In this video, I’m gonna introduce you to Windows Server Active Directory. So let’s define first what an Active Directory is. Active Directory is a collection of services used to manage identity and access for and to resources on a network. . It is used by an administrator to store information about users, assign security policies, and deploy software. It provides network services including LDAP (Lightweight Directory Access Protocol), Kerberos (a ticket granting access that allows communication within a network to verify identities of the users), DNS naming, secure access to resources, and consistent synchronization across peer domain controller and interoperates with other domains/forests. And it also enables single sign-on to all users or SSO.
Now let’s take a look at this structures and objects inside Active Directory.
- First is the Domain, is a logical group of network objects such as computer, users, and devices that share the same active directory database in a single organization.
- Next is the Tree. A Tree is a group of domains that have the same DNS name; for example, houseofit.com.au which is the parent domain. Then webdev.houseofit.com.au and support.houseofit.con.au which are the child domains.
- The third one is the Forest which actually speaks for itself. It is a group of Active Directory tree.
- Next is the Trust Relationships,it is a logical relationship between two Windows domains or within two organizations. Now let me just explain to you what trust does, Imagine you have 2 forests created separately and independently from each other, and then you want to gain access or join the 2 Forests together. So what you would do is to create a Forest Trust between the 2 Forests, and then grant access to all the objects or maybe to some extent only, if you don’t want the other forest to gain full access to all objects. What you’re creating here is a manual trust where you can configure the level of access between the forests. But it only applies to the parent domain, not the sub-domains; although, you can also create other trust relationships for the sub-domains.
Now if you want to create a trust relationship between 2 Forest including the sub-domains, you may as well use Federation. Federation works much like trust relationship, but the difference is that when you implement federation between Forests, it would create a trust relation within each domain including the sub-domains. Federation also provides single sign-on access to systems and applications located across organizational boundaries.
Now that we are done with Active Directory structures, let’s move on to Objects.
- First is the Users, most commonly made in a day to day basis or shall we say an account for each individual.
- The next one is Groups, which very much explains itself, is a group of users having this management of multiple users much easier.
- The next one is the Computer or Workstation, everything in the domain are automatically published within a specific workstation.
- And there’s the organizational Units, these are the container objects since they help to organize the directory and can contain other objects. It will help to organize different departments and help administrator to have a specific policy within different organizations. So it basically works like a folder your desktop.
- And lastly the Site, Site Links. These defines the connection between sites which can indicate the cost of sending data across a network in terms of the available bandwidth. It is a list of two or more connected sites.
In your Server Manager, in the top right corner you can click on:
- Manage and choose Add Roles and Features.
- Then click next.
- Then you’ll be given two choices, the Role-based or the Feature-based installation and Remote Desktop Services installation. You may choose the Role-based or the Feature-based installation and then click next.
- And then select Active Directory Domain Services and click Add Features.
- Then you can just go through with the rest of the steps. Once the installation is completed, you will notice that that you can click on “Promote this server to a domain controller” there, but if you just reflexively clicked close, you need not to worry, you can just go to your server manager, click on the newly added AD DS, then you’ll see a prompt saying “Configuration required for Active Directory Domain Services…”, click more, then promote the server to domain controller.
- For the meantime, because this is our first domain controller, we will just choose Add new Forest. But if you already have an existing domain or forest, you may choose the other 2. Then just type the domain name. Then click next.
- In the next step, you will be asked to choose for the level of functionality, and because this is my first domain, I’ll just use the newest one with the most functionality. But if you have an existing domain from an older version of windows server, you may as well choose the older version this is to avoid compatibility issues.
- Then you’ll need to provide and remember the DSRM password. Then click next.
- In the next step, you can just ignore the prompt for the DNS delegation cause the one we are configuring right now is the parent zone.
- And then you can just go through the rest of the steps in the installation process, unless you have problems with the pre-requisites check (red symbols),you don’t really need to worry about the yellow symbol it’s the red ones that you need to worry about because it won’t let you go through the installation.
And that’s all for the introduction and basic installation of the Active Directory. And that ends the installation tutorial for Active Directory, we will further discuss Active Directory in the next videos. See you!