Free Essay

Active Directory Setup

In:

Submitted By Delpiero
Words 725
Pages 3
Server Configuration
Installation of operating system * Install Windows Server 2008 R2 to both the Adelaide server and Mt Gambier server. * The Adelaide server is to be named IT101ADLSrv01 and Mt Gambier is IT101MTGSrv01

Install and configure AD DS * Domain name: ITtraining101.com * Adelaide is to be configured as the writable domain controller whilst Mt Gambier is to be configured as a read-only domain controller.

Adelaide AD DS configuration
Mt Gambier AD DS configuration

DHCP * Install DHCP role on both servers. * Create a scope on the Adelaide server of 10.70.52.51 – 10.70.52.150.
DNS
* Install and configure DNS role on both servers. * Create a forward lookup zone on IT101ADLSrv01 server named ITtraining101zone.com.

Sites * This is to be done on the IT101ADLSrv01 server * The sites to be created are IT101ADLSite and IT101MTGSite. * A site link named IT101ADL_IT101MTGSiteLink is to be created between them with a replication schedule of 30 minutes. * Create a subnet for each site

HDD configuration * Setup RAID 5 on 3 hard drives. * This RAID drive is to be assigned the letter E:// and called UserData. * Create 3 folders- Management Admin Training * Two more folders, userdata and userprofiles will be created on the E: drive.

OUs/Users/Groups
The OUs that were created were: Top Level OU | OUs | Staff | Admin | | ICTstaff | | Lecturers | | Management | Students | Cisco | | ITsecurity | | Microsoft | | RedHat | | VMware | * Groups to create: AdminGroup, ICTGroup, LecturerGroup, ManagementGroup, StaffGroup, StudentGroup * Users: 2 staff, 2 student and 1 ICT administrator account were created. The properties of these accounts are as follows:
Student Account: First name: Microsoft Last name: 1 Logon: microsoft1@ITtraining101.com Description: Microsoft student user account Member of: StudentGroup
This account is placed in the Microsoft OU.
Student Account: First name: Cisco Last name: 1 Logon: cisco1@ITtraining101.com Description: Cisco student user account Member of: StudentGroup
This account is placed in the Cisco OU.
Staff Account: First name: Joe Last name: Rossi Logon: jrossi@ITtraining101.com Member of: StaffGroup. ManagementGroup
This account is placed in the Management OU.
Staff Account: First name: Mary Last name: Smith Logon: msmith@Ittraining101.com Member of: StaffGroup, LecturersGroup
ICT Account: First name: Tim Last name: Jones Logon: tjones@ITtraining101.com Member of: StaffGroup, ICTGroup
This account is placed in the ICTstaff OU. * All staff user accounts are also to have other details placed in them such as title, company address, department etc. * The profile path for all accounts is E:\\IT101ADLSrv01\userprofiles\%username% * The home drive path for all accounts is E:\\IT101ADLSrv01\userdata\%username%
User data/permissions

Folder | Group | Permissions | Admin | ManagementGroup | W, M, R | | AdminGroup | W, M, R | | DomainAdmin | FC | Management | ManagementGroup | W, M, R | | DomainAdmin | FC | Training | ManagementGroup | W, M, R | | AdminGroup | W, M, R | | LecturerGroup | W, M, R | | StudentGroup | R, RE, L | | DomainAdmin | FC | * Create a quota limit of 1GB with a warning at 900MB.

Group Policies * A group policy was created each for staff and for students. * The Staff_Password_GPO to be linked to Staff OU and has the following settings: * The Student_GPO to be linked to Student OU and has the following settings:

Workstation Testing * Confirm that a client machine can join the domain and network shares can be accessed

Server Backup * This is to be done on the IT101ADLSrv01 server. * Add a new drive, create a simple volume, call it BackUps and assign it the letter F: * Create two folders: DataDrivebackup and SystemStateBackup with DomainAdmins to have Full Control * Install Windows Server Backup Feature * Configure the Data Drive backup as follows:
Backup option: Different
Backup configuration: Custom
Backup item: UserData (E:)
Backup destination: \\IT101ADLSRV01\DataDriveBackup
Backup every night at 10pm * Configure the System State Backup as follows:
Backup option: Different
Backup configuration: Custom
Backup item: System state
Backup destination: \\IT101ADLSRV01\SystemStateBackup
VSS backup: Full
Create a daily backup but then go to Task Scheduler, find the backup folder and the system state backup that was created then edit the triggers in the properties to schedule the backup to occur weekly. * Setup Volume Shadow Copy on the E: drive to start every day at 7:00am and to occur every five hours (stopping at 10pm) every day.

Appendix
Benchmarking Server
System tests were performed with PassMark Performance Test to benchmark the server. The results achieved are shown below:
PassMark rating is 1461
CPU Mark: 8543
2D graphics mark: 693
3D graphics mark: 253
Memory Mark: 2240
Disk Mark: 1357

Similar Documents

Free Essay

Nt2670 - Installation and Configuration of Ms

...least 5 times plus watching another to come to the conclusion listing the steps to get sound understanding since I couldn’t complete the final two labs. Pre-Installation Checklist Make sure you have all of the following steps in place before you setup Exchange Server 2010 on Windows Server 2008 R2 64 Bit and this is for a small office for both the Active Directory and the Exchange Server. But if you have a larger office you may want to consider separating the Active Directory machine and the Exchange 2010 Server. Install Windows Server 2008 R2 64 bit version Exchange 2010 is a 64 bit application and requires 64 bit versions of Windows Server 2008; therefore only a computer capable of running the 64 bit version of 2008. Once that is done named the server (mailitsupport.com), set the clock and it’s configured to be a stand alone with default settings. Configure Your Static IP Address The default installation of Windows 2008 sets your IP v4 and IP v6 addresses to use DHCP.  Since we will be configuring this computer to be a domain controller, you must change the IP address of the computer to be a static IP address which should be done via View Network Connections" in the Server Manager screen.  This will display the list of active network interfaces. a. Double click on your network adaptor to display the adaptors status. b. Press the Properties button. c. Highlight "Internet Protocol Version 4 (TCP/IPv4)" and then press the Properties button. d. Change the radio button...

Words: 2240 - Pages: 9

Premium Essay

Windows Server Proposal for Worldwide Advertising Inc.

...Sunday, October 30, 2011 Windows Server Proposal For Worldwide Advertising Inc. Below is a project for my Windows Server Administration Course. This was the first course of the kind I have taken.  Let me know what you think.  Summary Servers are the backbone of an organization. The implementation and configuration of a server network can determine the prosperity or failure of a business. After reviewing the needs of Worldwide Advertising Inc., I have come up with what I think is the best solution.  I will be covering infrastructure server roles such as:  DHCP and DNS, which work behind the scenes, to the application servers which give life to your advertising dreams.  I have prescribed an active directory schema that will require effortless management. I have proposed a File and Sharing implementation that suites a growing enterprise as well as state of the art data storage. I have also noted some preliminary estimates of scheduling and manpower required for the solution. Deployment and Server Edition             Throughout the infrastructure the most advanced server operating system, Windows Server 2008 R2, will be used. Enterprise edition will be leveraged on all servers, because it has 4 virtual licenses per OS. To increase reliability and security Server Core will be on all servers. There will be a total of 10 servers for the Worldwide Advertising Inc. internal network. The majority of the servers will be managed from the Los Angeles main office while four servers...

Words: 2342 - Pages: 10

Premium Essay

Assignment 2-2 Cyber Security

...Course CS 3118 Professor: Milan Samplewala Date: September/ 11/2015 Interest of Active Directory (AD) Ken 7 Windows Limited software has provided you with innovation for organizational employee setup by roles. The software provides six roles you can choose from in order to identify your candidates. Making your operation more secure and efficient to manage your operation and protect restricted data. There is an extensive advantage to Active Directory that will be explain in detail to further questions you have provided our team to answer. We can see your operation has been split into groups of accounting, planning, and purchasing. We would like to add Active Directory to your operation making your business more secure and easier to manage. Creating users with Active Directory While creating existing users for your operation, we will begin the process by entering your Active Directory. User will be created in a file with multiples candidates and groups. User will be setup in an organized fashion as explained in this is example, • Name of File: Shopfoor • Users name: SFUser • Users Last: 01 • Users Log In: SFUser01 Once creating the user through Active Directory, they will be provided with specific instructions to create a password. Lengths, Maximum letters, and more categories that will make the password complex enough to avoid vulnerabilities. These are the six basic roles that the (ERP) software will be proving you to identify candidates for your operation...

Words: 670 - Pages: 3

Free Essay

Nt1330 Unit 4 Assignment 1

...NT1330 Unit 4 Assignment 1. AD Design Replication Scenario AD Design Replication Scenario To whom it may concern: I am the IT Administrator for the company and I have been asked to give my recommendations for the Active Directory Replication Design of the two new Branches. The first I can recommend for you is that all the information that is needed for each new site is correctly documented and added to the Root Active Directory through the Active Directory sites and services. This is done because the Root AD automatically builds the inter-site replication topology based on the information provided about the new site connections. Each new site’s AD will have one each domain controller that is known as the inter-site topology generator and they are assigned to build the topology at their sites. To add two new branch offices we will need to find a strategy to design a replication process. To implement this we will need to use inter-site replication. Inter-site replication is needed when adding domain controllers located in different sites. We will also need a site link (Site link is a logical, transitive connection between two sites that allows replication to occur) protocol of Remote Procedure Call (RPC) over Internet Protocol (IP) which is the preferred choice for the replication process. This allows you to communicate with network services on various computers and also keep data secure when being transmitted by using both encryption and authentication...

Words: 580 - Pages: 3

Premium Essay

Nt1330 Unit 1 Assignment

...Window Deployment Services (WDS) will be used to enable remote Windows Operating Systems deployments. WDS will give the administrator the ability to deploy an operating system over the network rather than installing an OS directly from a CD-ROM or DVD (Zacker, 2014). In an Active Directory environment, group policies are the main component of network security. Deploying applications through the Active Directory cane be done through the use of group policies, and therefore applications are deployed either on a per user basis or on a per computer basis (Tulloch, 2012). Being that we have AD, we will be able to create group polices based on your companies requirement and deploy them to both of your...

Words: 1105 - Pages: 5

Premium Essay

Domains

...Active Directory Group Policy Objects (GPO) are a boon to all Windows Active Directory administrators for managing Active Directory Users, computers and groups easily and quickly. But with only the native AD tools, PowerShell, etc. administrators have to spend quite an amount of time in managing the Group Policy Objects. ADManager Plus is a web-based Active Directory Management and Reporting software that helps administrators in managing the Group Policy objects of multiple domains, with just mouse-clicks and UI based actions. This software also provide pre-built Group Policy (GPO) Reports to fetch Group Policy related information swiftly. This Active Directory management tool also helps in Microsoft Exchange Server Management and Reporting. With ADMnager Plus, in just a single click, administrators can: * Enable/Disable multiple Group Policies * Mass manage GPO links: Enable/Disable GPO Links, Add/Remove GPO Links * Enforce multiple GPOs / Make them Unenforced * Block or Unblock GPO Inheritance for any Domain/Organizational Unit (OU) Further, administrators can also get to know instantly, * The status of all the GPOs available in a Domain * All the Domains/Organizational Units (OU)/Sites that a GPO is linked to * All the GPOs that are linked to any specific Domain/OU/Site Enable GPOs / Disable GPOs With this feature, administrators can enable or disable all the required GPOs in any domain, in one single action instantly. Further, if needed, administrators...

Words: 2762 - Pages: 12

Free Essay

Assessment Questions It

...Lab #3 – Assessment Worksheet Identify & Classify Data for Access Control Requirements Course Name & Number: IS3230 ______________________________________________________________ Student Name: Heather Young ______________________________________________________________________ Instructor Name: MR. Gibbs _____________________________________________________________________ Lab Due Date: Jan. 2014 _______________________________________________________________________ Overview This lab provides the student with the opportunity to develop a data classification standard with procedures and guidelines to classify data access based on the job responsibilities – not an organizational position. In this lab, students aligned a data classification standard with the job function and roles that are required to access specific data. This alignment allows access controls policy definition to be properly implemented throughout the IT infrastructure to mitigate risk from unauthorized access. Lab Assessment Questions & Answers 1. What is the Data Classification Standard used in the U.S. Department of Defense (DoD)/Military?Google “Data Classification Standard + DoD”. Summarize the different data classifications. Top Secret- highest level of information sensitivity Secret- information that would cause serious damage, most common classification level Confidential- Is the lowest of sensitivity. This information may only be handled by personnel with a clearance, may...

Words: 993 - Pages: 4

Free Essay

Lixux Lab

...RESOLVER The complete DNS name for a particular computer is called its : FULLY QUALIFIED DOMAIN NAME In a _________ query, the DNS server receiving the name resolution request takes full responsibility for resolving the name. RECURSIVE In an ___________ query, the server that receives the name resolution request immediately responds with the best information it possesses at the time. ITERATIVE If you plan to run Active Directory on your network, you must have at least one DNS server on the network that supports the _________ resource record. SRV The ___________ standard enables Active Directory domain controllers to create their own SRV resource records. DYNAMIC UPDATES A _________ is an administrative entity you create on a DNS server to represent a discrete portion of the DNS namespace. ZONE _____________ is often used to verify the configuration of DNS zones. NSLOOKUP The advantage of Active Directory-integrated zones is ______________. DNS ZONES ARE AUTOMATICALLY REPLICATED ALONG WITH ACTIVE DIRECTORY This type of zone creates a duplicate of a primary zone on another server. SECONDARY ZONE File Systems/ Print Management _________ Replication is a multimaster replication engine that can create and maintain copies of shared folders on different servers throughout an enterprise network. DFS This converts print jobs generated by applications into a string of commands for a specific print device. PRINTER DRIVER ...

Words: 418 - Pages: 2

Premium Essay

1. Relate How Windows Server 2008 R2 Active Directory and the Configuration of Access Controls Achieve C-I-a- for Departmental Lans, Departmental Folders, and Data.

...Active Directory provides many benefits to administrators including group management, organizational management, trust relationships, and node/application replication. Group management is made simple with Active Directory. There are two types of groups in Active Directory, distribution and security. Distribution groups are used solely for email purposes, and all members of a certain department or team are get grouped together. For example, the finance department of a company typically only communicates with other members of that same group. An Active Directory distribution group allows all members of the finance department to email without having to type every individual name in the email. Security groups are used to provide or deny access to users or devices to shares, files, or even other devices, these are called security permissions. Security permissions can be added to any distribution or security group, however email cannot be sent to a distribution group. Active Directory allows administrators to designate network users as owners or delegates of other security or distribution groups, to be updated as needed. Organizational management is made possible through the use of Organizational Units aka OU’s. Basically, OU’s allow users, computers, or devices on the same network to be grouped together to best fit the Companies needs. This makes searching for or accessing a device, user, or group far less complex than if all domain items were listed together. For example, the...

Words: 705 - Pages: 3

Premium Essay

Fsmo Role Ayer Nate Method

...place FSMO and Global Catalog roles in Active Directory During installation of Active Directory on a Windows Server 2000/2003/2008 all FSMO roles will automatically be installed on the first server. But Best Practice dictates to move some of theese Flexible Single Master of Operation (FSMO) roles to seperate servers. If you only have one domain controller (not recommended), there is nothing to do since all roles must be on this server, but if you have multiple servers you should move some of theese roles on to more servers. It is also important to be aware of what servers are Global Catalog servers, especially if you have more than one domain and even if only one domain, they will be prefered by applications like Exchange server. It is recommended to place the forest roles on one Domain Controller (DC) and the domain roles on another server. If not all Domain Controllers are Global Catalog servers, it is also important to place the infrastructure master on a server that is NOT a Global Catalog server. Recommended Best Practice setup of FSMO roles. Domain Controller #1 Place the two forest roles on this server. * Schema Master * Domain Master Domain Controller #2 Place the domain roles on this server. * RID Master * Infrastructure Master * PDC Emulator If more domains exist in the forest, place the domain roles on a server in theese domains like Domain Controller #2 Global Catalog configuration. In Windows 2008 Active Directory all Domain Controllers are by default...

Words: 10360 - Pages: 42

Free Essay

Executive Summary Report

...Executive Summary Report Active Directory stores information about network components. It allows clients to find objects within its namespace. The term namespace (also known as console tree) refers to the area in which a network component can be located. For example, the table of contents of this book forms a namespace in which chapters can be resolved to page numbers. DNS is a namespace that resolves host names to IP addresses. Telephone books provide a namespace for resolving names to telephone numbers. Active Directory provides a namespace for resolving the names of network objects to the objects themselves. Active Directory can resolve a wide range of objects, including users, systems, and services on a network. Each object in an Active Directory has a name. These are not the names that you are accustomed to, like "Tony" or "Eric." They are LDAP distinguished names. LDAP distinguished names are complicated, but they allow any object within a directory to be identified uniquely regardless of its type. The local users on the client’s computer will not be affected during domain join. They can still logon on the local machine. Meanwhile, on domain controllers, during the Active Directory Installation, local accounts in the registry-based SAM database are migrated to Active Directory; the existing SAM is deleted; and a new, smaller registry-based SAM is created that is used for starting the domain controller in Directory Services Restore Mode for system repair. You can...

Words: 468 - Pages: 2

Free Essay

What Is an Active Directory

...What is an Active Directory (AD) used for? According to SkillPort®, an Active Directory is an organized collection of computers and related devices that enable users to access a server, store data, and perform specific tasks (Skillsoft SkillPort, 2012). Users often have limited or controlled access to a server that is managed in relation to the tasks they perform and applicable privileges. What are a domain, forest, and namespace? According to SkillPort (2012) a domain consists of a “collection of computers and devices on a network that is controlled and managed as a unit, through common rules and procedures” (Skillsoft SkillPort, 2012). For example, employees of an organization may only have access to specific directories to perform only the tasks allowed on the domain. Administrators have more privileges because of the responsibilities relating to security and data management. It is important to note that several domains can run simultaneously on one network as well. A forest is, as explained in the Skillsoft SkillPort (2012) simulation, as a domain or group of domain trees that exist on a network (Skillsoft SkillPort, 2012). A namespace is a unique identifier for each domain that exists within a network using a parent-child relationship. For example, if the parent domain has a namespace of “mydomain.com” then a child domain could have something like: “domain1.mydomain.com” and so on for each computer or device within that domain. SkillPort describes the security...

Words: 282 - Pages: 2

Premium Essay

Server 2008 for Dummies

...Windows Server® 2008 FOR DUMmIES ‰ by Ed Tittel and Justin Korelc Windows Server® 2008 For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http:// www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission...

Words: 139691 - Pages: 559

Premium Essay

Ms 70-640

...Microsoft 70-640 TS: Windows Server 2008 Active Directory, Configuring Version: 30.6 Microsoft 70-640 Exam Topic 1, Exam Set 1 QUESTION NO: 1 You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Only one Active-Directory integrated zone has been configured in the ABC.com domain. ABC.com has requested that you configure DNS zone to automatically remove DNS records that are outdated. What action should you consider? A. You should consider running the netsh /Reset DNS command from the Command prompt. B. You should consider enabling Scavenging in the DNS zone properties page. C. You should consider reducing the TTL of the SOA record in the DNS zone properties page. D. You should consider disabling updates in the DNS zone properties page. Answer: B Explanation: In the scenario you should enable scavenging through the zone properties because scavenging removes the outdated DNS records from the DNS zone automatically. You should additionally note that patience would be required when enabling scavenging as there are some safety valves built into scavenging which takes long to pop. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088a6bbce0a4304&ID=211 QUESTION NO: 2 You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network...

Words: 34198 - Pages: 137

Free Essay

Simplify and Enhance Management of Windows Server 2008

...Microsoft has introduced numerous administrative tools to simplify and enhance management of Windows Server 2008. One of the functions is Active Directory Federation Services. Active Directory Federation Services (ADFS for short) is a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. In AD FS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity. On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that...

Words: 1556 - Pages: 7