose “Add” (See Figure 6: DHCP Scopes)

Figure 6: DHCP scopes

110

James McDermott ([email protected])

8. Enter in the following details: Scope Name = server2 Starting IP = 192.168.0.100 Ending IP = 192.168.0. 150 Subnet mask = 255.255.255.0 (See Figure 7: DHCP Scope Settings)

Figure 7: DHCP Scope Settings

9. Click “Next” once you have added the scope (See Figure 8: DHCP Set Up).

Figure 8: DHCP Set Up

111

James McDermott ([email protected])

10. Enable DHCPv6 stateless mode and click “Next” (Figure 9: DHCPv6 Settings).

Figure 9: DHCPv6 Settings

11. Leave the IPv6 DNS server settings as the default settings and click “Next” (See Figure 10: IPv6 DNS Server Settings).

Figure 10: IPv6 DNS Server Settings

112

James McDermott ([email protected])

12. As we are logged into server2 as the domain administrator we can “Use current credentials” to authorize the DHCP server, the click “Next” (See Figure 11: Authorize DHCP)

Figure 11: Authorize DHCP

13. Click “Install” to confirm the settings (See Figure 12: Confirm Installation).

Figure 12: Confirm Installation

14. Click “Close” when installation completes

113

James McDermott ([email protected])

H.2 Setting up windows 7 to obtain IP from server2
To use server2 as the DHCP server it must be running along with the client machine. The client machine will obtain its IP settings automatically and use the DNS to configure it settings. In the following example we will point the DNS to Server2 to obtain the IP settings from the DHCP server on Server2. 1. On the client machine (client1) open the network adapter settings and change the IPv4 settings to obtain an IP address automatically. Change the preferred DNS to the IP address of server2 (192.168.0.2), leave the alternative DNS server blank. (See Figure 1: Network Adapter Settings)

Figure 1: Network Adapter Settings

2. Open “Command Prompt” and type “ipconfig” to display the ip address that is being assigned from server2. It should be in the range of the scope defined during the setup of DHCP server (See Figure 2: Assigned IP)

Figure 2: Assigned IP

114

James McDermott ([email protected])

H.3 Removing DHCP services
We will now remove DHCP services from server2 so it will no longer hand out IP addresses to computers on the network. 1. Go to “Start”  “Administrative Tools”  “Server Manager” (See Figure 1: Server Manager Option)

Figure 1: Server Manager Option

2. Choose “Roles” from the left-hand pane, then choose “Remove Roles” (See Figure 2: Remove Role Option)

Figure 2: Remove Role Option

115

James McDermott ([email protected])

3. Click next on the “Before You Begin” information page 4. Uncheck “DHCP” in the “Remove Server Roles” window, then click “Next” (See Figure 3: Remove Roles).

Figure 3: Remove Roles

5. Click “Remove” to confirm the removal selection 6. Click “Close” when removal process complete 7. When prompted restart the server (See Figure 4: Restart Prompt).

Figure 4: Restart Prompt

116

James McDermott ([email protected])

To confirm that the settings have been applied correctly, test the client machine to see what IP address it is assigned when the DHCP server is down. On client1 open “command prompt” and run “IPCONFIG” Because server2 is no longer a DHCP server, the client machine will not be assigned an IP address. By default windows will assign an Automatic Private IP Address (APIPA) when it cannot obtain network configurations from the server (Northrup, T. & Mackin, J.C., 2010, p.60). An APIPA address always starts with 169.X.X.X (See Figure 5: APIPA Address)

Figure 5: APIPA Address

117

James McDermott ([email protected])

I.1 Decommissioning a domain controller
Normally when a domain controller is still functioning and connected to the domain we can use dcpromo to decommission it from the domain. This offers a graphical user interface similar to the one used on setting up the domain controller. Once a domain controller has been decommissioned using this method, it is automatically connected as a work station and is now a member server. If however a domain controller is unbootable or disconnected from the server, we need to delete it from the domain using an active domain controller on the domain (Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B., 2010, p.264). 1. Open “Active Directory User and Computers” and choose “Domain Controllers” from the left-hand pane. 2. Right click on Server2 and choose “Delete” (Figure 1: Deleting Domain Controller).

Figure 1: Deleting Domain Controller

3. Click “Yes” to confirm delete (See Figure 2: Confirm Delete).

Figure 2: Confirm Delete

118

James McDermott ([email protected])

4. In order for the domain controller to be deleted we must confirm that it is offline and choose delete. Check the box and click “Delete” (See Figure 3: Confirm Offline)

Figure 3: Confirm Offline

5. A message box will appear stating that the domain controller is a global catalog. Click “Yes” to continue the deletion. 6. The sever2 domain controller has now been deleted (See Figure 4: Server2 Deleted).

Figure 4: Server2 Deleted

As server2 is no longer bootable it is unlikely to be powered on again within the network. If however it was to start working then the server should be forcibly removed as to avoid domain conflicts. Open command prompt on Server2 and type “dcpromo /forceremoval” and follow the steps in the wizard to remove the domain controller features from the server. Where possible any machine whose primary DNS pointed to server2, should have this changed to server1.

119

James McDermott ([email protected])

References
Bott, E., Sienchert, C. and Stinson, C. (2011). Windows 7 Inside Out Deluxe Edition. Washington: Microsoft Press Desmond, B., Richards, J., Allen, R. and Lowe-Norris, A.G. (2009). Active Directory, Fourth Edition. USA: O'Reilly Installing a server role on a server running a Server Core installation of Windows Server 2008 R2: Overview. (July 26th 2010). Retrieved June 12th, 2013, from http://technet.microsoft.com/en-us/library/ee441260%28v=ws.10%29.aspx Lowe, D. (2011). Networking All-In-One for Dummies, Fourth Edition. NJ: Weily Minasi, M., Gibson, D., Finn, A., Henry, W. & Hynes, B. (2010). Mastering Windows Server 2008 R2. Indiana: Wiley Publishing Morimoto, R., Noel, M., Droubi, O., Mistry, R. & Amaris, C. (2010). Windows Server 2008 R2 Unleashed. Indiana: Pearson Northrup, T. & Mackin, J.C. (2010). Windows 7 Enterprise Desktop Support Technician: Selfpaced Training Kit. Washington: Microsoft Press Tittel, E. & Korelc, J. (2008). Windows Server 2008 For Dummies. Indiana: Wiley Publishing

120

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close