What tools are used in Windows Server 2016 to install Active Directory?
Here are the tools that you need to install Active Directory.
• Active Directory Administrative Center
• Active Directory Users and Computers Snap-in
• Active Directory Sites and Services Snap-in
• Active Directory Domains and Trusts Snap-in
• Active Directory Administrative Center Snap-in
• ADSI Edit Snap-in
• Active Directory Schema Snap-in (Not Registered)
• Active Directory Command Line Tools
• Active Directory Module for Windows PowerShell
During this initial installation, you will need to have the Graphical Management Tools and Infrastructure installed before installing Active Directory Tools. You will be using the Server Manager GUI for this process.
What information is needed for the initial installation involving these tools?
Installing Active Directory Management Tools
1. Open Server Manager
2. Click on the Quick Start panel, then head over to Add roles and features.
3. Under installation type, click role-based or feature-based installation.
4. When prompted with server selections. Click on your server.
5. Server Roles will show up don’t click on anything.
6. Under Features click the arrow t expand it to Remote Server Administration Tools. Then expand the Role Administration and check to mark the AD DS and AD LDS Tools. If it requests to install any roles accept the defaults and proceed.
7. On the Confirmation Page Install the roles.
8. The Server Roles will now install.
9. The newly installed Tools can be found in the Tools tab in Server Manager.
What special considerations exist in terms of having both Windows Server 2008 R2 and Windows Server 2016 servers as DCs?
Some considerations to consider is if the users are authenticating against a 2016 server, then everyone will need 2016 CAL’s. You’ll need to run 2016 in 2008 mode. The reason for this is that they act as a failover. The 2016 capabilities can’t exceed the 2008 counterpart. 2016 can’t then failover to 2003 if a failure occurs. This is a way to save costs.
Case Project 4-2: Active Directory Design
As stated in the question above here are my expert answer and solution to the Active Directory Design.
How many forests, trees, and domains do you recommend?
We can determine the amount of forest by the need of many. Having one forest can be the most inexpensive option and does not require a lot of administrative overhead.
• As well a single forest is the easiest config to manage.
• All objects in one forest are under the global catalog.
• No syncing across other forests is required.
• All trees use the same schema and can use a disjointed namespace.
• Two-way transitive trusts are auto configured between domains within a single forest
The number of trees the company should use:
I believe for each location we should have at least one tree. I believe this so we can utilize the many subnets underneath the tree. Trees contain one or more domains which share a common relationship which includes:
• Domains are shown in a contiguous namespace and can be in a hierarchy
• Two-way trust relationships exist between parent domains and child domains, this creates a trust path.
• Domains in one tree have the same schema
• Domain uses the same global catalog.
How many domains should the company is equal to the amount subnets/location
Do you recommend any sites?
I recommend for all the subnets we have that we have a site for it. This will redirect you to different pages on the website like for our different locations. Here is an example of this design.
Case Project 4-3: Creating OUs
How to create OU and delegate authority between users.
First, an OU stands for organizational unit and offers more flexibility in the resources we manage.
Here are a few guidelines before creating OUs
Microsoft recommends that OUs should be limited to 10 levels or fewer.
Active Directory works use less CPU power when OUs are horizontally instead of vertically. (Same level)
How to create an OU
1. Open Server Manager, and under Tools click Active Directory Users and Computers.
2. Right-click the top domain in the tree Hover over New and click Organizational Unit.
3. Enter the desired name for the OU and click Ok.
4. Click the arrow in front of the domain so you can view the OU just created under the domain
5. Right-Click OU
6. Select Delegate Control
7. Select Next when the Delegation of Control wizard starts.
8. Select Add
9. Select the Advance button
10. Select Find Now
11. Since we have not defined the user account yet, select Administrator. A single Head icon represents accounts and names with a double head icon represent the account groups. Select Ok
12. Select Okay in the Select Users, Computers, or Groups box
13. Select Next in the Delegation of Control Wizard
14. Check the box for Create, delete, and manage user accounts then select Next
15. Double check to make sure every box desired is checked.
16. Close Active Directory Users and Computers window.
Case Project 4-4: Installing Servers at the Outlet Stores
I believe installing Active Directory would be an excellent idea because it will house all the information about the network resources like servers, printers, user accounts, and much more information such as records.
How to install the Active Directory
1. Open Server Manager
2. Make sure the Dashboard is selected
3. Select Add roles and features. Then Click Next
4. In the Select installation type windows, make sure Role-based or feature-based installation is selected. Proceed
5. Ensure your server is selected as the destination server.
6. Select the Active Directory Domain Services box.
7. In the Wizard dialog box the tools will automatically install Click Add Features
8. Double check the Active Directory Domain Services box is checked. Then click next
9. Examine the info about Active Directory Domain Services.
10. In the Confirm window click install. Now, wait.
11. Examine the installation information. There should be no errors and successfully install
12. After installation, we will need to promote the server to a domain controller and configure the AD DS role. Go back to Server Manager. There should be a yellow caution symbol under the title bar Server Manager. Click the exclamation mark and promote the server to a domain controller. The wizard for Active Directory Domain Services Configuration wizard opens.
13. Select Add a new forest. Enter the desired root domain name.
14. Proceed and click the Forest functional level drop arrow. You can select from different forest function levels. You should select the oldest server you have. As this will allow all servers to work together. Previously stated in 4-1.
15. Enter desired password for Directory Services Restore Mode, this is used to restore Active Directory when needed. Confirm Password. Proceed
16. If a warning pops up you must manually configure delegations to the DNS server.
17. Verify NetBIOS name in the Additional Options window
18. In the Paths window leave the database, log files, and SYSVOL folder path as default.
19. Review all selections made. Then Proceed.
20. The wizard will perform a prerequisite check to verify Microsoft’s best practices.
21. Click Install. This may take a few minutes and you will receive any warnings along the way.
22. Click Close and the computer will reboot.
23. Now Active Directory is installed, and you can sign in now.
In conclusion, the reason I recommend this is that all your files are in one container. This groups all the computer files together. This will eliminate the obsolete way of handling data that the company previously used.