Active Directory Concepts and Installation with Windows Server 2008 R2

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

alright guys welcome to Active Directory in Windows Server 2008 r2 in this first video first lesson we're going to understand the concepts of Active Directory and then hopefully at the end of this little slideshow here this little PowerPoint we can install and configure our first force root domain okay so I'm going to go through all the concepts everything you need to know to get started with Active Directory assuming you already have Windows Server 2008 installed if not just go to Microsoft we know type in Windows Server 2008 r2 trial and you can download and get a hundred and eighty days free so I have a fresh install of Windows Server 2008 and we're going to set up back to directory so let's get started on the the concepts of Active Directory ok so first of all to install Active Directory in Windows Server 2008 you need at least one server that meets all these following requirements the operating system so you need Windows Server 2008 standard enterprise or datacenter the web Edition cannot act as a domain controller your hard disk space other than the space required to install activex by Windows Server 2008 you need at least 500 Meg's for the database and this says volume folder plus at least a hundred megabytes for the log files but clearly you're not going to just have that like you need to have at least I recommend at least 15 plus gigabytes if you're going to have a small network or small domain if you're just testing it 10 gigs is fine you need your disk volume must be formatted with NTFS but that's not really an issue because by default when you install Windows Server it creates your partition as an NTFS and you need a DNS server so if you don't have a DNS server available like if it's if this is your first forced root domain and also a root domain is is the first server installed Active Directory a server alone can be considered a domain a domain controller is any server that has a Active Directory installed onto it and your forest root domain is just the first server that you install Active Directory on and which we'll get into here in just a moment so I'm just jumping ahead of myself and of course you need your admin privileges so you have to be logged in as a local administrator of the server or computer that you're working on to make a new forest and then to add a domain to an existing forest you need to you need to be part of the enterprise admins group in the forest and then to add a domain controller to an existing domain you must be part of the domain admins or Enterprise admins group okay so an expert what we're going to cover today so we're going to cover what a domain is what a tree is what a forest is what a child domain is what an organizational unit is with a domain controller the global catalog server the operations masters and installing Active Directory and domain services so that's what we're going to cover today in this video if you already know what they are you feel free to skip to the end or skip until you see the anon PowerPoint presentation here and so the basic concepts of Active Directory what is a domain well a domain is just like a logical grouping of all your computer's users and groups that all share a common directory database now what that is is that's Active Directory so a directory database is just somewhere they can go they can search for files folders users groups printers whatever and a domain is also a security boundary and that is controlled by an administrator so you can also think of it as a domain is let's say you yourself are the administrator for your whole entire like you're the top dog of your group wherever your boundaries are as an administrator that's your domain okay so you can have a domain with five domains controllers in it all separated geographically but that's all considered a domain okay so it's not like a domain is like a server in the building and that's it like you could have a company that owns like let's say Tim Hortons if you're Canadian or Starbucks well there's like oops sorry for swearing but there's like what ten or fifteen twenty to twenty five Tim Hortons or Starbucks within one town well they can be classified all as one domain called you know Ontario or buried very Ontario you know whatever that whatever the case may be okay so moving on what is a tree well a tree is just a collection of Active Directory domains that are all connected by default with a two-way transitive trust and they share the same global catalog and schema so the global catalog and schema are part of Active Directory now the global catalog is just like your catalog you can flip through it find users groups computers everything it holds a replica of your Active Directory so you can't write to it but you can read from it and all domains in the same tree must have a contiguous namespace so what that is is they all must have the same name they almost share a common name so for instance my videos it's going to be technology calm is going to be our forest root domain so you can have a tree within there called you know let's say technology calm and you can have other domains in that tree called sales dot technology calm and then have another grandchild domain called Ontario dot sales dot technology calm see how they all end with technology calm that's what a tree consists of it's just picture like a tree in branches and all the branches are your different manes but at the bottom they all connect to the same root tree which we will get into and a tree is contained in a forest and a forest can have multiple trees we'll see that in a second so what is a forest well kind of just explained it but a forest is a grouping of all the Active Directory trees that have a trust relationship between them so a forest can hold non contiguous namespace unlike a tree which has to have a contiguous namespace and here's a little example of a contiguous namespace would be sales dot technology comm or products technology comm and a non-contiguous namespace would be technology comm and let's say other domain net so technology comm and other domain net could have a trust between each other and all that means is that technology comm trusts the other domain net and they can share files and users and users can log users from other domain net can log into technology comm and vice versa now seen how the namespaces are different that Trust has to be set up by administrators the trust between trees which we will see you because when we're going to install our second domain controller it's going to be part of a tree already and that trust is automatic it just happens it's it it's just secret behind the scenes but when you're talking about two different when you're talking about joining two different I'm going to say namespaces together that's where the administrators have to set up the trust continuing on here so a child domain is simply just preview previous it's like sales technology comm our products top technology comm so it's like simply just another domain that is set up as a server within the same organization you can have a child domain located across the world if you wanted to and then you know I got my examples of a child domain sales technology comm products technology comm and notice how they both end with the same namespace and you can also have grand grandchild domains so that's simply just another domain within the same tree so that could be like you see Ontario dot sales.com dot technology yet oh wow Tom or Alberta dot products technology calm and so on ok so what's an organizational unit well an O U is an Active Directory container object that allows an administrator to logically group users groups and computers into like a quote container to be easily administrative by the administrator you can set up do use with the same concepts of like organizing your file systems you know how when you you open up your files you got like your C Drive and then in your C Drive you got my documents my pictures my musics files the I don't know whatever else you want to have well picture your C Drive as your domain and then everything else is your use or folders whichever you want to call them so when you have your folder called pictures well you're going to group all your pictures into your pictures folder so you can administrate or set up and you know apply permissions to all your pictures instead of having to do each put each picture individually you would put those pictures in a picture folder and then just make changes to the folder that's the same concept of a know you so you have your users now setting up a know you is there's lots of ways you can do it there's you know you can let's say you have a company in your worldwide but you can have OU's called Canada USA China and then within those or use like within Canada let's say you can have break you down a province so Ontario Alberta whichever you like to do there or soy BC whatever you'd like to do there and then within those oh use you can have like managers administrators and then you would put the users inside of their proper OU's so if you have a manager you can put his name his user account which is an object as you can see it the first line I know you is an Active Directory container object okay so you can take his user account and put it in the managers group and put all the other managers in there and then just you can set policies to the managers oh you instead of each manager or you can set it up if you only have the one company you can just set it up like departments you can have a know you called HR for Human Resources or managers or accounting sales so on and so forth so no you is just a simple way for an administrator the users have no idea what are you there and they don't see it they don't know it's just for administrators to easily administer a group of whether it's computers or files or users it doesn't really matter printers you can have a printer so you and you know set up permissions for the printers or you whatever the case may be again we'll get into this more detail you'll be able to see what I'm talking about right now I just want you to get a little understanding of what the terms are that we're going to be using okay so moving on here we got a little tip so remember assign group policies to groups not individual users or computers what that means is like I was just saying you put all your sales users inside of a sales group and then you apply the group policies which we'll get into in a couple videos from now into groups ok so your group policy so let's say you don't want all your salespeople to change the resolution of their monitor or you put all the sales into the sales oh you organizational unit and then you apply a group policy on to that sales or you and then everybody in that oh you is affected by that one policy you see how easy that is and here we got some more basic concepts continued so what is a domain controller kind of mention that earlier a domain controller is any server that has Active Directory domain services installed on the domain controller is also where all the users authenticate when logging on to the domain it also holds a master editable copy of the Active Directory database which means you can and that's like the schema so you can go in there and edit it we know Microsoft doesn't recommend changing the way the schema operates but if you're advanced enough by all means go nuts but I highly suggest you back it up before you make any changes to the database and the database holds a complete copy of every single object in Active Directory and an object can be a user group computer folder file printer or whatever that's what an object is and objects have attributes like your name your last name Department I don't know email address just things like things of that nature folder you know how big whatever you know that's what an attribute is because you're going to see attributes and objects and a lot of little confusing words you need to understand what they are so an object is like an object in Active Directory user group anything that you pretty much put into your Active Directory is considered an object really and every object has an attribute and you can add attributes if you want to so there's lots there's lots of attributes for let's say a users there's lots of attributes but when they don't have that's kind of common is you can set up a Social Security number attribute so that do use your counts will have their send numbers in there where you can have you can set up an attribute to have like a little thumbnail picture of each users so if you're setting up like I don't know badge IDs or something you know things of that nature that we're not going to get into it all for a long time in these tutorials but I'm just making you aware that you can change the attributes of an object okay moving on so what's a global catalog well the global counter let the global catalog is just a searchable database where users can locate objects within Active Directory it just contains a partial replica of every object and the partial replica contains the most commonly used attributes of the object like I said name department email company contacts and things like that so anytime you search for anything within your domain you're going to be connected to the global catalog server now you can have a global catalog server on all your domain controllers or just one it's recommended to have at least a backup so it's good to have at least two global catalog servers and it's also good to let's say you have a domain in Canada and a domain in Australia well if you only have one global catalog server in Canada and your users from Australia go to authenticate and everything they have to you know pass your network pass the wide area network connection and that can be slow it could cost a lot of money they're gonna have to connect to your Canadian server and then you know more communication going back to Australia just to authenticate so that's a lot of wasted bandwidth and speed so down here the global catalog server also allows the users to log on to a domain other than their home domain by using the user principal name so a UPN is just a username and the format of like an email address so down here I have like a little example so users at sales tech knowledge comm will get into the UPN's you can change this so if you don't want people to see what your full domain name is I can just have it users at sales and that's all they see man dot technology calm is kind of like automatic it just puts itself at the end of sales and no one sees it so no one can actually like map out our domain let's say it's good for a little bit good for security okay so that's pretty much what a domain controller is it's just like a catalog server and you just search it and like I said it's good to have multiple case even one like fails you can set up backups all right so what the what are the operations masters so these here are just a restricted set of functions that are ran on a specific domain controller which are known as the flexible single master operations so FISMA servers or simply operation masters and the five functions that are part of this group are as follows and please note that don't cover this fully in this tutorial and if you need more info just look it up you know do a Google search but at least you're aware of these five function roles here so the first one is the schema master which holds the only writable copy of the Active Directory schema so here only one domain controller in the whole forest holds this row role and yeah you can you can move the role around so if you have like six domain controllers in your old forest and you want to move the schema master you can't yeah this you know we can get into that we'll move them around and everything but as of now we're I'm just showing you kind of what they are you got your domain name master so this what this does it just just ensures that when you create a domain that it's unique within your tree so you can't have two sales technology com domains within the same domain tree so that's what the domain naming master will take care of it it just it makes sure that you have no duplications on your network for like naming servers and everything and again only one domain controller in the whole forest follows this rule next we got the PDC emulator also known as the primary domain controller for windows NT 4.0 client computers so Windows NT 4.0 client computers well let's say look at the PDC server and that's like their domain controller that that's how they authenticate to that's where they go because they have older technologies then the new Server 2008 does so they set up this PDC emulator and this emulator also acts as a time synchronization master for the whole domain and only one domain controller in each domain holds this rule not the forest so you can have you know one in technology com you can have one in sales technology calm you can have another one in Ontario sales technology calm doesn't matter the infrastructure master this server processes any changes in objects in the forest receive from the global catalog server and replicates to other domain controllers now it's recommended to separate the infrastructure master from the domain controller the global catalog if you have those both on the same server then the infrastructure master never really has a chance to send out the processes changed from the global catalog server so it's it's best practice to separate those two roles or just take global catalog server off and move it to another server whatever is easier for you it doesn't really make a difference as long as they're separated and again only one domain controller and each domain holds this role and lastly we got the rid master so this assigns security identifier so SIDS to the objects created in this domain so this ensures that no two objects have the same relative identifier that is unique to each object so all this is is like when you're setting up users or printer accounts or oh group accounts that you can't duplicate them within the same oh you okay that's important you can have duplicate names but they can't be within the same organizational unit your sales oh you I can't have two Paul say no edges okay and the red master will show you that and you know hey you have a net that you have a duplicate name and the server also hands out five hundred rids to each domain controller and its domain for creating objects and when they ran out you just ask for more simple as that so you could come across a time where you're just you know you got new organization you guys are setting it up and you're making user accounts and then all of a sudden you can't make anymore user accounts everything on your end looks fine well the red master could be down and you already like like where you ran out of your five hundred rids that could your your rid master could be down and you'll have to bring it back up you know investigate that end of it but just like a little tip I guess so why Windows Server 2008 well hey there's lots of features and abilities in Windows Server 2008 I'm just going to show you three so the best I think the the biggest one is the read only domain controller so this is great for a company like let's say I'm going to use Tim Hortons again I don't think Tim Hortons is how was he an IT staff in each Tim Hortons right now so they probably have a read only domain controller if they have one at all but just using them as an example they probably have one there in their little building where it pretty much acts like like a domain controller or global catalog but they can't really do anything to it it's locked down they can authenticate to it they can look at the global catalog through it so they don't have to cross the wide area network connections and slow down and increase speeds are sorry increased costs and all that stuff they can have on locally where it's very secure and it's also good to if you don't really have like that secured server room you know it locks and Pete motion sensors and everything like that you can just throw one of these in and you know it acts like a domain controller but it's just a read-only so you can't change it you can make any changes to it and yeah pair users can also authenticate to it and log on to the domain increasing the speed of your logins and it also saves on network consumption as data does not have to travel the land or land next is server core now I forgot my little my little T there but it's just a stripped down version of any of the Windows Server 2008 operating systems so it's like there's no GUI so there's nothing like you're not going to have a mouse there's no little pretty pictures of files and the control panels and all that's like that's all gone it's just you open up your command prompt and that's what you're looking at that's it it's great for security and it's also great if let's say you don't have I don't really want to say this that I want to push you guys to ever do this but if you don't have a a good enough server computer let's say you're you're short on the you know like the reason like the RAM and all that stuff well server core doesn't install any of the crap like media players and Microsoft Paint and games and so off it's just simply the operating system at its core like whatever you need to function that operating system will be installed in server core and that's it and then whatever features and roles you add on to it that's all that's going to be on that thing nothing else so it's great for security and it's great for the ease of a server doesn't doesn't take so much fire mints to install a server core and which probably not maybe a lot of people know of is this last little point that I like to throw it is the self-healing end IFS so what it is it just has like a thread that runs hopes in the background and that can correct the file system when NTFS detects a corrupt file or directory' back a day if you had a corrupt file directory you yourself had to go and investigate it delete it fix it remove it whatever you had to do to fix it Server 2008 r2 automatic the NTFS will detect it and then it'll just fix the file it's great for security and everything ok I don't know what this one is like oh so next I just have a picture of what our force will look like it's actually what we're going to be setting up so keep it in mind to reference later on if you need to okay so this is kind of what our force can look like so up here we got our block I just chose it black because it's our forest root domain it's the global catalog it's the DNS server it's the Operations Manager it's the domain controller it's you know it's everything here and these all connect like a trust now here in the red box I just separate that that's our domain controller here in the orange box that's our tree and this is our other tree okay so sales technology calm child domain Alberta sales technology calm grandchild domain and then Ontario sales technology calm is another grandchild to me these here are all set up with transitive trusts they all link back up to this force root domain and this is the root tree and this is the root tree so the root trees is just the first domain controller I know I'm saying that a lot but it's the first domain controller set up after your forest root domain okay so you got your force group domain up here which is technology comm and then you have your your trust that the administrators have to set up between these two guys here because this is other domain comm so these two are together but this doesn't because this guy joins this that doesn't make him a force root just a rude tree and he can have a child and grandchild domain just like this guy can have but there's a trust relationship between them so let anybody in other domain.com can access all the resources in sales dot our technology comm okay so here I guess I should have brought this up but so what so we have a forest called technology calm because that was the first server to be installed and promoted to a domain controller and then we have the child and grandchild domains and also a whole new tree called domain calm and we're going to get into all that our first domain controller will be called technology calm and our you know our first child is going to be sales technology calm and then we're going to set up a trust for other domain calm but that's going to be in a couple videos so that's it for what I want to cover in the concepts of Active Directory and now we're going to get into installing Active Directory all right so here's my server I got Windows Server 2008 r2 enterprise and I got my license valid for one hundred and seventy seven more days and it's free yeah if you want to buy it go nuts but it's about two thousand dollars to buy Windows Server 2008 r2 so hey it's up to you you get free four hundred eighty days to learn or go buy it I would suggest getting the free one so this is not what it will look like when you first start it when you first start Windows Server you're going to have this little screen that's cop box up it pops up called server manager and this is where you just get like a breakdown of your whole server ok there's plenty of ways to get there you can you could do that or you can just right click and go to manage same thing server manager you got your security so it tells you four firewalls on last time you check for updates so these two here are important your role and your summary so your roles are where you would install Active Directory domain services DNS DHCP file server all that type of stuff features or like dotnet framework group policy management console stuff like that things of that nature so in this tutorial we're going to set up Active Directory domain services so it's recommended to go to your roles go to add roles here this is just a little you know before you begin verify you know that you're the administrator your network settings static IP your configured latest security patch with blah blah blah you can hit this little checkbox and then this little page will never show up again you hit next and here's a list of all the roles you can install on this server hyper-v fax server you know application these are all the new Active Directory roles within Server 2008 so here is the main one Active Directory domain services and you got like lightweight directory services right management's and you can also look to your right here in a little description if you're unsure so in this tutorial we're going to do Active Directory domain services so you can just put a little check mark there and automatically it's going to install the features so dotnet framework 3.5 point 1 let's go automatically install oh so add required features ok ok the other way you can install Active Directory is you can go to your command prompt here and just type in dcpromo exe and hit enter I don't want to do it because it's going to install the if you do that before you install your Active Directory domain services it's gonna it's not gonna really take any much more longer but it's gonna look like some people have said that it froze up and it's not working but I'll just doing is it's installing Active Directory domain services in the background so we're just going to go ahead and do that first we don't really have to like I said you can just do it all through dcpromo but I'm just showing you what the Microsoft exam is saying that you should install domain services first and then do the dcpromo so we're going to hit next this is just an introduction you know things to note you know read this over if you wish to hit next here it's just a next game it's all it is okay so it's telling you what it's going to install it's going to install Active Directory and dotnet framework so hit install and this is going to run and I will be back when this is finished and we'll continue okay so we're back here and everything has been installed properly so we can just hit close and then you can see down here we have our now role summary and our feature summary we have one rolling star installed with the red X all that means is that we haven't set up the domain controller yet and then down here you can see the - of 42 installed features so we got all this stuff here so we got active directory administrative center the tools dotnet 5 framework and all that so you can hit your Active Directory domain services here this will just load up here and show you that the server is not yet running as a domain controller so run the wizard dcpromo Exe so you can click this link or you can go to your control panel and type in VC promo Exe and hit enter and then see here it's checking if the binary domains are installed now the binaries installed that's where it would freeze up and take awhile if we didn't already install Active Directory domain services so now we're setting up the domain controller here so now we're going to hit next or you can go to Advanced Mode we'll get into that later so hit next and then here's just you can read through this just like a compatibility settings here you can hit next now here is where you're going to be creating either a new forest or an existing force so remember that other domain.com we would click this so create a new domain in an existing forest so this this server will become the first domain controller in the new domain so that's what you would select for other domain net so we're not doing that we're creating a new domain in a new for so hit next and then this is going to ask you for the fully qualified domain name it gives you an example down here so for our case we're going to type in Technology dot-com okay and then hit next now you can capitalize that whatever you want doesn't make a difference how you type it and just hit next it's just going to check whether the forest name is already in use okay so here we're going to this is where you set the functional levels now this setting here you can see you got you got Windows 2000 2003 2008 and 2008 r2 there's new features with in 2008 and r2 so that's why there's two here so what this will do will set the I'm going to say privileges I guess are the new concepts of your whole forests so if you put this at Windows Server 2008 you'll see down here you will only be able to add domain controllers that are running Windows Server 2008 or later so if you have a Windows Server 2003 you cannot add it to this domain or this force so I'm going to leave it at 2003 because I'll show you later how to upgrade your forest functional level so you hit next and this here is just a domain functional level so technology calm and then sales calm sorry sales technology calm or products technology calm these will fall underneath the domain functional level this will not this will not affect other domain.com or.net or whatever the one the other the other domain that we're going to set up later on this won't affect that this will only affect any of the technology comm child domains or grandchild domains or whatever so again you can change it too and see how 2000 is gone because our forest functional level is set to 2003 okay so we're going to again leave this at 2003 and if you go up to 2008 you'll just see the these features available Windows Server functional level include all features available in Windows 2008 domain functional level following features authentication assurance okay so we're going to keep it at 2003 for now and hit next because we might have a 2003 domain controller we might help later on who knows so hit next it's examining the DNS configurations now keep in mind we do not have a DNS so it's probably going to prompt us to install a DNS server or point to one in our case we're going to be using this server as our DNS server or Active Directory server global catalog and master operators okay so that finished and now it's telling us the additional options here so the first domain controller must be a global catalog so it's grayed out we can't even change that and the first domain controller cannot be a read only domain controller DNS here is optional so if we had a DNS server already set up we can point to it but we don't so in this case we have to make sure the check mark is there and install the DNS server on this domain controller and here you can see we recommend that you install the DNS server on the first domain controller so we just hit next here and this pop-up is if you haven't have if you don't have a statically assigned IP address it's recommended to set one up what that is is a it's an IP address that is sets up and will never change unless manually changed again dynamic is a dynamic IP address would be what you'd get from a DHCP server as you can see here you can use it but it's not recommended because your IP address could change and if it does change everything that thinks that it connects to that old IP address will not work anymore you'll have to reconfigure all the IP address and map everything back out so it's best to set up a static IP address now and to do that no I will set up a static IP addresses so you can click that and it should pop up but it doesn't so you can go down here to your network down here you can right-click it and open up network and sharing center or you can just go to a start control panel I always change this to large icons and you can go down to network and sharing center and then up here you can go to a change adapter settings right click it go to properties and then click on your tcp/ip version four we don't really need six at this moment but I and you go to properties and then obtain an IP address automatically that's dynamic and it's getting it from a DHCP server we don't want that so we're going to use our own so you can go ten oops need my num locks on there so ten one 1.54 this server the subnet mask is what's used to tell the network cards and all the networking devices what part of the IP address is the network portion and what's the host portion so I'm not getting into subnetting right now so you can get that out of your head and g5 5.0 so what this quick breakdown is two five five two five five two five five that's the max so that indicates that these first three up tetes here are part of the net work ID so these won't change and then 50 see how it says zero you can have 255 addresses here so our default gateway so if we're trying to communicate with something that's not within our network so let's say for example 10.1.1.1 all the way 2.25 4 ok so if we have something higher than that on a different network it's going to go travel to our default gateway to get there and then your preferred DNS server because we're using our own you put in what is known as a loopback address so 127.0.0.1 let's say any address that begins with 1 to 7 is known as a loopback address and what that will do is when your server wants to contact a DNS server it'll look here and it'll loop back to itself now you can set this up as 10.1.1.1 is if you ever changed this IP address this will still be 10.15 and you'll get some errors so it's better to use a loopback so it'll always stay that address one two seven zero zero one and then just hit OK and then hit close here and you'll see every it will work you'll see down here my network will disconnect so I don't really have a router hooked up in this virtual PC or anything so I'm going to lose my internet ok so that's done now and you can see down here I've lost my no internet access so in a ways but now with that that's done we can hit next and it's just gonna give you like a little done error but it's just saying that you know there's no delegation made for this server because there isn't it we haven't set anything up yet so you just hit yes here and now you're going to be getting into the location of the files and log files and Syst valium folders they say it's recommended to separate the NTDs from the sis volume put them on different like drives but in our case it's fine all on the C Drive it's ok so you can leave that default or you really want to you can browse and choose a different location that you have set up already and just hit next here and this password we're going to set up is for restore mode so if anything major ever happens to our server here we can't get into it we can't login you can run restore mode and you'll need this password to go to get in there so keep it in a safe place remember it you're not going to use it often so I would really suggest writing it down into your little folder there don't leave it on the server anything because clearly if your server won't start you won't be able to get in there and look for the password so just write down somewhere and keep it handy you never know when this password will be used will be needed so you can hit next here and this is just a summary so it's going to break down what we're doing you know technologies are NetBIOS name our new domain is technology calm forest functional 2003 domain functional 2000 what else you know additional options read-only no global catalog yes you know you just keep going on and on and then new this Windows Server 2008 you have this export settings so you can use this to create an answer file and what an answer file is is if you had to set up if you're in an organization organization you have to set up like 25 of these domain controllers let's see but you can set up one take the answer file and then you know where you write in dcpromo you can type in dcpromo slash unattended Cerf I'll so you can export the settings here save it to unattended hit next ok you know the settings were successfully exported to and here's the path to it ok hit OK then just hit next and now this is going to it could take a while so I'm going to pause the video and I'm going to have this check mark so reboot on completion so when it's all done it's going to reboot itself and the next time I speak to you we're going to have a domain controller so yeah I'll be right back okay so we're all logged in now and I set it up I hit record just before everything starts to pop up here this is what you're going to see when you first log into a server you're going to get this initial configuration tasks here just kind of gives you things to help you out here so you know obviously stop want to activate set up your time you know configure your networking provide name bah bah blah ok you know updates and all that so you can exit this and then server manager window is going to pop up and this here is going to show us everything that we have now ok so we have two roles Active Directory and DNS and it's going to tell us a role status so we got some messages we got some you know some errors here some warnings on territory warnings that's that's normal in a server ok so we can click on Active Directory domain services ok so there's like there's nothing more there's just a couple of warnings you can double click on them see and I believe these are because when you remove a domain controller it's best to reinstall the operating system which I didn't so it's just like conflicting here but we can ignore them like there's not going to change the way we do anything throughout our videos it's just having a conflict with the old name technology com I just didn't want to have to reinstall everything but I'm just showing you these errors so in case you do see them that's just an indication that someone had Active Directory installed removed everything and just reinstalled it it's best to reformat the whole if you're going to remove a domain controller that's that's what they say is the best practice just remove everything so we can close out of here and to verify that we have a good cop like everything installed properly we want to go to start Administrative Tools and when this pops up we're going to have both five new or six plus seven new tools here in our administrative tools we got our group policy management we've got our DNS and then this here you're going to get very familiar with Active Directory users and computers then you got sites and services domains and trusts administrative center so we're going to look at users and computers here this is the main tool that you're going to use setting up your domain here you know whether it's making user accounts or computer accounts or you know making queries show you how to do all that so I'm just going to show you what's default first so you got you can open up here you can expand you got your built-in users and groups then you got your normal users and groups now the big difference between these are built in is strictly for domain controllers okay like the administrator here and the administrator for users are different built in this is the administrative group for the whole domain like any domain controllers within your domain and users is just the user the administrator for this domain controller domain admins again you can be put into this group and you'd be administrative throughout your domain blah blah blah you got your computer container and then you got your domain controllers so you want to make sure that your computer name is listed there okay so first default first site name and it's a global catalog computer whatever and we're not going to get into foreign securities and all that stuff I just want to show you the default oh use containers that you want to call them this is all default and you can also verify by checking out the assist volume folder so it's located on your C Drive windows and you can go down here says volume it's all there and I believe the logs they're all there okay so everything got installed the NTDs this is your big folder here and TDS net our big file can't really customize it from here so everything got installed and everything is working so I hope this was informative to you guys like I said I'm not an expert but I'm learning and by doing this it helps me learn also so I hope you guys follow along and watch all the other videos the next video we're going to start to construct our domain we're going to set up like organizational units and seeing how all that stuff plays in with this and you know some good understandings of the architect of an active domain Active Directory domain so thanks for watching guys and I guess I'll see you later

Info

Channel: Paul St.Onge

Views: 171,138

Rating: undefined out of 5

Keywords: tech knowledge computers, tech knowledge, how to, Active Directory (Software), AD DS, what is a tree, MCTS Server 2008, active directory, what is the global catalog, windows server 2008 r2, installing, active, directory, server, 2008, what, is, domain, concepts, child domain, domain controller, forest, windows, r2, understanding, organizational unit

Id: AZALw8FIGe8

Channel Id: undefined

Length: 52min 33sec (3153 seconds)

Published: Tue Jan 01 2013