How to completely design and setup an Active Directory Domain Infrastructure - Part 3

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

alright guys this is a part 3 now in the you know building your domain controller and setting up your business network I guess so now we're going to be started we're going to start getting into the the designing of the Active Directory structure and all that I said in the last video that I was going to install the secondary domain controller so we might as well get that out of the way now so all's we do for that is the same process as installing the first domain controller dcpromo dot exe I'm skipping the domain binaries it's going to install everything right here I'm not going to go through the other process of going to server manager and all that if you're unfamiliar with setting up Active Directory then just check my channel and I got a bunch of videos on installing Active Directory alright so it finished doing its binary install finish installing Active Directory so now I'm just going to go ahead here and skip that first compatibility and t4 page there and we're going to go to a existing forest now because we already created our first domain controller and now we're just making a secondary not a backup it's just a secondary domain controller so you know we can lighten the burden on this domain controller if you want to redundancy fault tolerance it is doing controller drops for some reason then people can still log into the secondary so add a domain controller to an existing domain or create a new domain in an existing forest so what this would be is in the other video you see me where I had marketing dot technology com this is where we would go to select that then we would just type in you know the primary domain controller the next and then the name of marketing but for our case we're just installing a primary domain controller and a type type the name of any domain in the force where you plan to install this domain roller so technology calm and go set and we need an administrator for that so again administrator now for the domain and hit next and just going to select the domain for the force root and default first site just you know examine DNS here well not ever take a while so yeah now we're back here and just close that out of there okay so now we're back and we're here it's going to select additional options for the domain controller so we can we don't have to select DNS but as this is going to be a secondary domain controller we are going to set up as well as a DNS server so if anything does happen and the first domain controller fails at least they can resort back to this and global catalog as well yes this computers are dynamically assigned IP address that's what it says here but in reality we don't we have our reservation from DHCP over here from other domain controller so I'm just going to ignore that and no I will sign you know just go yes I'll use it and again the delegation and again we're going to put our folders on a new hard drive and for this computer it's a whole separate drive I've installed on it so we a little bit different process here the other one was just splitting the partition this is a whole new drive so it's going to say unknown and it's down here so we're going to have to activate it so put it online okay it's not initialized to initialize disk disk one is this disc here if we had multiple that be here you can select them all and Master Boot Record hit okay okay so now it's a basic disk unallocated but you need it you need to convert it to a dynamic disk so you can put NTFS on it and new simple volume hit ok hit next we're just going to assign the whole the whole space of the hard drive here is going to be assigned and it's going to be e and we can label it I don't know whatever you want data doesn't really matter what you want to name it that's up to you hit next and it finish just going to allocate it and there we go so we got our NTFS partition it's healthy it's good to go so we can close down at a server manager and open it back up here and create our folder so active directory and I'll go ahead and closed loops close that go to browse e active directory copy that put it there and change that over and there we go so now we have our folders on separate hard drive from our startup and again cross this at the exact same as setting up our first domain controller and reboot on completion so I'm going to let that go and I'm going to explain a little bit about our Active Directory setup here our oh you structure so what that's going to be it's going to be in Active Directory users and computers and we're going to want to expand this we're going to be using this quite often so get familiar with it you know practice with the Deut you guys want to do with it and I'm just going to go through a few things here I'm not going to get into the full design capabilities of it because it's going to take a while so I'm just going to explain these and create you know our administrative account so that you know the IT staff that started this can start doing their job and designing stuff okay so our built in accounts here these are four groups pretty much and you can just assign your other IT departments into these groups but I recommend just leaving these groups and trading your own groups that do like the same thing as this and then add that group into these groups so what that does is it centralizes your administration so the easiest way to centralize your administration is just to ask yourself a pretty simple question is who do you have or who is allowed to access that folder or who is allowed to Remote Desktop well if you had to go in here and check out the members remote desktop and you had to read off you know 50 different people who can Remote Desktop well then you're doing something wrong in your structure when you go to this your members you should be able to say okay the level 1 and level 2 administrative groups can access remote desktop ok so then it kind of sent it segregates and it centralizes your administration and moving on here your computer container here is where all your computers will get stored to on default you can change this and we will but for now it whenever computer gets added to the domain is going to pop up here we have none yet because no one has joined our domain yet we've got our domain controllers as you can see we got our first domain controller and we got our backup domain controller it is on the domain but it's not considered a computer so that's why it's in the domain controllers and as you can see this little symbol here kind of looks like an hourglass or a folder or whatnot that indicates an organizational unit these here are containers and you can't put you know policies on containers so you put policies on organizational units but not containers and these are the built in domain wide user accounts okay so our forest administrator let's say is you know going to be you know domain user domain administrator enterprise admin he's going to be everything schema admin that is the main role of the forest administrator the schema is pretty much the skeleton of your your Active Directory like again like I said if you want more information you can go back to my other video on watch table so what we're going to do now is you need to determine when you're designing your Active Directory you need to determine a couple things here so you need to first of all determine the structure of your dough your Active Directory design so in our last video I told you we had a very location and a Timmons location okay so you got two ways you can design your active directory structure here you can design it by you know region so we can go berry and then start listing off all of our organizations so from here you can pair you can put like management sales these aren't going to be the proper names here I do have a list that we that I've been designing here for our structure so for instance let me just find it alright so for instance you know we got sales we got marketing we've got developers we got a whole bunch we got you know called care inbound and outbound and then these are all going to reside there's more but these are all going to reside in the Barry oh you okay and then we're going to have another timmons oh you that's going to have the departments from the timin side so you only have like supervisors refinery management Timmins the management's going to reside in Barry because Barry's the central location Timmons is just a branch location and the branch location is going to hold the read only domain controller okay but moving on from that so that's you know the way we're going to do it but there's other ways you can for instance let me just erase this here so yeah we got our Barry and our Timmins group so for instance you can just have all the departments listed under tech knowledge let's say start the over you like that and have all the departments and then inside you can just have all the users doesn't really matter where they are you know but in our case we're going to use the destructor more structured way so we're going to have a Barry oh you and a Timmons oh you and oh you is just short form for organizational unit so we talked about the structure so the structure like I said is going to be the you know we got Barry and then we got Timmons and you know all of our organizational units are going to go in there so next we got our administrators so like we were talking about earlier Paul st. Onge he's going to be you know the schema admin for stood men he's going to be everything domain admin he's going to have full control over the whole the whole domain and then we're going to have other user accounts I don't have anything yet we can just make up names I guess so David and Vinny and let's say Chris these can be the other administrators and let's say Vinny and Chris our help desk so they're going to have like you know resetting passwords unlocking accounts and all that well they're not going to have forest administration rights and schema administration rights they're going to have what's called delegated control over the the organizational units like Barry and Timmons let's say or not even like let's say just the agent oh you because the agents is going to be the majority of the users and all that so we're going to have to segregate Ministry of control over who gets what and well like I said we'll get into that as we start designing the scheme I just want to make it really clear as to what I'm doing here so those are going to be your administrators might not be those names exactly but there's going to be a help desk it man you know for resetting passwords unlocking accounts and David here could be our programmers you could be good at doing the SQL and taking care of SharePoint you know you can have some server permissions like you know backups you'll be doing all the backups and you know clearing logs and all that updating and Paul is just going to be the top dog he's going to be who delegates control to everyone else so yeah to make an organizational unit let me just take the time here on this video well we're still okay so to make an organizational unit and like I said we're going to be using the region the regional structure I'm going to call it so to make an organizational unit in the technology hierarchy I guess you want to call it we're going to just right click on it go new and go to organizational unit and what we're going to do is we're going to want to make a standard organizational unit that represents a company here just in case you know in the future we buy out another company here where we can set up you know another organizational unit coli other domain you know on their resources are going to be listed there so but that's not going to be the case right now and one other thing I want to show you is if you ever go to delete and you get this you don't have to miss and privileges and you're like what the hell you're you're on with administrative account it just its new features in Active Directory it's so accidental deletion doesn't occur so you just want to go to view and put on advanced features because without it you go to the properties here and you don't have much options to kind of delete that folder here so you want to go to view and put on advanced features and then we can click on other domain right click go to properties and now we can see here we got our security tab to get managed by an object and you want to go to the object and deselect protect object from accidental deletion hit apply okay now we can right-click and delete and that's that so that's gone so now we're going to set up our oh you structure so we're going to right click and go new organizational unit and we're going to call this one berry and we make another one called Timmins and I'm what I'm going to do is I'm just going to pause the recording here and create do you structure that's all I'm going to be doing for the next probably 10 minutes is right clicking new and then organizational unit but you do that inside of each oh you so now if I want one in Barry I click on Barry put a new organizational unit and we can call this one information tech ok so you see how it branches down from the Barry and that's very important for group policies so your oh you structure here really dictates how well your group policy works so I'm just going to pause this and continue building that all right so after like 40 minutes of right clicking and clicking on organizational unit I'm finished and it's getting late so bear with me here but this is what I've done so I've started off with our technology headquarters organizational unit and I branched off to Barry Timmons and groups and within Barry we have our main headquarters so this is going to hold most of our departments here so we got our agents so we got our users who take inbound calls for like service calls you know complaints or issues or troubleshooting then we got our outbound dollars for you know trying to get new service you know trying to sell our product and all that we got developers you know obviously developing our products and everything we got users and workstation organizational units so what's good about these this way of organizing it is you can put all the workstations for the developers inside of here for instance so and have the users inside of the developers only able to log into workstations located in the developers of you so it prevents you know these users you know walking over to the finance department and log it in from their computers so and it also just you know helps with administrative control that's the point of your organizational structure here is just to ease management you know he's the administration control the users however have no idea where they are they don't know what's going on here you can label these whatever you choose to this is just for your IT staff and maybe your manager might want to have copy of it who knows you know the owners and I got all of our departments listed here pretty straightforward users and computers in humans and resources like put Health and Safety in there as well forward men organizational unit I put our management you know because they're going to want to have better control over they're going to have you know full access to everything then I just got our servers here so it's going to hold up servers our users it's going to just list all the the IT staff we have and our workstations going to just hold like I said all of our workstations the organizational units here or are just containers for the users and objects the groups is where we're going to start to delegate control let's say not really delegate control but make groups for you know these departments and users and everything and so that just continues like that and with Timmons we got Timman is just an inbound call center you know about 45 agents in there and a couple maybe water management and then supervisors / agents you know so that's pretty much it for the structure of the two locations now the groups is pretty well simple we got our users so we got our call care users regardless of their inbound or outbound you know their groups will be in here and they'll have their own permissions and you know their computers are going to be locked down and then I got departmental users so anybody who's in a department you know from these here like developers and all that well we're going to want to give them a little bit of more access you know their own personal hard drive so they can store things on the drive that is centrally located on our file server so we have control of backups and we don't have to worry about backing up the individual computers we just got to force the users to save into that folder that's pretty much the hardest part so that's all that setup we got our management because they're going to want to have you know more access and everybody else and then we got our IT our information so we got our helpdesk admins so they're going to have a couple groups here and we're going to have our server administrators administration so we're going to backup servers we've got a list of all of our servers here so it's going to just have groups on the servers and all that that's where regard groups are going to be put into so just to demonstrate how to create a user and you know I'll sign him to a group and all that we're going to create a poll you know easily he's the management leader so he needs it needs an account so we're going to create him and he's going to be located in Barry information management and to create a user you just right click in the the pane here or you can right click over here and go new hit user and our first name is gonna be Paul st. onge and the user logon name that's what he's going to use to log on to with his account and we'll get into changing the UPN's and all that but for now we're just gonna have a password and it's for testing I'm just gonna have it selected like this way but in real life well in real life the administrator doing this right here would be Paul so he would know his own password but to set up passwords for other agents and other users you'd want to have user must change password at next logon and provide a temporary password because that protects you from them ever saying like well you know the IT team had my password and they knew it so maybe they were the ones that stole all that documents no so they're going to have their own passwords that only they know we can unlock it and we can reset it that's about it so we're going to hit next and just finish so there's our user I'll do a couple little basic things here is set a description IT manager you know we don't really need to go through the address the account is the account locked no and then here we can change the password settings profile we can connect to a left soon when we set up a file server but for now nothing organization job title department for tech knowledge and there you go that's just a couple things you can fill up but the member of here so you can see as of now he's only a member of domain users so give him some more control we can go to add here and we can browse our groups so when you create groups they'll show up here and you just browse to them to the name so if you're unsure you can hit advance they're like I just did and what your object type here is you're looking for groups or built-in security principles you can change this if you want to but because we're assigning him a member of it's going to be a group because you can't it can't be a member of another user and common names you know you can you know you're not too sure so it can start with let's say we're looking for something in the domain so domain and then you can hit find now and it'll produce all the domain accounts let's start with domain anyways you can just hit no domain admin hit OK it's going to check the name you can separate that with a comma and go Enterprise and then it'll bring up the other enterprise anything else this enterprise starts enterprise so we want admin and there we go so he's we can also give him schema so he's the schema admin enterprise admin he is everything that needs to be and we're going to hit apply and there you go so everything's done for Paul he's ready he can start we start using his account for from now on and I'm going to end this recording and the next recording we're going to I guess set up our file servers and the rest of our servers okay alright see you guys then thanks for watching

Info

Channel: Paul St.Onge

Views: 23,257

Rating: undefined out of 5

Keywords: tech knowledge computers, tech knowledge comp, tech knowledge, paul st onge, st onge, secondary domain controller, active HDD, assign, administrative, duties, groups, design, organizational units, active, directory, windows, server, 2008 r2, explain, tutorial, guide, how to, set up, configuration, install, software, domain, infrastructure, SYSVOL, NTDS, folder placement, best practice, Folder (computing), Active Directory (Software), Computer

Id: qhfYkrm2C90

Channel Id: undefined

Length: 28min 21sec (1701 seconds)

Published: Sun Jan 20 2013