Installing and Configuring Active Directory, DNS, DHCP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys welcome back to my lab this is going to be video three of the first lab and in this video we're going to install and configure Active Directory domain services we're going to promote a VM to be a domain controller and create a very basic group policy and some other little things like that so quick introduction I guess if you're not familiar Active Directory is a really powerful way of managing computers and policies for those computers so especially if you have like for managing users and computers essentially if you have a bunch of computers on a network and you want to be able to manage those like deploy the same sort of settings to those computers you can use Active Directory and say that you have ten employees and they want them to be able to login into any computer this would be the perfect use case so as you remember we've already created a firewall we've created a management virtual machine and I've now created a new machine called dc1 which stands for domain controller I've opened up the server manager but as you can see since our network doesn't have DHCP yet there's no network so let's go ahead and before we start anything let's let's give this machine an IP address okay I'm gonna set my DNS to point to Google at the moment all right I'm just gonna confirm that it works okay great and before we start installing any rules you'll probably want to change the host name of the computer as you can see this is currently not very good so let's change that real quick okay labs dc1 it's just gonna reboot real quick okay so what we're gonna do once it comes up we're going to open up the server manager and start and start installing the Active Directory domain services role so in server manager will stun loading we're going to select add roles and features role based installation to our current server and it's right here Active Directory domain services and we're just going to basically select all the defaults as usual and if we need to restart I'll just select that and I'll pause the video while we wait for this to finish installing all right it looks like that's finished it's just telling us that we need to make some configurations so let's close out of that window and you'll see that there's a notification for promoting this server to a domain controller so let's go ahead and go through that since this is going to be the first domain controller on this network and we're gonna select add a new forest alright the forest is just going to be the root domain name and in this case let's just make it lab local it's gonna ask us for the directory services password make sure you remember this password because if you want to promote other servers to domain controllers or remove any other servers or make any of those high-level changes you're going to need to know this password and the forest functional levels since this is Server 2012 r2 I want to keep it at that we can't go higher obviously and there's no point in in making it lower so we're just gonna stick with the defaults and of course my password is not good all right give me one second all right everything else is just going to be default alright for the paths we're going to leave that at default unless you have a specific purpose or you know what you're doing I would suggest not touching this I'm just going to give us a quick overview and then it's just going to do the prereq check and do the install so you're gonna get a few warnings here by default that's completely normal I wouldn't worry about it if there is an error make sure that you resolve the error but generally speaking if you follow it along or just doing this for the first time it's just gonna give you just a few new errors and everything else is fine so I'm gonna hit install and while that's happening I'm gonna pause the video all right we're back the Active Directory domain services has just completed installing and I've just logged on to the computer we can now open up tools and let's open up Active Directory users and computers okay in this node you'll be able to manage organizational units which are basically containers for users and computers so I'm going to go ahead and create under our domain name I'm going to create a new oh you know use an organizational unit and I'm just going to call it lab an under lab I'm going to create another Co you users and then another oh you for computers it's going to be important for you to separate users and computers because group policies generally apply either to computers or to users not not by default to both so I'm going to separate those out and then I'm going to create a new user for myself because I don't want to be logging in as the local administrator I'm gonna call its George alright I'm gonna get myself a password I'm gonna make sure I do not have to change the password at next logon and since this is a lab my password is not going to expire as you can see a common theme in my videos is that I always mess up the passwords alright and then I'm gonna go ahead and double click on myself under the member of tab I'm gonna make myself a domain admin ok that means that I'll be an administrator to every computer or server that I log into so I apply that change and now every computer that has domain joined I can use that user account to log in so I'm gonna go ahead and log off as the administrator and log in as myself alright great that works so now we're going to do a couple of things we're going to configure DNS essentially when you install Active Directory domain services it installs the DNS server role as well because Active Directory does not work without DNS so we're going to check the forward look up zones you can see there is our domain everything that we domain join is going to show up in here you can see the domain controller already has an entry so I'm gonna go ahead and check the forwarding the forwarders dns forwards when I select the lab dc1 server right click and select forward you can see 8.8.8.8 is already because that was the DNS of the computer before I promoted it to a domain controller I'm going to edit this select pink dye ink up Florida or as a backup just to have to essentially if you're not familiar with DNS I would suggest you look up another video for that this is not a video that explains DNS but if you don't have any forwarders and if your root hints are not enabled if you domain join a computer and try to access Google comm and your domain controller doesn't know what Google com is it's gonna fail with a forwarder that allows it to forward the requests that it doesn't know out to these addresses and if these don't know it they'll use rubens but we're gonna have enabled and forwarders and here with as well so that's good then the next thing that we're gonna do is we're actually gonna create a reverse lookup zone the reverse look up zone will be important for us if we're gonna do an nslookup it's not configured by default and it's pretty straightforward to configure just go through the properties all defaults I'm gonna give it the IP address scheme that we're using one eye to it all is this a dot two and everything here is default and in here I'm now going to find my domain controller and I'm going to go to properties and update the pointer record a pointer record is the reverse lookup Rickard okay and we'll I'll demonstrate how that works next now what I'm gonna do is I've created under virtual machine for a client operating system which is here and I would like to show you how this works but first things first if I can if I enable the internet it's not gonna get an IP address right so this could be in a different video but I'd like to just add here real quick we're gonna just do a quick configuration of DHCP server so let's open up server manager we're going to go back to add roles and features we're gonna select the domain controller server and we're going to install the DHCP server role everything is default again if we have to restart let's go ahead and do that and let's select install and again I'm going to pause the video while this installs not be right back alright that just finished installation and again we're seeing that we need to configure so let's close and go to our notifications and complete the DHCP configuration this steps pretty straightforward it's just going to be all the defaults I'm a domain admin so I can use my credentials that's pretty much that's pretty much it so under tools we cannot open DHCP ok under DHCP we're gonna see our DHCP server which is the domain controller and under ipv4 since that's what I'm going to be using primarily I'm going to create a new DHCP scope what that means is that when a new computer connects to the network it's gonna look at the scope and is going to connect to a pool of addresses that are inside of that scope so let's select ipv4 right click on it and select new scope I'm gonna give this movie better color default scope and the description is going to be 180 mm 6 8 2 dark X since the X is the value that's going to change starting at the address will be on into dolmen six 8 cups we've got 20 and 192.168 up to the two five four and i'm starting at 20 because I want the first 20 addresses to be available to me for anything that's X I guess server related that I don't want having a DHCP address exclusions and delays we're going to leave that blank these duration is going to be blank I'm sorry it's gonna be defaults it's going to be the 8 hours 8 days since again this is a lab I don't really care and DHCP options we do want to configure those so let's select next the default gateway you should know what that is it's fine to go in 6 8 to 1 if you've been following along or if this is your video or your network give it the router since we have a domain controller we're gonna make the parent domain as lab local and the DNS server that's going to be given out to the computers on the DHCP that are given DHCP addresses the DNS address is going to be 192.168 2.3 this is gonna be nice because every computer that joins automatically I'll be able to domain Jordan without having to manually change the DNS address I'm not going to be adding a secondary here you could if you have multiple DNS servers or domain controllers in our case I don't so when server I'm going to leave that blank and I do want to activate this scope okay so now you can see that the scope is active and you can see there's a little green checkmark under ipv4 so this the server is authorized and it's enabled all right so let's go here's our client virtual machine it's just running Windows 10 I'm gonna go ahead and and enable and you can see that it's already picked up the domain name right so if we look at the properties let's double click you'll see the details 192.168 to which is the first address in my scope and if I look at the dress leases there it is very good so now what we're going to do is we're going to join this computer to the domain it's right here to change its domain or workgroup membership I'm gonna rename it lab client 1 and the domain is lab I'm going to give it a name that I created alright there we go we've joined a computer to the DOE alright now I'm going to go ahead and restart this and while that's restarting will pull up the domain controller again and we'll look at Active Directory users and computers and you'll see under the computers there it is lab client1 now I'm going to go ahead and do a quick organizational tasks and I'm going to put that computer into the ou4 computers all right so now that I have a new domain joint computer what I can do is I can select other user I can type in my password and now I've signed into a computer a different computer with my same credentials this is kind of the benefit or this is the benefit of using Active Directory we have centralized management of users and computers and I'm going to show you one more thing that's really neat about Active Directory and that's a group policy group policy is a pretty basic thing it's just applying settings to all the computers that we specify but there are a lot of settings and when you're looking at group policy at first it could be overwhelming but just give it time and eventually you'll you'll learn the ins and outs and you will be familiar what I'm gonna do is I'm going to create a very basic group policy for mapped drives so let's say I want all my users who sign in to the domain so a domain account to have a shared drive so they can all share files ok let's go ahead and first of all create that share I don't have a lot of space here but that doesn't matter this is just going to be a demonstration I'm gonna create a new folder under the root of the C Drive and again this is all just a demonstration you don't have to do it like this I'm going to share it I'm going to give everyone share permission then specify more advanced permissions under the security NTFS permission so I'm going to disable inheritance I'm going to remove all objects we're going to give a system full control I like to do that in case there's a some app that means access I've had trouble with Dropbox in the past where Dropbox wasn't able to scan a folder or I apologize not dropboxes CrashPlan and allowing system access to the folder or crashing crash plan was able to access it I'm gonna give certain users which is the default group that all domain users are a part of when you give them full control I'm not creating any security groups because this is just a basic demonstration alright good and then this I'm just going to create a text file and save that file and now we should be able to access it by going to lab dc1 share there it is so I'm gonna copy this path I'm gonna go ahead and open up the group policy management console and expand our domain and I'm gonna go ahead and drop this domain under the users oh you the groovy mapdrives group policy is a user setting it's not a computer setting so we need to make sure that we add that GPO to the oh you that contains the users so I'm going to select create a GPO in this domain and link it here we're gonna call this one map tribes this is just telling you that all the changes that you make to the GPO here are global to all the group policy gpo's that are from app drives essentially I guess what that means is creating a group policy here creates the object here and if you link it somewhere else that chain that will change there too since the the same of the same group policy gets linked in multiple places if that's how you want to do it so if I apologize if that doesn't make sense I can review the video and make sure that makes sense so I'll right-click on this and select edit and you can see that there's a computer configuration and a user configuration we're going to expand users preferences and window settings here's the setting for Drive Maps we're going to right-click in the open area and select a new mapped Drive the location is going to be share the location is going to be the network location I'm going to label this as shared I'm going to tell it to use the S letter for shared drive all right apply very good so that's there that's applied now what I'm going to do on this computer is sign out sign back in and you can see the shared drive shows up automatically I've closed out of a few things here we could try on this machine you can see that the drive is not there let's do a new policy update and you can see there it is there's the shared drive and you can see that if I make a new folder on this computer there you go it's automatically there on that folder so in a nutshell that's how you configure Active Directory that's how you configure DNS DHCP and how to create a basic group policy object I wanted to show one more thing that we set up in the beginning of the video we set up the reverse look up zone and I wanted to show you exactly why we did that when you are on a different computer or on any computer really that's I'm part of the domain part of that DNS server we can paint right so we can do a pain lab dc1 right and when we do a pain we know the name for example in this case and pain gives us the IP address now what if you were troubleshooting something you're going through some logs and you're getting a hostname so you only know the sorry not the house thing you know the IP address so let's say you just have 192.168 to three and you have no tools at your disposal to figure out what the host name of that is the host name word maybe in this case help you figure out how to solve the problem so what we're gonna do is we're gonna use a tool call in us look up and you can see since we configured the reverse look up zone the server is coming up correctly if this was not here this would be unknown and we can replicate that by essentially stopping the DNS server to launch nslookup who's going to see it's going to take a little longer and it looks like this unknown and all the nslookup entries are going to fail so i'm going to go ahead and restart that DNS server and when we do nslookup you can see that the DNS server shows up and now let's say I know the IP address I could type in line to that 1 6 8 2 3 and that's going to give me the full host name or I know this IP address lab client 1 that's essentially why nslookup is that's what nslookup does and that's why it's important to have a reverse look up zone

Info

Channel: George Babichev

Views: 44,059

Rating: 4.9200001 out of 5

Keywords: AD, Active Directory, DNS, DHCP, George Babichev, Babichev

Id: F6f5xWLNTiQ

Channel Id: undefined

Length: 22min 44sec (1364 seconds)

Published: Sun Oct 23 2016