KEMBAR78
Win Server 2003 Config | PDF | Active Directory | Domain Name System
0% found this document useful (0 votes)
105 views33 pages

Win Server 2003 Config

This document provides instructions for setting up a domain controller and DNS server in Windows Server 2003. It involves the following steps: 1. Installing Windows Server 2003 and assigning a static IP address. 2. Running dcpromo.exe to promote the server to a domain controller for a new domain. 3. Configuring DNS to be installed on the same server. 4. Rebooting for changes to take effect and verifying the new domain controller is set up.

Uploaded by

esraela5
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
105 views33 pages

Win Server 2003 Config

This document provides instructions for setting up a domain controller and DNS server in Windows Server 2003. It involves the following steps: 1. Installing Windows Server 2003 and assigning a static IP address. 2. Running dcpromo.exe to promote the server to a domain controller for a new domain. 3. Configuring DNS to be installed on the same server. 4. Rebooting for changes to take effect and verifying the new domain controller is set up.

Uploaded by

esraela5
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

Network and information security

Workstations and Servers


Windows server 2003 domain controller, 200 Active directory And DNS server setup configuration lab manual
Windows Server 2003 includes all the functionality customers expect from a mission critical Windows Server operating system, such as security, reliability, availability, and scalability. In addition, Microsoft has improved and extended the Windows server product family to enable product organizations to experience the benefits of Microsoft .NETa set of software for connecting .NET a information, people, systems, and devices. 1. This topic will explain how to create a first domain controller(DC) in your network or company includes DNS server setup in windows server 2003 .You have to install DNS server for DC without DNS the client computers wouldnt know which one is DC.You can host DNS on a different server than DC. N.B: Before Starting the DC installation process you need to make sure the following points

You have installed Basic windows server 2003 installation Make sure you have assigned a static ip address to your server

Now start DC and DNS Setup process

First you need to go to Start>All P >All Programs >Administrative Tools>Manage Your Server >Manage

Here you need to select Add or remove a role

Network and information security

Verify the following steps click on Next

Select Server Role as Domain Controller option click on Next

Summary of Your Selections click on Next

Network and information security

Active Directory Installation Wizard click on Next

Click Next on the compatibility window

Next window select the default option of Domain Controller for a new domain and click Next

Network and information security In this topic we will create a domain in a new forest, because it is the first DC, so keep that D option selected

Now we have to think of a name for our domain. If you have a domain like windowsreference.com, you can use it, but it isnt suggested because computers nside of your domain may not be able to reach the company website. Active directory domains dont need to Active be real domains like the one above - they can be anything you wish. So i will create windowsreference.int.

Now in order to keep things simple, we will use windowsreferenc, which is the default selection, as the NetBIOS name of the domain.

The next dialog suggests storing the AD database and log on separate hard disks and you can just leave the default settings.

Network and information security

The SYSVOL folder is a public share, where things like .MSI software packages can be kept when you will distribute packages and you can just leave the default settings or you can change the path.

Next Screen basically says that you will need a DNS server in order for everything to work the way we want it (i.e., our windowsreference.int to be reachable).we will install the DNS server reachable).we on this machine or if you want you can installed else where select Install and Configure and click next.

Here you need to select the permissions for win 2000 or win 2003 server if you have any NT4 select first option otherwise select second option and click next

Network and information security

The restore mode password is the single password that all administrators hope to never use, however they should also never forget it because this is the single password that might save a failed server.click next

Now we will see a summary of what will happen click next

Active directory installation process started this can take several minutes. Its likely that you will be prompted for your Windows Server 2003 CD (for DNS) so have it handy.

Network and information security

Active directory Installation finish screen click Finish.

Now you need to select Restart Now option to reboot your server.

After rebooting you can see new option for logon

After logging in you can see similar to the following screen saying your server is now domain controller.

Network and information security

Thats it now your server is configured as domain controller and DNS server.

Creating Domain Controller in a domain


Preface:
One of the greatest features of Windows Server 2003 is its ability to be a Domain Controller (DC). The features of a domain e extend further than this topic ever could, but some of its most well known features are its ability to store user names and passwords on a central computer (the Domain Controller) or computers (several Domain Controllers). In this lab we will cover the "promoting" (or creating) of the first DC in a domain. This will include DNS installation, because without DNS the client computers wouldn't know who the DC is. You can host DNS on a different server, but we'll only deal with the basic basics.

Method:
Click Start -> Run...

Type "dcpromo" and click "OK"

Network and information security

You will see the first window of the wizard. As it suggests, I suggest reading the help associated with Active Directory. After this, click "Next"

Click "Next" on the compatibility window, and in the next window keep the default option of "Domain Controller for a new domain" selected, and click "Next"

Network and information security In this tutorial we will create a domain in a new forest, because it is the first DC, so keep that option selected

Now we have to think of a name for our domain. If you own a web domain like "visualwin.com", you can use it, but it isn't suggested because computers inside of your domain may not be able to reach the company website. Active Directory domains don't need to be "real" domains like the one above - they can be anything you wish. So here I will create "visualwin.testdomain" Now in order to keep things simple, we will use the first part of our domain ("visualwin"), which is the default selection, as the NetBIOS name of the domain

The next dialog suggests storing the AD database and log on separate hard disks, and so do I, but for this topic I'll just keep the defaults

Network and information security

The SYSVOL folder is a public share, where things like .MSI software packages can be kept when you will distribute packages (as I said, AD has a lot of different features). Once again, I will keep the default selection but it can be changed if you wish to use the space of another drive

Now we will get a message that basically says that you will need a DNS server in order for everything to work the way we want it (i.e., our "visualwin.testdomain" to be reachable). As I mentioned earlier, we will install the DNS server on this machine as well, but it can be installed elsewhere. So keep the default selection of "Install and configure", and click "Next"

Network and information security

Because, after all, this is a Windows Server 2003 course, we'll assume there are no pre-Windows 2000 servers that will be accessing this domain, so keep the default of "Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems" and click "Next"

The restore mode password is the single password that all administrators hope to never use, however they should also never forget it because this is the single password that might save a failed server. Make sure it's easy to remember but difficult to guess

Network and information security

Now we will see a summary of what will happen. Make sure it's all correct because changing it afterwards can prove to be difficult

After the previous next was clicked, the actual process occurs. This can take several minutes. It's likely that you will be prompted for your Windows Server 2003 CD (for DNS) so have it handy

Network and information security

If your computer has a dynamically assigned address (from DHCP) you will be prompted to give it a static IP address. Click ok, and then in the Local Area Connection properties, click "Internet Protocol (TCP/IP)" and then "Properties"

In the next window select "Use the following IP address" and select the information that you will use for your domain (and 127.0.0.1 for the primary DNS, because your computer will host DNS. I still suggest setting up an alternate as well.) Click "OK" and then "Close" on the next window

Network and information security

And after a while you will see

And we're finished.

Network and information security

Adding a computer to Active Directory


Click Start, highlight "Administrative Tools" and select "Active Directory Users and Computers

Expand your domain name, and right-click "Computers", highlight "New" then click "Computer"

In this dialog we have to type the name of the computer we want to add

Network and information security

In the next dialog just click "Next", then you will see a final report of what will be added, and you can click "Finish". And, we're done!

Adding a Windows 2000 computer to a Windows Server 2003 domain


I have already shown you how to add AD users and computers to a Windows Server 2003 Active Directory domain, in this lab I will show you how to add a Windows 2000 computer to the domain. The method for adding Windows XP is basically the same, but I have created another tutorial for XP which is available here.

Method:
On the Windows 2000 computer, go to the desktop and right click "My Computer" and select "Properties"

In the dialog that comes up, go to the "Network Identification" tab and press the "Properties" button

Network and information security

Under "Member of" click the "Domain" radio button, then type the name of your domain without the trialing extension (for example, my domain name is "hello.test" but I only typed in "hello"

Now you will be prompted to put in the user name and password of a Domain Administrator. Enter the correct information, and press "OK"

Network and information security

Now, wait for about a minute or two and you should receive this message welcoming you to the domain

That's it, press "OK" then "OK", then "OK" in the configuration dialog, and finally "Yes" to reboot and you will be able to log onto the domain using an AD user name and password (not the local 2000 password) to log on.

Additive:
After the 2000 computer boots to Control-Alt-Delete you may need to change it from logging onto itself (which will use the local info) to logging onto the domain. To do this, press Ctrl-AltDel, then the "Options >>>" button on the log on screen. Then select the domain from the dropdown box

Network and information security

After that you can log on using domain credentials

Adding a Windows XP computer to a Windows Server 2003 domain


This is basically the same procedure as the Windows 2000 added previously. Some things to note about adding a Windows XP computer to a domain are the following:

You need Windows XP Professional to join a XP computer to a domain. Home can't be used fully for this You will loose the "fancy" log on screen and you will receive the "classic" log on screen instead. This is for security and cannot be changed, unless you revert to workgroup mode You will loose the "Fast User Switching". This cannot be restored, except by reverting back to workgroup mode.

Method:
Click Start, right click "My Computer" and click "Properties"

Network and information security

Go to the "Computer Name" tab and click "Change..."

Network and information security

Select the "Domain" radio button then put in your domain name, not including the . extension (in my example I used the domain "hello.test" but when joining the computer to a domain, I will only type "hello")

Network and information security

Press "OK". Then you will be presented with a user name and password prompt. Enter the user name and password of a Domain Administrator

Press "OK" and after a minute or two you will receive a message welcoming you to the domain. Then you will receive a message telling you that a reboot is required, click "OK" to that, and the properties window. Then click "Yes" when you are prompted to reboot.

Network and information security And we're finished. You have just learnt how to add a Windows XP computer to a Windows Server 2003 domain

Additive:
After the XP computer boots to Control-Alt-Delete you may need to change it from logging onto itself (which will use the local info) to logging onto the domain. To do this, press Ctrl-Alt-Del, then the "Options >>>" button on the log on screen. Then select the domain from the drop-down box

After that you can log on using domain credentials

Adding users to Active Directory


As you know, if you try to add AD users using lusrmgr.msc you will receive the following error:

Network and information security

And since I cover creating a local user (lusr) I thought it would only be right to cover creating an Active Directory user.

Method:
Click Start, highlight "Administrative Tools" and select "Active Directory Users and Computers"

Network and information security Now, expand your domain name on the left side, and go to the bottom where it says "Users". Once you click on that, you will see all of the automatically created users, you will also see all of the users you made before you ran dcpromo - that's because they all stay through the promotion to DC. Anyway, to add a user, you can either right click the "Users" folder on the left side, or the blank area on the right side, and highlight "New" then click "User"

In the next dialog we can set the user's First name, Last name and various other pieces of information, including their log-on name, and domain to which we want to add them

After clicking "Next" you are presented with the password-settings screen. You can set the user's password and then have them change it on their first log-on by selecting "User must change password at next logon". But in this tutorial, I will set it as their password, and not allow them to ever change it without asking me (the administrator) to change it for them

Network and information security

In the next dialog, we get a summary of the user to be created. Click "Finish" and the user has been created

And we're finished! Now, you might want to check out the tutorial on how to add a computer to Active Directory, that will help you get the full benefits of AD.

Windows 2003 Backup Utility


There are many third-party backup software packages out there HP, Veritas, and CA being some of the big name players on the market. Depending on the size and budget of your enterprise you may wish to choose any of these. If however, you are after a simple solution to backup individual systems and data on shared folders, then why not use the Backup Utility that comes

Network and information security free with the Windows 2003 operating system? Alternatively, why not use Backup in conjunction with another software backup to provide a complete backup and recovery solution? The Backup Utility in Windows 2003 will allow you to, amongst other things, archive files and folders on the current system or remote shared folders to a hard disk and then restore these files to any accessible disk sometime in the future, create a copy of the system state, system/boot partition (and any files needed to start up your system in the event of a system failure), schedule automated backups, create a log file of what was backed up and when, and also create an ASR (Automated System Recovery) disk that will save system files and configuration settings. You can also use Backup remotely to back up Microsoft Exchange Server databases and information about other machines. Discussing anything other than backing up and restoring data using this tool is outside the scope of this article, but I will briefly touch on how and when other features can be used in relation to the backup and recovery of data.

Backing up Data
To open the backup utility, go to the Start menu, navigate to Programs > Accessories > System Tools and click Backup. This will start the Backup and Restore Wizard or go straight to the Backup and Restore utility (depending on your previously chosen settings). For the purpose of this explanation I will walk you through Advanced mode. If you start in Wizard mode, click Advanced mode to switch.

Setting backup options


Select Tools > Options to open the Options dialog box and select your backup preferences. The General tab will allow you to choose whether you want to verify backup after the backup process has completed this is a good idea as it will compare the data on the source with that of the destination to make sure an identical copy has been made. The Restore tab gives you the option to replace files, not to replace files or to replace files on disk if they are older than those on the backup media. The Backup Type tab allows you to select which default backup type you want to use choose from Normal, Copy, Differential, Incremental and Daily (as discussed in Part 1 of this series). From the Backup Log tab you can set the level of logging you want for a backup choose from Detailed to log all information, Summary to log the most important information and None to log nothing at all. Finally, the Exclude Files tab will let you set which files to exclude from being backed up. The image below shows the General tab of Backup Options:

Network and information security

Figure 1

Performing an interactive backup


From the Backup tab you can choose which drive, file or folder you want to back up and to which destination. In the left hand pane, click the checkboxes for which drive, file or folder you want to be backed up. The details for the selected folder appear in the right hand pane, as seen in the image below:

Network and information security

Figure 2 In my example I have chosen to back up the contents of My Documents on the local machine and a share located on another computer in my workgroup. NOTE: Backup files usually have an extension of .bkf, but you can change it to whatever extension you like when assigning the file name.

Scheduling a Backup job


To save you from having to manually backup files, you can schedule a backup job and let the backup utility do everything for you automatically. At a certain point in time the backup utility will start, and initialize the backup job. This is great if you want to perform routine backups like a weekly Full backup of all drives, for example. Once you have selected which files to backup and pressed Start Backup, click the Schedule button in the Backup Job Information screen. After you have saved the backup job you will be asked to enter the username and password of the account you want the job to run under. From the Scheduled Job Options dialog, type a job name and click the Properties button to set the date, time, and frequency of this job. NOTE: You will have to be a member of the local Administrators or Backup Operators group to perform this task.

Viewing a Backup log


Once the backup is complete you can view the report by clicking on the Report button. This will show you details like what type of backup was performed and if the backup was a success.

Network and information security

Figure 3 To view previous backup reports, go to Tools > Report to open the Backup Reports dialog window. Select a report and press View to open the report in your default text editor or Print to print to a file or print device. The image below shows a simple report for an interactive backup job:

Figure 4

Restoring Data
Restoring data is a pretty simple procedure using the Backup utility. Go to the Restore and Manage Media tab and select which media you wish to restore from this will be displayed in

Network and information security the left hand pane. Once you have selected the backup media, the details will be displayed in the right hand pane, as seen below:

Figure 5 Your next step is to choose where you want the data to be restored to. Choose Original location for the files to be restored to the location which they were backed up from, Alternate location to restore the files to a different location (perhaps a different drive or folder) and keep the original folder structure, or Single folder if you want to restore the files to a folder and not keep the original folder structure (all files will be placed in the folder you choose). The final step would be to choose Start Restore. After asking you to confirm whether you want to restore the data and give you the option to change Advanced settings, a dialog box will open and start the restoration process. You will be notified when it is complete by means of a restore is complete message, as shown below.

Figure 6

Network and information security

Disaster Recovery
Disaster Recovery is the ability to recover system operations after a disaster has occurred. One of the most significant aspects of disaster recovery is planning and designing a comprehensive backup plan that includes procedures, maintenance and backup storage methods. During a recovery, it may not always be necessary to bring all systems and services back online at once. The most critical systems should be a top priority, with other systems (such as the public website) being of lesser priority. This will allow you to bring the core of the system back up and running again before turning your attention other services. Usually companies in different locations have a bi-lateral agreement that allows them to use the others site in case of a disaster. There are three types of sites available that will allow you to restore system operations in the event that a natural disaster destroys your main site. These are:

Hot Site A site that provides the ability to get back online and resume operations within a few hours of failure, by having the equipment needed on stand by. Warm Site A site that provides some capabilities in the event of a recovery. Everything will be in place for the organization to install and configure the systems to get operations up and running again. Cold Site A physical location that has all the resources necessary to allow an organization to use it if the original site has been deemed impossible to use. The systems will have to be installed, setup and configured. A decision on moving to this alternate site is normally made within a few hours of the disaster.

I cannot talk about disaster recovery without giving a small mention to the much-loved recovery console; its saved me a few times! When your system does not start properly, or if it does not start at all, then you can use the Windows 2003 Recovery Console to help recover your system software and perform administrative tasks such as format drives, read and write data on a local drive, and enable/disable system services. Three of the most commonly used commands in the recovery console are:

fixmbr - Repairs the master boot record (MBR) of a specific disk. fixboot - Writes a new boot sector onto a specific partition. chkdsk - Checks a local drive and displays a status report, and allows you to fix common disk errors.

You might also like