I'm also concerned about the compilation document that is due Friday. Our install/set-up has been extremely disjointed. I realize that many of the problems that we are encountering will occur - and lots more - in the field, but there is no way to list all of the problems and solutions in a basic set of instructions, even if I understood them in the first place (the problems, not the instructions).
I'm finding it really difficult to get everything written down (have I said that before?).
Oh well, here goes....
I like the analogy of the Forest/trees/root. It makes sense to me, if we could only get it to work. The Root of the Forest is the primary domain controller.
Reminder - DNS ip address needs to be changed in 3 places to match the root. 192.169.181.50 in this case.
Active Directory:
- Copies active directory to each server every 15 min.
- Is a database
- Group policies – security managing all devices
- Hierarchy (OU - Organizational Unit - or Container) – put things in the OU, and group policies get applied to them.
Active Directory Sites and Services
1. Active directory users and computers – first place to go (Start -> Administrative Tools -> Active Directory for Users & Computers)
2. Computers – back up servers, not in Container yet
3. Domain Controllers – servers
4. To add - right click -> new -> add
Set up group policies, then drag computers into those containers. This applies policies previously set up.
InetOrgPerson – add user account
Group Policies
- Make sure capability has been added
- Set up policy and drag to Group Policy Management -> group folder
- Software setting pushes software down.
- To edit policy – right click -> edit
- Join active directory – specific command in cmd (dcpromo)
- Make sure to use the same admin password throughout
- When choosing level of install, set level to lowest OS on the network
The Group Policy Management tool – found in same place as the Active Directory:
- Working from the Server 2008
- Start
- Administrative Tools
- Group Policy Management
- This area is basically a carbon copy of the Active Directory – with this, one can set up policies.
- The policy created shows up below the folder in which it was created.
- When working with the scripts:
- Left click – provides a view of the script
- Right click – allows you to edit
To set up the Active Directory: (great site for Server installations – http://www.petri.co.il/installing-active-directory-windows-server-2008.htm) I agree - screenshots, step-by-step instructions, one of my favourites!
- Open Server Manager
- Click on Roles – Add Roles link
- Select ‘Next’ (Before You Begin)
- Select ‘Active Directory Domain Services’ and then Next
- Click on Next (Active Directory Domain Services)
- Select Next again (Confirm Installation Selections)
- Then select ‘Close’ (Installation Progress)
- Back in Server Manager – click on the ‘Active Directory Domain Services link’
- You will see that the next window contains no information linked to it – the ‘dcpromo’ command needs to be initiated
- Initiate the command window – Start and ‘cmd’
- Type in ‘ dcpromo ‘
- This will initiate the Active Directory Domain Services Installation Wizard.
- Select ‘Next’ (Active Directory Domain Services Installation Wizard)
- Click ‘Next’ again at the next window (Operating System Compatibility)
- In the next window, select ‘Create a new domain in a new forest’ and then Next
- Enter the name for the new domain. Make sure to enter the right domain name – then select ‘Next’
- The wizard will check to see that the domain doesn’t already exist on the network.
- Pick the right forest function level. In our case, it is the Windows Server 2008 – then Next
- Pick the right domain function level – in this case Windows 2008 Server – then Next
- The wizard will then check to make sure there are no duplications made.
- With the ‘Active Directory Controller Options’ window up – select ‘Next’
- A message will appear “This computer has dynamically assigned IP address(es) – select the option ‘Yes, the computer will use a dynamically assigned IP address (not recommended)
- On the next ‘Active Directory Domain Services Installation Wizard’ window – select ‘Yes’
- For the next window ‘Location for Database, Log Files, and SYSVOL – leave everything as is and select ‘Next’
- Enter a password for the Active Directory Recovery Mode – the same one we used for the admin login and then select ‘Next’
- A Summary window will appear – then select ‘Next’
- End by selecting ‘Finish’ and then reboot the computer for the changes to take effect.
I understand the problems that we face in trying to get things working correctly, and I know that as you are faced with more of them, the likelihood of quickly knowing or finding the answer is increased. Part of the problem for troubleshooting is in knowing what search terms to use, and at this stage, my knowledge is so limited that I don't always know where to start. I spent quite a bit of time looking for a way to "install" Active Directory to a "client," when I should have been searching for how to have a client "join" Active Directory. And network setup has so many variables and possibilities that it's no wonder the book Lyle has is 4 inches thick!
Oh well, one step forward - two steps back. I hope that tomorrow we will be in forward motion again.
No comments:
Post a Comment