Active Directory with Windows Server 2022

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] and we've got our server from last week that's just sitting and paused by windows server 2022 so i'm going to create a new custom virtual machine workstation 16 compatible and i'm going to use the windows 10 client iso now it's saying that it can't detect which operating system which is a little bit alarming but let's just set it to windows 10 64. and i'm going to call this windows 10 client okay and let's just go for the bios and let's give it two let's just give it one cpu and we'll give it leave it on two gig of ram as well so i'm going to turn the ram up just to make the installation go a bit quicker leave it on that and we'll create a disk but we'll make the disk a single file so it's easier to delete later on and the only other thing i just want to make sure i'm just going to go back and make sure i've set the path to this machine correctly local vms windows 10 client is exactly what i want we don't want to be installing it in the downloads folder or something like that so um don't need to customize hardware let's run this and see what happens as we know um the installation of windows 10 hopefully everyone's had a chance to do that before can be somewhat tedious english united kingdom and then click install now okay and then it's going to ask me literally a million questions about whether i want to be spied on and my house or you know how often i want to be observed by microsoft right so another thing to choose is i don't have a product key we'll just now hopefully you should see this dialogue and if you don't see this dialogue then i'll have to share this iso with you so i'm going to choose for this one windows 10 pro okay accept the licensing do custom and just choose that drive there and then that should begin a long process this this classic window that we see for a very long time now that'll drag on in the background first thing we should do is we're going to set ourselves up a domain okay and the first thing that we need in our network okay is some sort of an ip addressing scheme so we cannot have a domain controller um what we could we could but it would be it would make things even more complicated and we shouldn't have a domain controller that isn't on a static ip really you know talking about best practice here i'm sure there's a way to do it so what i'm going to do is i'm going to go into the network and sharing center and let's just check how our client's getting on okay so how would you like to set up um i'm gonna go set up for personal use because i think that will be less i feel like if we set up for an organization that will want um it'll want me to put in email addresses and stuff so i'm going to choose an offline account for this so that we don't have to sign in to office 365. um and it's going to tell me that if i don't sign in i won't be able to enjoy the full range of microsoft apps and services so let's choose um do we want to go next or do we want to do a limited experience i think we want a limited experience believe it or not right who's going to use this pc so see look it keeps telling you you want to use an online account but you don't so we're going to make our client and we'll give him a name john smith and let's create the password so i'll use my classic password that i use for everything in this in this course okay so it's the dollar dollar capital e at the end edinburgh college okay that means that you can remember it always so let's just confirm that password again okay now security questions it's gonna make me answer three and here's a here's another thing that i do uh that just just to make this easier right i just put edinburgh for the ball that way i know that it's asking me um you can choose a different place if you're if you're very against edinburgh what was your childhood nickname edinburgh that way i don't that way i've ever had to recover the account i probably could all right so do we want activity history no we do not do we want digital assistant decline okay so so again i'm just uh don't use speech recognition um no location no find my device basic diagnostic data no inking and typing improvements no tailored experiences no advertising id and hopefully that's enough nose to guess and here we go so this is now this is the outer box experience the first time boot of windows 10 and so i'll just let that run in the background telling you how wonderful it's going to be when you first turn on your laptop and let's go over to our windows server and let's assign this a static ip address so let's open network internet a second um and just going to take a note on a pen of the address that i assign this when it eventually opens okay so we want to get to the network and sharing center okay so often it's tempting to choose change adapter options but you don't want change adapter options you want network insurance and you want to get to this window you can get there via the control panel as well let's change adapter settings and let's go now at the moment okay we have this vmware virtual machine adapter set to nap and that's not what we want to do so i'm going to open up the virtual network editor now um and we're going to create a subnet to run this on and we're going to put this into a specific subnet now normally we would do this on a vxvmxnet a virtual network but um for this course i usually try and run things on a lan segment so it's just like a kind of almost like they're both plugged into a switch so we can try both and leave everything to us okay right so let's go in here properties and we'll do the now we're not going to use ipv6 in this so we could go ahead and just untick ipv version 6 which is probably what i'm going to do i don't know if that'll upset it because it's server 2022 let's have a look over here windows stays up to date to help protect you in an online world thank you i'm definitely going to need to put this back up right okay so let's get rid of ip version 6 and open up ipv4 and we're going to do use the following ip address now this is the one that i like to use for my domain controllers and my servers because it's easy to remember 10 oh put num lock on 10 and if you do space it will jump you dot 10 space 10 space 1 okay now by default it's going to put that on a slash 10 8 sorry so make sure we put it on a slash 24. um and let's just leave that okay don't need to tick validate settings on exit click ok and when only applies when you click close so i've seen people stuck but with this but they still have that window open now at this point we niche we need to change this virtual machine's network adapter allocation so at the moment we have it sitting on that okay and what i'm going to do is i'm going to put it onto a lan segment okay now in order to put it we can think of a lan segment as like a virtual switch okay so let's go land segments add um and you have to just click away and click close and let's put it in lan segment one so you can imagine lan segment one is literally like having a switch in the middle of a table and um okay so let's save so now this is in its own private connected to its own private switch shall we say it's given me a little error there and what i'm going to do at this stage is reboot the server so it can accept these now hopefully it won't take too long to reboot this time and let's just check how our client machine ah the client machine's installed good so what we're going to do with the client machine is power that down so let's go shut down and shall we shut down the server at the same time i don't know then will end up with no machines at all hmm well let's just see if this is applied okay let's do should we have uh shoei following along here you can do yeah if you can i would yeah ipconfig good so that's what we want to see on our server now i was going to reboot it but i might just okay what i'm going to do now with my client machine all right is turn the ram down to to 2 gig okay and then i'm gonna shut my server down and i'm gonna turn it back up to four gig because it's running uh it's very sad at the moment with the i mean it will work but just because i'm demonstrating it to you i don't want it to be running so incredibly slowly that we have to wait five minutes there will um there there there are there may yeah there will be some some guidance for this i'm recording this there's a video of this there will be a video of this um but at the moment hopefully what i've done isn't difficult i've just installed two things and uh so let me just turn the memory back up on the server now 409.6 all right obviously if you don't have that ram available then you can't do this so we'll start the server first because that's more important than the client and hopefully it doesn't come up and say the amount of memory has changed and windows is needs to needs to repair itself or something hopefully it can cope with having more ram right so you just click close so you don't click i don't think there is an install button anywhere never seen an instant okay right so here we are logged into our server it's all happy we've got the vmware uh running vmware's very happy l now subnet no no it should be slash 24 because we don't have um 2 to the power of 24 machines to the power to the power of eight subnets yes slash 24 exactly we'll talk about some subnetting next week we'll give you some questions on some subnetting right while that's loading i'm going to start up my new client machine which now only has two gig of ram so hopefully that won't cause too much of a drama to my to my computer as a whole okay so we have um the client starting up in the background then it's just an absolute basic windows 10 client john smith is the user uh with with a normal password okay it's just a simple client machine you can imagine it just being a simple computer sitting over in the corner there it is there so let's do vm login and we'll log in as john smith he's just a test user that i created hopefully i got that right yes i did okay so what we would like to do as well okay is go to the windows 10 client settings and we can see that the network adapter is on that now we won't be able to speak to the server if it's on that so let's change the network adapter and put it into a lan segment then it's plugged into the same virtual switch as the server so that's that's fine but at the moment if we do windows key in our cmd ipconfig at the moment we're on a random nat ip address so let's just give um this machine an ip as well so let's go networking internet sayings scroll down now notice that this is a slightly different looks slightly different from the server we want the network and sharing center there and let's go change adapter settings and let's put this one into the same subnet as we had the uh as we've put the server so see how the server's getting on loading up looks fine okay so i'm going to untick ipv6 which is unnecessary it's just an additional thing and use the following ip address so let's do 10 num locks off 10 10 10 okay and let's put this on 10 okay so the server's on 10 10 10 1 the clients on 10 10 10 10 okay subnet mask by default it's trying to help and it's saying okay 10 that's a class a network so have a class a class a uh subnet mask um okay right now i'm gonna i'm gonna click okay on that just now i'm gonna click cancel but i'm gonna leave the network insurance center open because we'll need to go back there in a second so let's go to our server now and let's just verify um that no bad services are broken microsoft edge updates and that nothing important so now we want to promote the server to be to be a domain controller so we're going to go up to manage and add roles and features okay and then what we're going to do is this is going to bring up this add roles and features wizard now ignore this page first this is just telling you about about stuff that you should do and we want to choose a role-based installation and we want to choose this current server that we're using okay so if you had multiple servers you could choose one of those in there now here's all the different roles that we can choose and the one we want is active directory domain services now i promised myself that i would get a screenshot of this because the screenshot that i've got in the slides is awful so i'm going to do that trick from last week cap your screen capture screen let's just cancel that and let's cancel no that'll do vm screen okay so active directory domain services now it's going to tell us that it's going to install a load of other stuff with it okay so let's just choose add and then click next and then this is all just just default stuff um so we don't need to worry about any of that stuff there okay now choose restart if required don't think it'll have to restart and then hit install and that'll start installing the active directory domain services role into this server so while that's happening we'll go back over to the client machine and we'll check that we've got our correct sense so 10 10 10 10 is the ip address of this machine no gateway needed because we're not going to leave the network yet now there's one more change that we need to make and i'm deliberately not doing it so that i can show you how how it's going to become a problem so um i can actually close the wizard and let this run in the background and it will tell me when it's finished so i'm gonna i'm gonna close this down and just leave it and i think while that's working in the background we might install the vmware tools on this just so we have a bit of a better experience so i'll show you how to do the vmware tools installation so i'm going to open up windows explorer which is the file manager and then go to this pc now at the moment we have a dvd virtual in the virtual dvd drive that support that's the installation dvd for windows 10. if we go vm and choose install vmware tools you'll notice that this will change to a different dvd ah look at this it doesn't matter if it's not present you basically you do choose vmware tools and then look it puts a cd in there in the in the thing for vmware tools so all we do double click on the cd accept the user account control settings it's going to ask if we want to do something in a minute i think vmware tools yes i do want to install vmware tools so let that it's going to bring up a wizard in the background so let's just let that run we'll minimize some of these and let's go and see how the server is getting on ah okay so the server has finished the installation of the um of the active directory but we don't see we don't see it appearing in the server roles why is that look up at this flag up here notifications so it says that the installation succeeded okay so let's try and refresh the server manager view and see what happens here okay good that's really good now we have a new role active directory domain services in our server okay so i've also got this little orange flag up here and this is important we click on this and it says post deployment we need to promote this server to being a domain controller so let's promote the server to a domain controller let's just see how our client is getting on right this is dead easy vmware tools um it has like it helps you do dynamic copy and paste in another virtual machine and it sorts out so let's go for just a typical installation of this and hit install now when this installs you'll notice it'll fix the screen resolution it fixes the graphics drivers um the vmci driver and various other it's just a kind of a driver pack to make it work a bit better ps2 mouse memory control watch the graphics are going to fix themselves any second there we go look at that isn't that a sharper resolution there so that's how you get the the vm tools installed to finish probably going to ask for a reboot so let's just reboot the client machine go back over to our server okay so the server we want to add a new forest okay and that forest that we're going to use for this okay it's called ec.com okay i make it easy because it's easy and it's edinburgh college as well don't worry we're not going to run this on there on the internet so don't have to worry about um whether or not we own ec.com so now we're going to think about this new forest called easy.com that we've just told that about and let's see how our client machine's getting on okay let's find this rebound right so the forest functional level okay we can just leave that as it is and we're going to put our password in and we're going to use our same password as normal okay dollar dollar messed that up try again dollar dollar do it in parallel capital e capital e i think that's worked there we go next right create a dns delegation ah okay so let's just leave that just now okay the net bios name should be automatically created so let's just let's just see what it puts in there and while it's doing that let's get logged back into the client so vm send control delete and same password as usual okay right net bios name ec absolutely fine now it's going to ask me some stuff about paths and review options so just leave all those as they are we don't want to change any of this stuff now we can export this to a powershell script we just click view script to do that i'll let you do that yourself um now it's going to come up with a few errors okay it's telling me that the default one or more prerequisites failed please fix the issues and click rerun prerequisites check okay so what are the issues the default security setting allow cryptography like verification dns services are required before you proceed okay um so normally in previous versions it allowed you to set up this and then as part of the installation it took the dns it brought dns in with it it doesn't seem to be doing that here so what i'm going to do is cancel this wizard and we're going to go back to manage and add roles and features so this is a little bit different from server 2019 and we're going to add a dns server okay which used to be added as part of the installation of the active directory so let's install this is a smaller role this won't take long to install and hopefully this will fix the prerequisite problem with the uh the active directory so let's run our command prompt here just check that we have ipconfig okay we're all good there let's go back to the server and wait for our um dns installation now once the dns installation is complete i'm going to try and run the active directory domain services installation again and hopefully that will um that'll work hopefully so right install succeeded close now it's going to tell me right i've got now i've got the dns role but i think it's going to tell me that i have to okay let's okay so that's saying that that's succeeded let's go for the domain controller again and see if it will allow it now add a new forest easy.com it's thinking about it while it's doing that i'm going to get to the place where i can change the name of the client machine so let's go to the settings gear and we want system and about and we want to scroll down and choose rename this pc oh no we don't change product key and they have made that difficult haven't they um system info then and we want advanced system settings computer name so system info used to be a button you could change the so this is where we're going to join the computer to the domain when we eventually get the domain to work so let's put the password in again next on that i see i want to create the authorities of parent zone cannot be found i want to create a dns delegation it used to allow you to do it as part of the installation let's just see if this will if it'll work this time fingers crossed it's it says it'll set up the delegation otherwise we'll be going back to dns again right so it's on the prerequisites check so let's just see if this will work now otherwise we're going to have to go and try and create a parent zone no doubt that i'll be i like to do this right uh come on pre-requisites jack come on i'm sort of 50 50 on this whether or not it's going to work good that's good lots of yellows are good this is going to work prerequisites passed brilliant okay so you used to you can sometimes get away with doing the installation and it will say do you want us to set up the dns as well but obviously they're not doing that anymore so let's hit install this is good news now we're car not here okay so that's going to promote this server to being the master domain controller of ec.com it's going to become the domain controller of the ec.com domain so this is good news um yellows are okay yellows are just errors about knowledge base articles and stuff it's the red ones that you can't you can't get around so let's just now the machine will likely have to reboot and when the machine reboots we'll then log into the new ec.com domain and then we'll be on to the final chapter of this journey which will be uh joining the client into the domain as well so a delegation cannot be created because of the parent zone it seems to be doing it though it seems to be doing it so we'll we'll completing the active directory setting the lsa policy setting the computer's dns name see it's doing it for me now securing the machine and hopefully this is going to finish in a second configuring the dns server service that's what we wanted you got that while installing let's have a look you're about to be signed out yeah it's going to read exactly yeah exactly that right so let's hit close close and it's going to reboot because now we're about to join the domain at the moment we've just been on this computer and this is just a single box on its own in the world but now we're gonna we're gonna join the domain so here we go strap yourself in journey right let's make sure our client's okay over here client's all good the server now you'll notice that the login screen is going to be different here okay it's going to actually say it's it's like now we're in an organization now and this is we're now going to sign into the domain so this is why it's taking a little bit longer to boot than the standalone server that we had before let's just hope this is going to work let's cross here really thinking about it what i'm going to do is no not yet we'll not do that yet let's let's get signed in first playing computer settings i suppose i can do a video edit and edit a lot of this waiting around out um that's good to see it live though and it's also good to see that it doesn't all go like it doesn't always go all perfectly smoothly for me hence i've put this way i've had worse installations than this it's gone it's gone worse than this this is going quite well actually so soon we're going to establish the relationship between the client and the server but let's just um see if this has worked playing computer settings so this is almost like if you go into an office and you sign in for the first time it's like pulling your profile so is everyone kind of been able to roughly follow along with what's what's happening here um the actual tasks i've been doing aren't that complicated it's just a lot of little silly things because we're waiting for windows server and to finish loading it to catch up and stuff just going to take the tag off my glasses for the most part good what i like to see hi excellent happy people if you've not done this before this is the first time you've done this then i've got a fingerprint on them i was thinking of going back into college i might start wearing them in the class as well you never know someone some angry student might chuck a pencil at me or something um you fell behind at the network settings any news about going back into college no apparently there's an announcement in will you see powershell yes you will see powershell yes you fell behind it network sense so the network settings i've got let me just write them in as the server is on 10.10.10.10. 1 24. client is on 10.10.10.10. slash 24. okay so 10. 10.1 and 10.10 are two since well it's really once honestly i've never worn glasses i never had glasses so i didn't know that it's annoying when you get one like tiny smudge on them that's bad you never know something might come flying in flying in here what do we sum at this stage add a new forest add a new forester okay vm send control delete okay so now notice that this looks different now now we're in the ec domain and we're going to sign in as we can sign in as other users there's only one user in the domain at the moment so we don't have any choice but to sign in as the administrator let's put the administrator's password in okay and here we are welcome to the ec domain and you'll see things are starting to run ship shape now apart from all these errors that come up but we can deal with them later so you probably notice as well that in server manager we have more roles which are going to load up in just a second um but for the purpose of this test what i'm going to do is i'm going to open up the command line okay to see if we've got communication with the client okay so there's um active directories here is working dns is working file and storage service and we've probably got some errors about edge and updates there so this is all looking quite good okay now our new role has added something to the tools menu and that thing is active directory users and computers so we we go to manage to add roles and we go to tools to get to the management console of those roles so let's go into active directory users and computers and we'll see that we now have a domain called ec.com okay so there's our domain and when we open it out here's the objects inside the active directory here's our little security groups objects we've got domain controllers we've got one of those users at the moment we only have the built-in users but we can add uh um a new user we'll i'll show you how that works in just a moment so let's go and see well first of all let's see if we can ping the client all right so open up the command prompt ping okay 10.10.10.10. now there's a reason that that's not working okay let's just check the client's ip 10.10.10.10. and the client is in the same lan segment so that should work but there's a reason it's not working and that reason is okay the windows defender firewall so let's just let that timeout come back in so what i'm going to do on the client and this is just to show you that we've got communication it's just a proof of concept okay is we're going to go start windows defender so we don't want to open the windows defender firewall with advanced security just the windows defender firewall and we're going to go ah turn windows defender firewall on or off just leave that screen there now that was me trying to cancel the ping so clear this off and this time we're going to run the ping to the client but we're going to put a slash t after that and that means just keep going don't do normally by default it does four then gives up we're going to say just keep going so it's trying now to ping that client machine let's turn off the windows defender firewall hit okay oh and let's go back to the server ah what's this reply so that means that the server and the client can see each other at layer three at the moment we've got icmp so now can the client ping the server absolutely not the server blocks icmp but i can show you ping 10.10.10.1 oh okay it doesn't block icmp anymore it's working now great so that's something that's new in server 2022. never used to okay so we can ping both ways now in order to be in order for this client to join an active directory domain a layer 7 domain we need to be able to see the domain now we can do layer three that's no problem but but can we see layer seven so let's ping pc.com right ec dot com can't be found so let's go over to the server okay and let's ping pc.com now let's cancel that look it's pinging itself so it knows that it's ec.com it's an authoritative domain controller it's a dns server for ec.com okay this server is called ec.com in this domain but the client can't see it i can see it at layer 3 but i can't see it and the reason for that is because we haven't set up the dns on the client so let's just go um into our network settings which i think i kept open probably not but let's see if we can get up and go to the network and sharing center which should be here somewhere networking internet network and sharing center right so let's do change adapter settings let's go in here and have a look at the tcp version 4 settings now at the moment we haven't told it what the dns server is so where is it looking if i do ip config i p config slash all okay uh primary dns suffix is nothing okay and it doesn't have anywhere to ask for so if i do ping pbc.uk there's obviously it can't find it because it's got no one to ask it can't ask what's the ip address for this so let's tell it to use the domain controller as its primary dns server so let's do 10 10 10 1. now just to show you this working if i do ping ec.com t doesn't like that because it's a domain okay it's just ping ec.com let's apply this and tell it where the dns server is it doesn't apply till you hit close now let's try and ping ac.com look it's now resolving ec.com to the ip address so it can see the domain controller at layer 3 and it can see it at layer 7 as well which is what we need it can resolve these domain names okay let's go and add this client into the domain so to do that what we're going to do is get to advanced system settings so system about system info and let's open up system and advanced system settings and let's change the name now it says here to rename this computer or change its domain or workbook click change so we're going to click change domain and we're going to say ec.com okay we can only do this because we know it can see easy.com okay we know it's got communication if you can't ping the domain in the command line this won't work so let's hit ok now it's going to ask me for the password so administrator administrator and the password is going to be the administrator edinburgh college okay okay welcome to the ec.com domain now let's hit okay and it's going to reboot this this machine now let's close all of that let's restart now great so this computer is going to reboot and it's going to be part of this domain as well so the next thing we're going to do is go back to the windows server and go into our active directory users and computers okay and we're going to right click on users and we're going to add a new user okay so let's do new and let's do username i'm actually going to add this at the domain level new um let's go in here right click new user okay so a little wizard pops up and i'm going to add an account for well we know there's already a an internal a local account for john smith i could add a domain account for him but i think that's going to be confusing so we'll add a new account okay for a new user called bob okay and his name logon name is going to be bob bob smith not very imaginative names i know so let's go next and we'll make the password the usual password the reason that i do this is because you've got to put so many passwords in that you'll never keep track of them okay so we'll say um user will untick that and we'll say password never expires okay so we don't have to change it when it logs in or anything then let's hit next okay finish so now we have a new user called bob smith in the network so let's go back to our client machine we'll see that it's rebooted so if i do it send control delete okay at the moment we're signed in as a local user called john smith and we want to change that so let's do other users and see what it says sign in to ec let's sign in as now let's just check what's bob's username account his username is just bob ec.com let's try signing in as bob okay and put the password in the usual nonsense there we go signing as bob so now bob could sign in on any machine that's in this domain okay so that's bob getting the out of the box experience now on this machine and we never created an account for bob on this machine we created an account in the active directory okay so that is pretty much as far as we need to go um with this outcome of server admin so i'm going to stop at this point once bob's logged in let's just have a look here he is so if i click start here there he is bob smith is signed into this machine and if we go over to our server and if we go to tools active directory users and computers and when the ad uc loads up we can go to the computers tab and we should see that there's that desktop machine signed in okay um [Music] you

Info

Channel: Michael Ferrie

Views: 1,521

Rating: undefined out of 5

Keywords:

Id: Z7exeMHn0eM

Channel Id: undefined

Length: 47min 30sec (2850 seconds)

Published: Thu Sep 16 2021