-
8/12/2019 20410B_02
1/23
MicrosoftOfficial Course
Module 2
Introduction to Active DirectoryDomain Services
-
8/12/2019 20410B_02
2/23
Module Overview
Overview of AD DS
Overview of Domain Controllers
Installing a Domain Controller
-
8/12/2019 20410B_02
3/23
Lesson 1: Overview of AD DS
Overview of AD DS
What Are AD DS Domains?
What Are OUs?
What Is an AD DS Forest?
What Is the AD DS Schema?
-
8/12/2019 20410B_02
4/23
Overview of AD DS
Physical components Logical components
Data store
Domain controllers
Global catalog server
RODC
Partitions
Schema
Domains
Domain trees
Forests
Sites
OUs
AD DS is composed of both physical and logical components
-
8/12/2019 20410B_02
5/23
What Are AD DS Domains?
AD DS requires one or more domain controllers
All domain controllers hold a copy of the domaindatabase which
is continually synchronized
The domain is the contextwithin which user, group,
and computer accounts arecreated
The domain is a replicationboundary
An administrative center for
configuring and managingobjects
Any domain controller canauthenticate any logon inthe domain
-
8/12/2019 20410B_02
6/23
What Are OUs?
Organizational Units Containers that can be used to
group objects within a domain
Create OUs to:
Delegate administrativepermissions
Apply Group Policy
-
8/12/2019 20410B_02
7/23
What Is an AD DS Forest?
adatum.com
Tree Root
Domain
Forest RootDomain
atl.adatum.com
fabrikam.com
-
8/12/2019 20410B_02
8/23
What Is the AD DS Schema?
The Active Directory schema acts as a blueprint for AD DS
bydefining the attributes and object classes such as:
Attributes
objectSID
sAMAccountName
location
manager
department
Classes
User
Group
Computer
Site
-
8/12/2019 20410B_02
9/23
Lesson 2: Overview of Domain Controllers
What Is a Domain Controller?
What Is the Global Catalog?
The AD DS Logon Process
Demonstration: Viewing the SRV Records in DNS
What Are Operations Masters?
-
8/12/2019 20410B_02
10/23
What Is a Domain Controller?
Domain Controllers
Servers that host the Active Directory database(NTDS.DIT) and
SYSVOL
Kerberos authentication service and KDC servicesperform
authentication
Best practices:
Availability: At least two domain controllers in adomain
Security: RODC and BitLocker
-
8/12/2019 20410B_02
11/23
What Is the Global Catalog?
Domain B
Domain A
Configuration
Schema
Domain A
Configuration
Schema
Domain B
Configuration
Schema
Domain B
Configuration
Schema
Global catalog:
Hosts a partial attribute set forother domains in the
forestSupports queries for objectsthroughout the forest
Global catalog server
-
8/12/2019 20410B_02
12/23
-
8/12/2019 20410B_02
13/23
Demonstration: Viewing the SRV Records in DNS
In this demonstration, you will see how to use
DNS Manager to view SRV records
-
8/12/2019 20410B_02
14/23
-
8/12/2019 20410B_02
15/23
Lesson 3: Installing a Domain Controller
Installing a Domain Controller from Server
Manager Installing a Domain Controller on a Server
CoreInstallation of Windows Server 2012
Upgrading a Domain Controller Installing a Domain Controller by
Using Installfrom Media
-
8/12/2019 20410B_02
16/23
Installing a Domain Controller from Server Manager
Installing a Domain Controller on a Server Core
-
8/12/2019 20410B_02
17/23
Installing a Domain Controller on a Server CoreInstallation of
Windows Server 2012
Use the dcpromo /unattend:D:\answerfile.txtcommand
to perform the unattended installation. The following is
anexample of text from the answer file:
[DCINSTALL]
UserName=
UserDomain=
Password=SiteName= This site must be created in advance in the
Dssites.msc snap-in.
ReplicaOrNewDomain=replica
ReplicaDomainDNSName=
DatabasePath=""
LogPath=""SYSVOLPath=""
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=
RebootOnCompletion=yes
-
8/12/2019 20410B_02
18/23
Upgrading a Domain Controller
Options to upgrade AD DS to Windows Server 2012:
In place upgrade (from Windows Server 2008 or WindowsServer 2008
R2)
Benefit: Except for the prerequisite checks, all the files
andprograms stay in-place and there is no additional
workrequired
Watch for: May leave legacy files and DLLs
Introduce a new Windows Server 2012 server into thedomain and
promote it to be a domain controller
This option is the usually the preferred choice
Benefit: Result is a new server with no accumulated files
andsettings
Watch for: May need additional work to migrate users
filesettings
Installing a Domain Controller by Using Install
-
8/12/2019 20410B_02
19/23
Installing a Domain Controller by Using Installfrom Media
-
8/12/2019 20410B_02
20/23
Lab: Installing Domain Controllers
Exercise 1: Installing a Domain Controller
Exercise 2: Installing a Domain Controller byUsing IFM
Logon Information
Virtual machines 20410B-LON-DC1 (start
first)20410B-LON-SVR120410B-LON-RTR20410B-LON-SVR2
User name Adatum\AdministratorPassword Pa$$w0rd
Estimated Time: 45 minutes
-
8/12/2019 20410B_02
21/23
Lab Scenario
A. Datum Corporation is a global engineering and
manufacturing company with a head office based inLondon,
England. An IT office and a data center are
located in London to support the London location and
other locations. A. Datum has recently deployed a
Windows Server 2012 infrastructure with Windows 8
clients.
You have been asked by your manager to install a new
domain controller in the data center to improve
logonperformance. You have been asked also to create a new
domain controller for a branch office by using IFM.
-
8/12/2019 20410B_02
22/23
Lab Review
Why did you use Server Manager and not
dcpromo.exe when you promoted a server to be adomain
controller?
What are the three operations masters found ineach domain?
What are the two operations masters that arepresent in a
forest?
What is the benefit of performing an Install From
Media (IFM) install of a domain controller?
-
8/12/2019 20410B_02
23/23
Module Review and Takeaways
Review Questions
