[Best_Wordpress_Gallery id=”1″ gal_title=”Active Directory Tutorial”]
This is still a work in progress. However I’ve included the above slideshow of a successful run through. I’ll be translating my screenshots into the tutorial below.
1 server : AD Controller (10.0.0.2)
1 Server : DNS/DHCP Server (10.0.0.1)
1 Server : AD Client (10.0.0.100)
Private networking (using 10.0.0.0/24)
On AD Controller:
Go to the Control Panel > System > Change name of computer. Call computer “addc” for AD Domain Controller. For now we won’t mess with the Domain yet. Close, reboot server.
Go to Server Manager > Manage > Add Roles > install the Active Directory.
After installation, it may take some time, the Flag in SErver Manager should appear for “Post Deployment”. You have to Promote this computer to becoming a Domain Controller.
Select Add new Forest
Root domain: “dankedonuts.lan”
Set a Directory Services Restore Mode password.
Our new NetBIOS name is “dankedonuts”
Follow prompts and click install when prompted.
The server will reboot again to confirm all changes.
Now we have an Active Directory, but it’s useless unless we can get others to join. Let’s get the DNS server running.
Set the name for this server as “dns” so we can figure it out in AD later. Use WorkGroup rather than domain for now.
For Active Directory domains to work, your main domain needs to have an SRV record like _ldap._tcp.dc._msdcs.mydomain.com. For our case, it’ll be _ldap._tcp.dc._msdcs.dankedonuts.lan.
Lets get the Roles. By default, DNS roles are installed, but if you go to Server Manager > Tools and you do NOT see DNS, then you’re missing some features. Click Manage > Remove Role and uninstall the DNS Role. After it’s done, you do NOT have to reboot, just go ahead and re-add the DNS role. Once that completes, reboot.
Now we can configure the DNS Manager. I’m not going to lie, Windows DNS is a PoS compared to Linux, so I have screenshots of my configuration. Basically:
-Server Manager > Tools > DNS
-Expand DNS, Expand Forward Lookup Zones.
-Right click on Forward Lookup Zones > New Zone > Primary > set the domain as "dankedonuts.lan"
-When complete, rightclick on dankedonuts.lan > New Domains > "dc._msdcs" as the name.
-Expand "dankedonuts.lan" > expand "_msdcs" > right click "dc"
-Click "Other New Records..." > choose SRV > Protocol = ldap > Click OK.
Go back to dankedonuts.lan's level and add Host(A) records for dns, addc, and (same as parent folder).
Now we should have the records we need, but since we’re the Nameserver, and this is a “fake” domain, lets change our Preferred DNS Provider to being either 127.0.0.1 or 10.0.0.1. Either way, we want to be able to do an “nslookup dankedonuts.lan” and we should get 10.0.0.2. Also do a “ping -a 10.0.0.2” and ensure that addc responds.
If so, then we’re ready to go back to the Control Panel > System and change the Domain to “dankedonuts.lan”. If all is successful, it should ask you for an Active Directory username. By default, the Administrator of the ActiveDirectory server should work, but instead, let’s create a user for this server.
Back on AD Server, go to Server Manager > Tools > “Active Directory Users and Computers”.
Expand “dankedonuts.lan” > goto Users > right click in the blank area to create a new user. Name it “dnsadmin”, give it a password, and click okay.
Go back to the DNS server
Now we can input the new credentials and successfully join the Domain.
Now let’s start taking care of the DHCP side of things. One of the first tasks of a Network Administrator is to really think about how he’s going to assign IP Addresses. For this example, we’re going to use just a small sample of 10.0.0.100 – 10.0.0.254 for clients. Later we can expand to include more and make our PNetwork even larger.
Server Manager > Tools > DHCP
Expand “dns.dankedonuts.lan”Right click “IPv4” and click “New Scope”
Name it whatever you want, set the range 10.0.0.100 to 10.0.0.254
Don’t exclude anything
Set all the router/wins/ etc IP to 10.0.0.1 (our DHCP server’s IP) and remove any public IPs.
When you’re done, rightclick “dns.dankedonuts.lan” and click “Authorize”.
Now we’re ready to assign our first client!
On the Client Server, configure the Ethernet1 to use the following:
Add 10.0.0.1 to “Default Gateway”
Add 10.0.0.1 to “DNS server addresses”
Add 10.0.0.1 to WINS addresses
Open up Powershell/CMD and do “ipconfig /release Ethernet1”
Verify that Ethernet1 has been assigned to a 10.0.0.100-254 address.
Now go to Control Panel > set any name for this computer and join the domain. Nothing special to do.
By now, everything is set up and good to go.
In the AD Controller, go to Server Manager > Tools > Active Directory Users …
Go to Computers and you should see our Client and DNS server.